Antigen Services and Simple Command Line Job Management

* This article was written in the context of Sybari Antigen For SharePoint, a technology now considered deprecated with the introduction of Forefront Security for SharePoint 2010. Variations may exist. *

The Antigen Services
The Antigen Services are what are the backbone of the Antigen framework. By implementing these services within your environment, it not only allows your detection engine to interact with your SharePoint environment, but also allows you to manage processes and other methods related to the client applications.
The two large services that compose the Antigen 8.0 environment are:
  • AntigenService
  • AntigenSP2Service
Antigen Services Breakdown
The first of these services, AntigenService, acts as the mediator on the server, providing functionality to client side applications that are responsible for the configuration of the Antigen processes. It is the most vital service, since it is also responsible for the scanning on the SharePoint server.
The second service, AntigenSp2Service, is the service which converses with the SQL database in order since SharePoint relies on the SQL backend for content storage.
Simple ways to manipulate with the Command Line
Using the command line against the first Antigen service, AntigenService, is perhaps one of the most useful tools. Since the Antigen scan jobs are pretty much what makes the Antigen framework, it is useful to know how to disable and enable these jobs quickly through the command prompt.
Start -> Run -> type cmd -> enter -> navigate to your Antigen directory using the cd prefix
Once there, locate the antigenstarter console application. From here you can load or unload engines using the d/e switch, in other words:
  • Antigenstarter d (disable engine)
  • Antigenstarter e (enable engine)
There are a variety o unload / loads, the parameters to pass with the above command line argument are:
  • 1 – Norman
  • 8 – Sophos
  • 16 CA InoculateIT
  • 32 CA Vet
  • 64 – Command
  • 128 – AhnLab
  • 256 – Sybari
  • 512 – VBuster
  • 2048 – Kaspersky
You can also use these commands remotely against the Antigen instance by using a /RemoteServer suffix at the end of your command.

There are several other command tools, however are tailored around performing Antigen Diagonistics, a subject of another article.