The Forefront Security family of products supports using more than one scanning engine at a time. This is a big advantage, since it adds a significant degree of protection against new threats. This support is coordinated through the Forefront Security Engine Manager, which provides administrators with tools for monitoring the status of installed engines, controlling which engines run, and adjusting the actions Forefront takes when an engine needs to be updated or fails during operation.
Forefront can make use to up to five engines at a time. Perhaps coincidentally, the standard edition of Forefront includes five engines:
- The Microsoft antimalware engine, based on technology Microsoft acquired when it purchased GeCAD in 2004
- The Computer Associates (CA) Vet and InoculateIT engines
- The Norman Data Defense engine
- The Sophos Virus Detection engine
If you buy the Exchange Enterprise Client Access License (CAL), you also get to use four additional engines included only with the Enterprise CAL: AhnLabs, Authentium’s Command Antivirus engine, Kaspersky Labs’s engine, and VirusBuster AntiVirus. During installation, Forefront randomly chooses a set of four engines; administrators can use the suggested combination or pick a different set.
In a future post, I’ll have a lot more to say about which engine combinations make the most sense for different uses.