Thursday, October 16, 2008

Understanding Windows SBS 2008 Anti-Spam/Virus updates

[This post co-authored with Steven Goddard]

Exchange Server 2007, bundled with Forefront Security for Exchange that both come with SBS 2008, you get a lot of protection on your e-mail.  But how does it actually work? Let’s break it down.

With Exchange 2007 only

If you only have Exchange 2007, without Forefront Security for Exchange (FSE), then with SBS 2008, you get the Exchange Standard CAL.  This CAL entitles you to content filter updates that are published every two weeks via Microsoft Update.  You can reference this TechNet article for more information on this.

With Exchange 2007 and Forefront Security for Exchange

If you chose to install Forefront Security for Exchange during SBS setup, you are entitled to more regular updates (You can also do this with an Exchange Enterprise CAL, this is not included with SBS).

When checking multiple times a day, you get the IP Repudiation Service Data (an IP Block list that is offered exclusively to Exchange 2007 customers), spam signature data, as well as the content filter updates.

Make sense? If not here is some extra reading on TechNet.

Note on un-installing: If you choose to un-install FSE after the trial, you are no longer entitled to updates more than every two weeks.  You will have to do this manually.

SBS Specific Information

If you install FSE during SBS setup, then you get the anti-spam updates multiple times a day.  However, FSE asks Microsoft Update, which on your machine is WSUS (if you left it installed).  WSUS only asks the actual Microsoft Update, once/day.  So you are still ahead of the two week standard server, but you aren’t at your multiple-times-per-day, so you may want to consider changing your schedule, if this is important to you.

Data Usage Note: If you pay for bandwidth, it’s important to not that each signature download is roughly 6MB, and with this happening multiple times a day, you could be using more data than your used to.  On the second paragraph of this TechNet article, it talks about how it checks for signatures multiple times per hour.  Make sure to adjust the schedule to meet your needs (and in some places, budget):


Thanks to Philip for pointing out the confusion between Exchange 2007 and Exchange 2007+FSE, and to Wayne for pointing out the download size.


