The multi-engine advantage...and updates

  • Article

Today we posted a white paper about the Microsoft antimalware engine strategy and changes beginning December 1, 2009. A summary is below - read the full document for a complete overview.

Forefront server security products - such as Forefront Secrurity for Exchange, Forefront Security for Sharepoint and Forefront Security for Office Communications Server incorporate a multi-engine strategy, using both Microsoft and industry-leading security partner technology to consistently drive high detection rates. They also include an advanced multiple engine manager that allows customers to concurrently configure up to five engines. Using multiple scanning engines delivers several critical advantages:

  • It increases the chances that emerging threats will be caught quickly.
  • It provides redundancy to help protect against scan failures or defects in individual engines; if an engine fails, other engines continue scanning messages.
  • It gives administrators an effective way to choose the most appropriate level of protection for their environment given their security needs and server performance capabilities.
  • It allows engines to be taken offline for updates or reconfiguration without forcing messages or documents to be queued.

Tests performed quarterly by the independent AV-Test.org group have shown that the multi-engine set for Forefront security products rates highest in response times for “in the wild” viruses and variants. We have found that having multiple engines consistently provides the highest detection rates against the competition with average response time of 3-6 hours for new viruses versus competitive single-engine solutions average response times are more than 2-9 days (as noted in recent AV-Test.org data.)

In order to further develop stronger technology relationships with our antimalware partners and ensure continued customer value for the longer term, we are standardizing on a set of five antimalware engines moving forward. We are confident that this solution will continue to provide equal or better detection rates and response times than the industry’s other leading solutions.

What does this mean for Microsoft and its customers? The current and next generation of Forefront server security products, including Antigen, will include five antimalware engines as part of an ongoing strategy to maximize and maintain our malware detection advantages, as well as make investments in other areas that will increase overall protection for our customers.

Customers will be able to take advantage of these new enhancements and engine changes after deploying the Antigen and Forefront service packs released on July 1, 2009. These service packs will allow customers to move to the new set of five engines as well as additional engine changes that Microsoft may release after December 1, 2009.