FOPE Antivirus

  • 7 Followers
  • 10 Replies |
  • This post has 1 verified answer |
Answered (Verified) This question is answered

I have noticed for the virus protection is says it's disabled. Is this true? Does MS FOPE need to enable it as there aren’t any options I can find regarding it?

On the domain services option it does state that the virus filtering is always enabled, but how come the other option says disabled?

Regards,

Greg Cloke

  • Post Points: 35
Verified Answer
  • Hi GregCloke1985,

    Thank you for providing the detailed process of getting the screenshot you mentioned.

    GregCloke1985, the Catch-all domains, Outbound filtering, Spam filtering, and Virus filtering settings are not configurable in the Domain Settings pane.

    All versions of the Microsoft cloud-based e-mail service use Forefront Online Protection for Exchange (FOPE) to combat spam and phishing. When messages are received at the gateway server for the cloud-based e-mail service, they are evaluated and assigned a spam confidence level (SCL) value. The SCL is a rating assigned to a message that indicates, based on the characteristics of a message, such as the content, message header, and so forth, the likelihood that the message is spam. The SCL that is assigned at the gateway server is added to the message metadata as it travels through the cloud-based e-mail service infrastructure.

    The SCL rating is a number between 0 and 9. A higher SCL rating indicates that a message is more likely to be spam. The cloud-based e-mail service infrastructure has fixed SCL thresholds that define what action is taken at a specific SCL.

    As a FOPE administrator, you can change the actions for the SCL thresholds in the FOPE Administration Center, where you can also configure other message hygiene-related settings, such as IP safelists, quarantine, and message scanning.

    For more information about how to manage these features for Microsoft Office 365 for enterprises, see FOPE in Office 365 Feature Differences.

    For the detailed information about Spam Filtering and Message Hygiene, you can refer the following article:
    http://help.outlook.com/en-us/140/dd251294.aspx

    Thanks,
    Monica Tong

    • Top 10 Contributor
    • Post Points: 0
All Replies
  • Hi GregCloke1985,

    I understand that you noticed that when checking virus protection, it stated as Disabled. When checking virus filtering on the domain services, you noticed that it stated that it’s always enabled.

    Before moving on, I would like to how you logged the settings mentioned above. Could you please provide detailed information about the FOPE you used? Did you log on from Exchange Control Panel?

    When checking the settings on FOPE settings on FOPE for Office 365 Enterprise subscription, I didn’t found the settings about virus filtering you mentioned. If things going well about the emails delivery, .etc properly, it’s not necessary to change the settings mentioned here.

    Thanks,
    Monica Tong

    • Top 10 Contributor
    • Post Points: 0
    Suggested by
  • Hi Monica,

    I have the Office 365 Enterprise subscription and the logged in to the following URL admin.messaging.microsoft.com, once logging in to here I selected Administration > Domains > one of the domains. Then in the domain settings on the left it shows “Domain Services” which is where I got the screen clip from at the start of this thread.

    The reason behind changing some of the settings is because I was getting some spam, the settings I have now changed have prevented this from now happening. I am just curious to see if FOPE is actually scanning emails to and from my accounts for viruses, the setting “Virus Filtering – Disabled” would suggest not.

    Regards,

    Greg Cloke

    • Not Ranked
    • Post Points: 0
  • Hi GregCloke1985,

    Thank you for providing the detailed process of getting the screenshot you mentioned.

    GregCloke1985, the Catch-all domains, Outbound filtering, Spam filtering, and Virus filtering settings are not configurable in the Domain Settings pane.

    All versions of the Microsoft cloud-based e-mail service use Forefront Online Protection for Exchange (FOPE) to combat spam and phishing. When messages are received at the gateway server for the cloud-based e-mail service, they are evaluated and assigned a spam confidence level (SCL) value. The SCL is a rating assigned to a message that indicates, based on the characteristics of a message, such as the content, message header, and so forth, the likelihood that the message is spam. The SCL that is assigned at the gateway server is added to the message metadata as it travels through the cloud-based e-mail service infrastructure.

    The SCL rating is a number between 0 and 9. A higher SCL rating indicates that a message is more likely to be spam. The cloud-based e-mail service infrastructure has fixed SCL thresholds that define what action is taken at a specific SCL.

    As a FOPE administrator, you can change the actions for the SCL thresholds in the FOPE Administration Center, where you can also configure other message hygiene-related settings, such as IP safelists, quarantine, and message scanning.

    For more information about how to manage these features for Microsoft Office 365 for enterprises, see FOPE in Office 365 Feature Differences.

    For the detailed information about Spam Filtering and Message Hygiene, you can refer the following article:
    http://help.outlook.com/en-us/140/dd251294.aspx

    Thanks,
    Monica Tong

    • Top 10 Contributor
    • Post Points: 0
  • I had this very same question, but didn't feel that the verified answer in this thread provided the information I was looking for. So, I posed the question to MS tech support, and got this response:

    "Regarding your issue ,I would like to inform you that ,in office365 virus filtering is done by the office 365 hub server and not by FOPE .Hence you would see that virus filtering shows disable in the Forefront Admin Center. Virus filtering is enabled by default it cannot be disabled in FOPE nor in Office 365 ,and thats the reason when you click on the edit option it says For your protection, virus filtering is always enabled and cannot be disabled."

    • Not Ranked
    • Post Points: 0
  • I have the same question too , the Virus is disabled & cant change it , does this means that the virus isn't working?

    • Not Ranked
    • Post Points: 0
  • Hi Khaled,

    I understand that the virus is disabled. You couldn’t change it. You are wondering if the virus isn’t working. Khaled, it is working. For Office 365 users, there is virus filtering in Office 365 Exchange Server and enabled by default. For pure FOPE user, they can edit the option. You can refer the information in previous post to get this point.
     
    If the above information doesn’t answer your question, to better follow up with your question, please post a new question with your detailed requirement and question description.

    Thanks,
    Monica Tong

    • Top 10 Contributor
    • Post Points: 0
    Suggested by
  • I'm also seeing the same  thing but when I ran a virus and spam testing using emailsecuritycheck.net all of the virus test emails made it through to my Inbox so it looks it's not successfully filtering the virus, at least in my case.

    • Not Ranked
    • Post Points: 0
  • Hi Chris,

    As mentioned it previously, all versions of the Microsoft cloud-based e-mail service use Forefront Online Protection for Exchange (FOPE) to combat spam and phishing. When messages are received at the gateway server for the cloud-based e-mail service, they are evaluated and assigned a spam confidence level (SCL) value. If the SCL rating isn’t meet the spam/virus number, it won’t be filtered.

    If you always received some spam or virus from specific sender, you can add it in the blocked senders list.

    Thanks,
    Monica Tong

    • Top 10 Contributor
    • Post Points: 0
  • Have to agree with ChrisHarding on this. We've ran a test as well and a test virus made it through FOPE to end user's mailbox. Any reason why this would happen?

    • Not Ranked
    • Post Points: 0
  • Hi LadmarkIT,

    An incoming message initially passes through connection filtering, which checks the sender’s reputation and inspects the message for malware. The majority of spam is stopped at this point and deleted by EOP. Anti-spam protection is enabled by default. The default content filter action is to move spam messages to the recipients’ Junk Email folder. For this to work with on-premises mailboxes, you must also configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For more information, see Ensure that Spam is Routed to Each User's Junk Email Folder.
    http://technet.microsoft.com/en-us/library/jj837173(v=exchg.150).aspx

    To find out why the test virus delivered to the end user’s mailbox, we need to perform a deep research. The causes of an issue are depend on different due to different configurations. To better follow up the issue, I suggest posting a new question in the forum with the detailed problem description and error message. A new post will be generated with a complete history of dedicated troubleshooting.

    Best Regards,
    Monica Tong

    • Top 10 Contributor
    • Post Points: 0
Page 1 of 1 (11 items)