Malware and Virus Scanning Architecture in Forefront Threat Management Gateway (TMG) 2010

Malware and Virus Scanning Architecture in Forefront Threat Management Gateway (TMG) 2010




Being a security gateway, the new TMG 2010 has a malware inspection capability built right in it. It inspects all http as well as https traffic to ensure none of the malware infected traffic can get into the corporate network. You may ask my company antivirus program is doing exactly the same thing why do I need to use the gateway to do this? It is important all computers within the corporate network have Anti-Virus installed but sometime their definition may not be up to date especially roaming users by using the gateway not only you can protect those server and client machine, it also provides a centralized monitoring role as well as content policy enhancement.


By using the malware filter, you can safeguard your corporate network with the Microsoft Anti-Malware engine.






From the diagram above it shows how the Malware inspection works starting from


1. PC requests some resource from the internet, it can be a web page or downloading a file.


2. The Forefront TMG will check whether this user is allowed to connect to the request web page by company policy.


3. If the user is allowing to connecting to his/her desire web site, the connection will proceed. On the other hand if the user is not allowed to connect to his/her desire web site the TMG will return a restriction or warning (subject to the policy) message back to the user.


4. If the user is allowing to connecting to the web site a request will reach the intended website and the web server will serve back the content right back to the user.


5. If the Proxy feature is enabled it will catch in the proxy engine.


6. The content then pass on to the Malware Inspection Filter to ensure it is free Malware and serve back to the user’s PC. If there is some form of Malware embedded within the content, TMG will stop it right away.


The TMG is using the Microsoft Anti Malware Engine for malware detection and it will automatically update its engine as well as the AM signature from the Microsoft Cloud service and have them stored locally to ensure the signature database is always up to date and efficiently.

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

Overview

The service pack includes the following new features and feature improvements: New Reports
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel. Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization's needs. Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server. Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.