Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • Exchange 2010
  • Going Back from Forefront 2010 Anti-Spam to the Exchange Content Filter

Going Back from Forefront 2010 Anti-Spam to the Exchange Content Filter

Kenneth Spiteri

Kenneth Spiteri Photo

Kenneth is an Exchange Administrator who loves to share anything he finds interesting with the rest of the community. He also helps with the administration of the site.

Cast your Vote
Poor Excellent

Microsoft Forefront Protection 2010 for Exchange introduces a new content filter agent. For this to work the native Exchange 2007/2010 content filter is disabled. Uninstalling Forefront does not revert back the settings. Here is how we return the system to its original state.

The first Forefront for Exchange release focused on anti-virus and anti-malware email hygiene. Targeting MS Exchange 2007, spam filtering was handled by the various transport agents included out of the box. Whether or not you ran Forefront, spam filtering was the job for the Content Filter Agent, Connection Filtering Agent, Sender Filter Agent, etc.

With Exchange 2010 we got the second wave of Forefront releases including Microsoft Forefront Protection 2010 for Exchange (FPE). Amongst other additions this release introduced a new anti-spam solution that is less reliant on the native Exchange 2007/2010 agents.

When saying less reliant, I am choosing my words carefully. Both Exchange 2007 and 2010 ship a set of anti-spam agents that do not require Forefront. FPE 2010 does not replace all the native agents either. It still relies on some of the native agents (such as for Sender Filtering) but introduces other agents that inject Forefront specific functionality.

Some of the Forefront anti-spam settings exposed at the Management Console are a wrapper to the configuration of the native anti-spam agents. Of course this is not the case when dealing with functionality unique to Forefront.

Disablement of the Native Content Filter Agent

One of the most significant changes introduced in FPE 2010 (on the anti-spam side) was the introduction of a new content filter agent. This replaces the native content filter agent shipped with Exchange 2007/2010. The new agent is registered with the Exchange transport on enabling the Forefront anti-spam. You can see this from the Exchange Management Shell by running:
Get-TransportAgent

The following screenshot shows the Exchange 2010 agent list after installing Forefront with anti-spam disabled:

Forefront Anti-Spam not Enabled

Next is the agent list after enabling Forefront anti-spam:

Forefront Anti-Spam Enabled

Here we have a couple of interesting points to highlight:

  • FSE Content Filter Agent is the Forefront content filter.

  • From the two screenshots we can see the native Content Filter Agent enablement status changing from True to False.

The native content filter is actually disabled in two places:

  1. We already saw the first switch above. This is a property common to all transport agents configurable using Enable-TransportAgent/Disable-TransportAgent.

  2. The second switch is a content filter property configurable using Set-ContentFilterConfig or the management console:

Enabling Content Filter from the Management Console

There are some obvious reasons why Forefront disables the native content filter agent. To begin with there is little point to have two content filters connected back-to-back. Secondly the two filters use the same SCL rating system. If the Forefront agent finds that an email is already stamped with an SCL it won't process it.

Re-Enabling the Native Content Filter

Now that we better understand how and why the native content filter is disabled, we proceed to re-enable it! You might have installed Forefront for evaluation and decided not to go ahead with it. Uninstalling Forefront 2010 does not re-enable the native content filter leaving Exchange exposed to spam.

To re-enable it, at the Exchange Management Shell, we just run the following cmdlets:

Enable-TransportAgent "Content Filter Agent"
Set-ContentFilterConfig -Enabled $true

At the end we just restart the Microsoft Exchange Transport service and the native content filter is back online.

Forefront Installation and Configuration

For completeness let's take a look at the Forefront installation and the configuration console. FPE 2010 does not enable anti-spam filtering by default. At installation time we get the following selection:

Forefront Installation

The default here is that to keep anti-spam disabled. So unless this is changed, FPE completes the installation without touching the native content filter enablement status. The install wouldn't even create the Forefront content filter agent.

Moving to the Forefront administrative console, we can enable anti-spam from:
Policy Management | Antispam | Configure | Enable Antispam Filtering

Forefront Management Console

Clicking the 'Enable Antispam Filtering' button changes the system to replace the content filter as described earlier. Once the native content filter is disabled, the only way to get it back is to do it manually. Of course doing this only makes sense if you plan to stop using Forefront anti-spam.

Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation