Upload
philippa-hunt
View
214
Download
0
Embed Size (px)
Citation preview
Välkommen till Sommarkollo
2006
2006
med fokus på Antigen för Microsoft med fokus på Antigen för Microsoft ExchangeExchange
Microsoft AntigenMicrosoft Antigen
Lasse Pettersson
www.humandata.se
AgendaAgenda
Antigen SolutionsAntigen SolutionsAntivirusAntivirusAnti-spamAnti-spamManagementManagementAntigen för IM och SharepointAntigen för IM och Sharepoint
DEMODEMOInstallation och konfigureringInstallation och konfigurering
Q/AQ/A
Antigen SolutionsAntigen Solutions
Live Live Communications Communications
ServerServer
SharePoint SharePoint ServerServer
Exchange ServersExchange Servers
ISA ISA ServerServer
Windows SMTP Windows SMTP ServerServer
VirusesViruses
WormsWorms
SpamSpam
IM and IM and DocumentsDocuments
E-E-mailmail
LayeredLayeredDefenseDefense
ss
Server Server OptimizationOptimization
Content Content ControlControl
ExchangeExchange ExchangeExchangeExchangeExchange
VirusesVirusesWormsWormsSpamSpam
E-mail Antivirus ApproachesE-mail Antivirus Approaches
ISA ServersISA Servers Windows SMTP ServersWindows SMTP Servers
InternetInternet
AVAV
AVAVAVAVAVAV
AVAV
AVAVAVAV
AVAV
Single Vendor SolutionSingle Vendor Solution• Same scan engine, heuristicsSame scan engine, heuristics technology and signature files on technology and signature files on all server and client platforms all server and client platforms
• Dependent on one AV lab Dependent on one AV lab for scan engine updates for scan engine updates during virus or worm during virus or worm outbreaks outbreaks • Queuing and delay during Queuing and delay during engine updates on mission engine updates on mission critical servers (i.e. critical servers (i.e. Exchange) Exchange)
Problem:Problem: Single Point of FailureSingle Point of Failure
AVAV
AVAVAVAVAVAV
AVAV
AVAV
AVAV
AVAV
Multi-vendor SolutionMulti-vendor Solution• Different scan engines, heuristicsDifferent scan engines, heuristics technologies and signature files on technologies and signature files on
server and client platforms server and client platforms• High acquisition and High acquisition and maintenance cost maintenance cost • Added filtering complexityAdded filtering complexity
Problem:Problem: Management/CostManagement/Cost
Multiple Engine ManagementMultiple Engine Management
InternetInternet
Exchange Server/Exchange Server/Windows SMTP ServerWindows SMTP Server
AVAVAVAV
AVAVAVAV
Antivirus
Antispam
Policy Mgt
Central Mgmt
One vendor, multiple technologiesOne vendor, multiple technologies
Antigen for ExchangeAntigen for ExchangeProtects Exchange Server 5.5, Protects Exchange Server 5.5, 2000, and 20032000, and 2003Detects and removes viruses in Detects and removes viruses in e-mail messages and attachmentse-mail messages and attachments
Scans at SMTP stack (most Scans at SMTP stack (most processing intensive scans)processing intensive scans)Scans real-time at Exchange Scans real-time at Exchange information Storeinformation StoreProvides on-demand and scheduled Provides on-demand and scheduled scans of information storescans of information storeUses Microsoft-approved virus Uses Microsoft-approved virus scanning API integration for scanning API integration for Exchange 2000 and 2003Exchange 2000 and 2003
Provides advanced content-filtering Provides advanced content-filtering capabilities for messages and capabilities for messages and attachmentsattachments
Integrates file filtering, keyword Integrates file filtering, keyword filtering and anti-spam at the SMTP filtering and anti-spam at the SMTP routing levelrouting level
ISA Server
Exchange Front End
Exchange Site 1
Exchange Site 2
Internet
Exchange Public Folder Server
Exchange Mailbox Server
Scan Engine 4Scan Engine 4
Scan Engine 2Scan Engine 2
Max Certainty: uses all engines (100%) Max Certainty: uses all engines (100%) Favor Certainty: uses 75% of available engines Favor Certainty: uses 75% of available engines
Neutral:Neutral: uses approx. 50% of available enginesuses approx. 50% of available enginesFavor Performance: uses 25% of available enginesFavor Performance: uses 25% of available enginesMax Performance: uses one engine for every scanMax Performance: uses one engine for every scan
Antigen Multiple Engine Manager Antigen Multiple Engine Manager (MEM) Bias Settings(MEM) Bias Settings
Scan Engine 1Scan Engine 1
Scan Engine 4Scan Engine 4
Scan Engine 2Scan Engine 2
Scan Engine 3Scan Engine 3
Max Certainty:Max Certainty: uses all engines (100%)uses all engines (100%) Favor Certainty: uses 75% of available engines Favor Certainty: uses 75% of available engines Neutral: uses approximately 50% of available enginesNeutral: uses approximately 50% of available enginesFavor Performance: uses 25% of available enginesFavor Performance: uses 25% of available enginesMax Performance: uses one engine for every scanMax Performance: uses one engine for every scan
* Engines used are not * Engines used are not always the same. They are always the same. They are dynamically allocated from dynamically allocated from the available pool. the available pool.
Scanning PerformanceScanning Performance
Scanning at both the SMTP Stack and Scanning at both the SMTP Stack and Exchange StoreExchange Store
SMTP: Provide maximum scanning protection SMTP: Provide maximum scanning protection (Max (Max Certainty bias)Certainty bias)
Exchange Store: Balance security with performance Exchange Store: Balance security with performance (Neutral bias)(Neutral bias)
In-memory scanningIn-memory scanningDynamic allocation of application memory improves Dynamic allocation of application memory improves server efficiencyserver efficiency
Eliminates the burdensome process of spooling data Eliminates the burdensome process of spooling data to disk for virus scanningto disk for virus scanning
Ability to increase number of available Ability to increase number of available processes (scanning threads)processes (scanning threads)
Antigen AV Engine PartnersAntigen AV Engine Partners
Included “in the box”Included “in the box” Additional Options ($)Additional Options ($)
(2)(2)
Coming Soon: MS AntivirusComing Soon: MS Antivirus
Worm Removal Worm Removal Fully purge all messages containing wormsFully purge all messages containing worms
Use Sybari Worm ListUse Sybari Worm List (wormprge.dat) to purge any message that (wormprge.dat) to purge any message that matches a known Worm virusmatches a known Worm virus
Create a custom Worm List with a single wildcard ( * ) to match all Create a custom Worm List with a single wildcard ( * ) to match all malicious code detectedmalicious code detected
Provide pre-emptive protection against unknown worms with file filter Provide pre-emptive protection against unknown worms with file filter purge (size, type, extension, etc.)purge (size, type, extension, etc.)
The user receives nothing, not even a notificationThe user receives nothing, not even a notification
Purged messages containing worms should not Purged messages containing worms should not be quarantinedbe quarantined
There is no value in the messageThere is no value in the message
Reduces network bandwidth by removing un-needed messages.Reduces network bandwidth by removing un-needed messages.
Content and File FilteringContent and File FilteringContent FilteringContent Filtering
Scans messages for keywords in message body textScans messages for keywords in message body textOffers whitelisting for trusted sendersOffers whitelisting for trusted sendersProvides separate filters for inbound, outbound and Provides separate filters for inbound, outbound and internalinternal
File filtering File filtering Blocks a specific range of potentially dangerous file Blocks a specific range of potentially dangerous file types by both extension and true file typetypes by both extension and true file type
File types commonly blocked: EXE, COM, PIF, SCR, VBS, File types commonly blocked: EXE, COM, PIF, SCR, VBS, VBE, SHS, CHM, REG and BATVBE, SHS, CHM, REG and BAT
Unpacks and repacks ZIP files, removing only the Unpacks and repacks ZIP files, removing only the blocked fileblocked fileOffers whitelisting for trusted sendersOffers whitelisting for trusted sendersProvides separate filters for inbound, outbound and Provides separate filters for inbound, outbound and internalinternal
Antigen Message ProcessingAntigen Message Processing
Spam Spam FilteringFiltering
Content Content FilteringFiltering
Attachment Attachment ScanningScanning
Body Body ScanningScanning
• Sender Whitelist Check
• Spam Scanning
• RBL Filter
• Sender/Domain Filter
• Subject Line Filter
Non-archive Files:
• Worm Scanning
• File Name Filtering
• Virus Scanning
Archive/.zip Files:
• File Name Filtering
• Traverse the archive
• Keyword Filtering
• Virus Scanning
Integrated Anti-spam Integrated Anti-spam
Advanced Spam Manager option available Advanced Spam Manager option available with Antigen for SMTP Gateways or Antigen with Antigen for SMTP Gateways or Antigen for Exchange serversfor Exchange servers
Employs signature-based SpamCure anti-spam Employs signature-based SpamCure anti-spam engine from Mail-Filtersengine from Mail-FiltersWorks with heuristics-based Intelligent Message Works with heuristics-based Intelligent Message Filter (IMF)Filter (IMF)Real-time scanning and content filtering Real-time scanning and content filtering Enables administrators to create custom allow and Enables administrators to create custom allow and block lists based on sender, domain and IP block lists based on sender, domain and IP addressesaddresses
Spam Detection Methods Spam Detection Methods
SpamCure engine:SpamCure engine: the primary and most the primary and most effective methodeffective method
SpamCure engine provided by third-party, Mail-FiltersSpamCure engine provided by third-party, Mail-Filters
RBL lists:RBL lists: support for multiple external RBL support for multiple external RBL servicesservices
Message Body Keywords:Message Body Keywords: used more for policy used more for policy management, not very effective for spammanagement, not very effective for spam
Mailhost filtering:Mailhost filtering: blocking based on sender, blocking based on sender, domain and IP (a good supplement but too domain and IP (a good supplement but too reactive to use as primary method)reactive to use as primary method)
Whitelisting:Whitelisting: sender whitelisting to sender whitelisting to complement spam detection complement spam detection
SpamCureSpamCure
StarEngine –StarEngine –SSpam pam TTricks ricks AAnalysis and nalysis and RResponse esponse Spammer tricks are identified and neutralizedSpammer tricks are identified and neutralized
The STAR engine removes the comments, so normalized The STAR engine removes the comments, so normalized message can be matched against signaturesmessage can be matched against signatures
Bullet Signature Database – Human Editors create Bullet Signature Database – Human Editors create small, targeted signaturessmall, targeted signatures
Based on specific, unique characteristics of a message (URL, Based on specific, unique characteristics of a message (URL, phone number, specific text string, etc.)phone number, specific text string, etc.)
Targets the SpammerTargets the SpammerBullets don’t catch just one spam message, they catch multiple Bullets don’t catch just one spam message, they catch multiple spam from the same spammerspam from the same spammer
A new signature is not required for each new spam messageA new signature is not required for each new spam message
High catch rate with low false positivesHigh catch rate with low false positivesSignature-based approach ensures highly accurate detectionSignature-based approach ensures highly accurate detection
www.contoso.com<random-comments>www.con to so.com<comments>
ASM and IMF togetherASM and IMF together
On the same server, IMF scans On the same server, IMF scans beforebefore ASM ASM
Each applies an SCL rating – the higher rating always Each applies an SCL rating – the higher rating always wins (i.e. has more confidence)wins (i.e. has more confidence)
Mail that is rejected, deleted or archived by IMF will Mail that is rejected, deleted or archived by IMF will notnot make it to ASMmake it to ASM
Example: IMF archives SCL 7,8 and 9Example: IMF archives SCL 7,8 and 9
ASM Spam set to 9IMF SCL of 0-6
IMF Scan
ASM Scan
Archive Folder
Pickup Folder
If Admin moves message
If SCL is
7,8,9
Inbox
Junk E-Mail
Mail Store
Antigen Rapid UpdateAntigen Rapid Update
Done by MicrosoftDone by Microsoft
Automated engine update processAutomated engine update processPolls engine vendor website for updatePolls engine vendor website for update
Downloads vendor engine packageDownloads vendor engine package
Expands vendor engine packageExpands vendor engine package
Creates Antigen Engine Update package containing Creates Antigen Engine Update package containing Antigen engine adapterAntigen engine adapter
Runs tests against virus databaseRuns tests against virus database
Posts to secure Microsoft websitePosts to secure Microsoft website
Sends engine update notificationsSends engine update notifications
On-site Scan Engine UpdatesOn-site Scan Engine Updates
Antigen polls for engine updatesAntigen polls for engine updatesAdministrator sets polling intervalAdministrator sets polling intervalAdministrator can force an engine updateAdministrator can force an engine update
Single updating mechanism for all enginesSingle updating mechanism for all enginesNew antivirus/anti-spam engine package New antivirus/anti-spam engine package downloadeddownloadedPackage expandedPackage expandedEngine tested with EICAR test virusEngine tested with EICAR test virusCurrent engine taken offlineCurrent engine taken offlineNew engine swapped inNew engine swapped inNew engine brought onlineNew engine brought online
All updates retrieved from Microsoft (not All updates retrieved from Microsoft (not Vendors)Vendors)
Scanner Updates: SEMScanner Updates: SEM
Sybari Enterprise Manager (SEM) is Sybari Enterprise Manager (SEM) is specifically designed to distribute specifically designed to distribute signaturessignatures
Preferred method for multi-server customersPreferred method for multi-server customers
SEM server downloads files, alerts remote SEM server downloads files, alerts remote Antigen servers, and they pull updatesAntigen servers, and they pull updates
All scheduling set on SEM serverAll scheduling set on SEM server
Offloads update process to non-critical systemsOffloads update process to non-critical systems
SEM server
Signature servers
Antigen server
Antigen server
SEM AgentHTTP or FTPHTTP or FTP
Monitoring and ReportingMonitoring and Reporting
SEM Analyzes incident trends and Antigen’s SEM Analyzes incident trends and Antigen’s effectiveness in combating these incidentseffectiveness in combating these incidents
Data stored in MSDE or SQL DatabasesData stored in MSDE or SQL Databases
Provides central monitoringProvides central monitoring Outbreak Configuration and Alerts (SMTP/SNMP Outbreak Configuration and Alerts (SMTP/SNMP traps)traps)
Set per server, groups of servers, or enterpriseSet per server, groups of servers, or enterprise
Virus, spam and filter thresholdsVirus, spam and filter thresholds
Failed engine updatesFailed engine updates
Monitoring and ReportingMonitoring and Reporting
Reports include:Reports include:Top X Viruses detectedTop X Viruses detected
Engine update and version reportsEngine update and version reports
Traffic ReportsTraffic Reports
Spam, Content, File Spam, Content, File Filtering, and Virus Filtering, and Virus reportsreports
Over 100 Events, Performance Counters and Over 100 Events, Performance Counters and Services MonitoredServices Monitored
Monitors the state of Antigen and its key componentsMonitors the state of Antigen and its key componentsCollects statistical data on scanning, detection and Collects statistical data on scanning, detection and removal of messages and attachmentsremoval of messages and attachmentsPolls 5 Antigen Services - Provides timed events to Polls 5 Antigen Services - Provides timed events to poll systems for critical process healthpoll systems for critical process health
Key Tasks:Key Tasks:Trigger scan engine updatesTrigger scan engine updatesCentralize storage and deployment of License filesCentralize storage and deployment of License filesImport, export and deploy changes for key settingsImport, export and deploy changes for key settingsInitiate and/or schedule Manual Scan Jobs.Initiate and/or schedule Manual Scan Jobs.Start/Stop control of Antigen services.Start/Stop control of Antigen services.
MOM IntegrationMOM IntegrationAntigen Management Pack for MOM 2005Antigen Management Pack for MOM 2005
Antigen E-mail Security Antigen E-mail Security GoalsGoals Ensure protection against latest threatsEnsure protection against latest threats
Multiple Engines, seamless updatesMultiple Engines, seamless updates
Provide minimum Exchange server Provide minimum Exchange server performance overhead/mail latencyperformance overhead/mail latency Bias settings, in-memory scanningBias settings, in-memory scanning
Provide integrated antivirus/anti-spam/ Provide integrated antivirus/anti-spam/ content filtering functionalitycontent filtering functionality Antigen/ASM/IMF integrationAntigen/ASM/IMF integration
Alert administrators to outbreaks and Alert administrators to outbreaks and failuresfailures SEM and MOMSEM and MOM
Antigen for SharePointAntigen for SharePoint
Virus Protection for Document Virus Protection for Document LibrariesLibraries
Real-time scanning of documents Real-time scanning of documents uploaded and downloaded from uploaded and downloaded from document librarydocument libraryManual and scheduled scanning of Manual and scheduled scanning of document library (supports both WSS document library (supports both WSS and SPS)and SPS)
Content Policy EnforcementContent Policy EnforcementFile filtering to block documents from File filtering to block documents from being posted based on name match, being posted based on name match, file type or file extensionfile type or file extensionContent filtering by keywords within Content filtering by keywords within documents for inappropriate words documents for inappropriate words and phrasesand phrases
SQL Document Library
SharePoint Server
Document
Users
Document
How do viruses get to SharePoint?How do viruses get to SharePoint?
Today, viruses arrive by accident – not designToday, viruses arrive by accident – not designUser uploads a document with embedded payloadUser uploads a document with embedded payload
Possibly malicious user activity Possibly malicious user activity Risk in an extranet deploymentRisk in an extranet deployment
Windows XP user maps a network drive to \\server\sites\Windows XP user maps a network drive to \\server\sites\teamsiteteamsite
If a user is infected by a virus that attempts to propagate to If a user is infected by a virus that attempts to propagate to network shares, then the virus can propagate to network shares, then the virus can propagate to SharePoint sitesSharePoint sites
In the future, SharePoint may beIn the future, SharePoint may beexplicitly targetedexplicitly targeted
SQL document librarySQL document library SharePoint Portal ServerSharePoint Portal Server UsersUsers
Embedded virus Infectious MacroHot buttons TrojansSQL based viruses
==
Why SharePoint AV?Why SharePoint AV?
Client and server AV don’t solve the problemClient and server AV don’t solve the problemServer AV may cause operational issuesServer AV may cause operational issues
When server-based antivirus cleans or deletes infected files, When server-based antivirus cleans or deletes infected files, backup and restore operations can fail due to missing or changed backup and restore operations can fail due to missing or changed linkslinks
Antigen avoids SharePoint site backup and restore failures Antigen avoids SharePoint site backup and restore failures (Smigrate.exe) by maintaining logical links to affected documents(Smigrate.exe) by maintaining logical links to affected documents
Desktop AV can’t clean the original infected Desktop AV can’t clean the original infected documentdocument
Desktop AV may detect the infection within the cached copy Desktop AV may detect the infection within the cached copy but cannot clean the stored copy in the SharePoint but cannot clean the stored copy in the SharePoint document library. document library.
Antigen cleans the document in the library, ensuring all Antigen cleans the document in the library, ensuring all posted and downloaded documents are safe.posted and downloaded documents are safe.
Content and File FilteringContent and File Filtering
Antigen document filtering targetsAntigen document filtering targetsProfane languageProfane languageRacial slursRacial slurs““For your eyes only” information for upper managementFor your eyes only” information for upper managementConfidential documents posted to the portal ExtranetConfidential documents posted to the portal ExtranetOut of Policy Content (MP3 or AVI files)Out of Policy Content (MP3 or AVI files)
Filters documents based on name match, Filters documents based on name match, wild card, file type or file extensionwild card, file type or file extension
Can also help eliminate new virus outbreaks before AV scan Can also help eliminate new virus outbreaks before AV scan engine signature files are readyengine signature files are ready
Filters body content for inappropriate Filters body content for inappropriate keywords and phraseskeywords and phrasesMaintains proper document versioningMaintains proper document versioning
During manual scans, deleted files can be replaced with a During manual scans, deleted files can be replaced with a customizable text file to maintain proper versioning within the customizable text file to maintain proper versioning within the SharePoint Document Management SystemSharePoint Document Management System
SharePoint NotificationSharePoint Notification
Alerts/notifications via customized web partsAlerts/notifications via customized web parts SummarySummary
Detailed listDetailed list
Antigen for Instant MessagingAntigen for Instant Messaging
Detects and removes Detects and removes viruses in IM viruses in IM conversations and file conversations and file transferstransfersScans for SPIM, Scans for SPIM, confidential confidential information and information and inappropriate inappropriate keywords in IMs and keywords in IMs and file transfersfile transfers
Allows creation of IM Allows creation of IM policies through policies through whitelisting and whitelisting and IM/SMTP notificationsIM/SMTP notifications Microsoft Office
CommunicatorWindows
Messenger Clients
Live Communications Server
Firewall
Outside IM Clients
IM VulnerabilitiesIM Vulnerabilities
Files/URLsFiles/URLsExecutables, hot buttons, Executables, hot buttons, phishingphishing
Trojan virusesTrojan virusesSteal IM info (buddy lists, Steal IM info (buddy lists, passwords, log files)passwords, log files)
Steal info Steal info via via IM (IP IM (IP addresses, System Info)addresses, System Info)
Remote controlRemote control
Classic wormsClassic wormsSend files to designated Send files to designated “buddies”“buddies”
Blended threatsBlended threatsUse IM to find vulnerable Use IM to find vulnerable systems and spread fastersystems and spread faster
Worm attack forces Reuters IM offline Published: April 14, 2005, 11:22 AM PDTCNET News.com
Reuters has shut down its instant messagingsystem after suffering an onslaught from a new Kelvir worm, the company confirmed Thursday…The new variant attempted to spread by sending fake instant messages to people in contact lists on infected systems, a technique used by earlier Kelvir strains. The messages, crafted to look exactly like legitimate IM correspondence, attempted to lure people to a Web site where their computers would be infected with Kelvir, the representative said.
IM VulnerabilitiesIM Vulnerabilities
Inappropriate Inappropriate ContentContent
Privacy IssuesPrivacy Issues
ProfanityProfanity
Legal risksLegal risks
SPIMSPIMUnsolicited contentUnsolicited content
Phishing attacksPhishing attacks
IM Virus ProtectionIM Virus Protection
File transfer and message conversations are File transfer and message conversations are scanned for viruses.scanned for viruses.
Integrates with SIP (Session Initiation Protocol) to Integrates with SIP (Session Initiation Protocol) to provide real-time provide real-time scanningscanning
Supports LCS 2005 Supports LCS 2005 Pooling, PIC, and Pooling, PIC, and encrypted encrypted conversationsconversations
User notifications User notifications provided via Antigen provided via Antigen IM “bot”IM “bot”
IM Content ProtectionIM Content Protection
Document filtering by type, size, and name Document filtering by type, size, and name
Content filtering by customizable keywords Content filtering by customizable keywords can be configured for message can be configured for message conversations and document body textconversations and document body text
White listing exempts IM Names and White listing exempts IM Names and addresses from content scanning of addresses from content scanning of messages and documentsmessages and documents
SPIM dictionary of known spam words– SPIM dictionary of known spam words– customers can customize with their own customers can customize with their own spam dictionaryspam dictionary
Content filtering to block URLs from being Content filtering to block URLs from being sentsent
Collaboration Security GoalsCollaboration Security Goals
Ensure protection against latest threatsEnsure protection against latest threats Multiple Engines, seamless updates, support for Multiple Engines, seamless updates, support for
SharePoint and LCSSharePoint and LCS Provide policy enforcement against Provide policy enforcement against
unwanted and inappropriate contentunwanted and inappropriate content File Filtering and Content Filtering within documents File Filtering and Content Filtering within documents
and IM conversationsand IM conversations Provide integration with e-mail security for Provide integration with e-mail security for
comprehensive protection across all comprehensive protection across all messaging and collaboration platformsmessaging and collaboration platforms Integration with Antigen for Exchange & ASMIntegration with Antigen for Exchange & ASM
Alert administrators to outbreaks and Alert administrators to outbreaks and failuresfailures SharePoint Web parts and IM user notificationsSharePoint Web parts and IM user notifications
Microsoft Forefront provides greater protection and control over the security of your business’ network infrastructure by providing:
A comprehensive line of information protection and access control products
Integration with your existing IT infrastructure Simplified deployment, management, and analysis Technical and industry guidance
Client & Server OS
Edge
Server Applicatio
ns
Previous Current
Client
Server
Edge
H2 2006 H1 2007 H2 2007+
20020088
Roadmap 2006-2007Roadmap 2006-2007
New Microsoft Antigen versionsNew Microsoft Antigen versionsFull Security Review (SDL)Full Security Review (SDL)
LocalizationLocalization
New product enhancements and featuresNew product enhancements and features
MSAV engine integration – 5MSAV engine integration – 5thth standard standard
Antigen for SharePoint and Live Server Antigen for SharePoint and Live Server (LCS and IM)(LCS and IM)
Antigen for Email security (E12 Exchange Antigen for Email security (E12 Exchange Support)Support)
ISA protection scanning and filteringISA protection scanning and filtering
Antigen v9.0 Email Security Antigen v9.0 Email Security New Features New Features
Microsoft BrandingMicrosoft Branding
Microsoft LicensingMicrosoft Licensing
Enhanced Support for Exchange Enhanced Support for Exchange ClustersClusters
Add administrator notification when Add administrator notification when current Access DB approaches 2 GBcurrent Access DB approaches 2 GB
Granular Content notificationsGranular Content notifications
www.microsoft.com/antigenwww.microsoft.com/antigen