To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Exchange 2010 upgrade to SP3 - how to disable f-secure protection

fossehs
fossehs Posts: 13 Security Scout
in Business Suite

Dear F-Secure experts,

 

In the instructions of upgrading Microsoft Exchange 2010 to Service Pack 3 refers to disabling 3rd party addins and antivirus products including forefront.

We have Server 2008 R2 with Exchange 2010 SP1 and intend to upgrade shortly.

 

I can find the in the web console to turn off Server Real-time Scanning but cannot find a way to turn off transport scanning.

Please advise and if any others performed successful Exchange 2010 upgrades - what did you do with the F-Secure services?

Kind Regards

Paul

fossehs

 

F-Secure details:

F-Secure Anti-Virus for Microsoft Exchange 9.10 build 229
F-Secure Anti-Virus for Windows Servers 9.00 build 333
F-Secure Anti-Virus 9.20 build 16040
F-Secure Automatic Update Agent 8.25 build 4196
F-Secure Content Scanner Server 7.30 build 400c
F-Secure Management Agent 8.20 build 40065
F-Secure Web UI 1.30 build 122

Comments

  • fossehs
    fossehs Posts: 13 Security Scout

    Jari-P

    Thank you - stopping the services and making a note of which automatic services which I then set to manual.

    After the upgrade I set the automatic services and started them.

     

     

    For those interested of how I upgraded from Microsoft Exchange 2010 SP1 UR8 and Anti-Virus for Microsoft Exchange v9.10 to Microsoft Exchange 2010 SP3 UR2 and F-Secure Anti-Virus for Microsoft Exchange 10:

     

    Performed full backup of exchange server and domain controller servers

     

    On the email server, checked schema numbers using Windows PowerShell Modules

    dsquery * "cn=schema,cn=configuration,dc=domainname,dc=local" -scope base -attr objectVersion

    dsquery * "cn=ms-Exch-Schema-Version-PT,cn=schema,cn=configuration,dc=domainname,dc=local" -scope base -attr rangeUpper

    dsquery * "cn=domainname,cn=Microsoft Exchange,cn=Services,cn=configuration,dc=domainname,dc=local" -scope base -attr objectVersion

    dsquery * "cn=Microsoft Exchange System Objects,dc=domainname,dc=local" -scope base -attr objectVersion

     

    On a domain controller without fsmo roles, check fsmo role status using netdom query fsmo

    Moved Schema Master to the domain controller

    Check replication using repadmin /replsum

    Stop Replication using:

    repadmin /options dcname +DISABLE_OUTBOUND_REPL

    repadmin /options dcname +DISABLE_INBOUND_REPL

    Verify replication is turned off, Event log should have 1115 and 1113 events

     

    On the same domain controller

    copy \\servername\Ex2010SP3 c:\temp\Ex2010SP3 folder

     

    Prepare Active Directory for Exchange 2010 SP3 installation:

    Open command prompt as administrator and type:

    cd c:\temp\Ex2010SP3

    setup /PrepareAD

     

    Check Schema successful by opening Schema MMC and ADUC MMC

    Check replication using repadmin /replsum

     

    Start Replication using:

    repadmin /options dcname -DISABLE_OUTBOUND_REPL

    repadmin /options dcname -DISABLE_INBOUND_REPL

    Check replication using repadmin /replsum

     

    Wait 10 minutes (or Force replication of AD)

    Logoff domain controller

     

    On the email server:

    checked schema numbers using Windows PowerShell Modules which should have changed:

    dsquery * "cn=ms-Exch-Schema-Version-PT,cn=schema,cn=configuration,dc=domainname,dc=local" -scope base -attr rangeUpper

    dsquery * "cn=domainname,cn=Microsoft Exchange,cn=Services,cn=configuration,dc=domainname,dc=local" -scope base -attr objectVersion

     

    Open F-Secure Anti-Virus for Windows Servers Web Console and untick Server Real-time Scanning

    Note the F-Secure services and set Automatic to Manual and stop each service

     

    Open Windows PowerShell Modules

    import-module ServerManager

    Add-WindowsFeature Web-WMI

    Close Windows PowerShell Modules

     

    Turn off Publisher’s Certificate Revocation

    Start – Control Panel – Internet Options

    Select Advanced tab

    Untick Check for Publisher’s Certificate Revocation

    Press Ok

     

    Install Exchange Server 2010 SP3 Upgrade

    copy \\servername\Ex2010SP3 c:\temp\Ex2010SP3 folder

    Run c:\temp\Ex2010SP3\setup.exe

    Click on Install Microsoft Exchange Server Upgrade link

    Press Next

    On the License Agreement page Select I accept the terms in the license agreement and press Next

    On the Readiness Checks page Press Upgrade

    On the Completion page Press Finish

    This took 30 minutes to complete

     

    Check F-Secure Services are still stopped

    Check Turn Off Publisher’s Certificate Revocation is still not ticked

     

    Install Exchange 2010 SP3 Update Rollup 2

    Copied Exchange2010-KB2866475-x64-en.msp to c:\temp\Ex2010SP3UR2

    Run c:\temp\Ex2010SP3UR2\Exchange2010-KB2866475-x64-en.msp

    This took 15 minutes to complete

     

    Turn on Publisher’s Certificate Revocation

    Start – Control Panel – Internet Options

    Select Advanced tab

    Tick Check for Publisher’s Certificate Revocation

    Press Ok

     

    Started F-Secure services and set the automatic services

    Open F-Secure Anti-Virus for Windows Servers Web Console and Tick Server Real-time Scanning

    Upgrade F-Secure AV for Microsoft Exchange:

    Run C:\temp\FS\ess1001-173-rtm.exe

    Restart server

     

    Found I could not login to F-Secure Anti-Virus for Windows Servers Web Console

    Stopped F-Secure WebUI Daemon

    Open notepad and Edit C:\Program Files (x86)\F-Secure\Web User Interface\bin\F-Secure Web Console file

    Changed 127.0.0.1 to server ip address and saved file

    Started F-Secure WebUI Daemon

     

    Tested Outlook and webmail and sending/receiving emails.

    Moved schema role back to original DC

    Kind Regards

    Paul

    fossehs

This discussion has been closed.

Categories