These
incidents can be fi ltered by any of the columns shown in the incidents list. Once
you input the fi ltering criteria, select Save.
Managing Microsoft SharePoint Portal Securely Using Forefront ??? Chapter 6 259
Figure 6.10 Forefront Security Incident Reporting
Designing & Planning??¦
Maintaining the Incident and Quarantine Databases
All incidents are stored in a database called Incidents.mdb located in the
installation folder of Forefront Security for SharePoint. The quarantine database
is called Quarantine.mdb and is also located in the installation folder. These
databases each have a 2GB limit. When the database reaches 75% full, a
notifi cation is sent to the Virus Administrators that the database is near the
limit and that maintenance is needed. If events are not purged, future incidents
may not be saved.
Continued
260 Chapter 6 ??? Managing Microsoft SharePoint Portal Securely Using Forefront
Quarantine
By default, a copy of each detected fi le is stored in the quarantine area prior to action
being taken by Forefront. The encoded version of the fi les along with metadata such
as original fi lename, location found, original author, and other details is maintained in
the quarantine database. You can access the quarantine database through the Forefront
Administrator or through the default DSN that is created named Forefront Quarantine.
Using the DSN, you can view the database using MS Access.
Pages:
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272