Exchange 2007 Anti-Spam updates and the Automatic Updates client

Exchange 2007 uses the Windows Operating System Automatic Updates Client as a proxy to download it’s anti-spam signatures and reputation lists. The Exchange component responsible for this is the Microsoft Exchange Anti-spam Update service (witht he somewhat confusing description The Microsoft Forefront Security for Exchange Server anti-spam update service.) This service is referred to in the Exchange documentation as the Microsoft Forefront Security for Exchange Server Anti-spam Update service, again, somewhat misleading. The content retreived by the service is data only, no executable binaries are downloaded.
To configure how Exchange gets it’s updates you use the Enable-Antispamupdates cmdlet. This cmdlet has a parameter called -MicrosoftUpdate which can opt the computer in to Microsoft Update and also set the mode of how updates are retreived. The mode set through this cmdlet applies to all content from MU, not just Anti-spam updates and reputation lists. The frequency of the anti-spam updates, however, are set with the -UpdateMode parameter and applies to anti-spam and reputation data only. The -MicrosoftUpdate parameters takes one of the following values:
  • RequestDisabled This value disables Automatic Update.
  • RequestNotifyDownload Automatic Update notifies you when new updates are ready for download.
  • RequestNotifyInstall Automatic Update downloads updates and notifies you when they are available for installation.
  • RequestScheduled This value sets download and installation of updates according to the configuration of the Automatic Update on the computer.

If you run the Get-AntispamUpdates you may see another value, Configured, for the MicrosoftUpdate parameter; like this:

UpdateMode                  : Disabled
LatestContentFilterVersion  : 3.3.4604.600
SpamSignatureUpdatesEnabled : False
LatestSpamSignatureVersion  : 3.3.4604.600
IPReputationUpdatesEnabled  : False
LatestIPReputationVersion   : 3.3.4604.001
MicrosoftUpdate             : Configured

Configred means that the Windows OS Automatic Updates client was already configured for the computer by other means before the Enable-AntispamUpdates cmdlet was run. In other words, when you set the MicrosoftUpdate parameter, you do not configure the Automatic Updates client schedule if you have already configured the Windows Automatic Updates schedule.

Leave a Reply

Your email address will not be published. Required fields are marked *