AntiSpyware AntiVirus Exchange / Outlook Microsoft

Microsoft Antigen for exchange

By on Friday, June 9, 2006

I downloaded Microsoft’s Antigen for Exchange last night and installed it on a server to remove some old virus’s that were stuck in the mail store (there is no scheduled scan of the mailstore as realtime desktop and smtp scanning is now used for virus protection). Although the product did the job of deleting the mail, the whole admin interface is awful to use and the support on the Microsoft website is non existant – there are NO documents in the technet database on Antigen version 9. With the various quirks in the admin interface and no support, this software really should be released as a beta. I’d only say beta due to the fact that it did remove the virus’s otherwise I’d recommend alpha status.
The extended entry contains my 22 points that I would provide as bug reports if it was in beta status.

  1. Grey colours – yuck
    I was going to mention this as an appalling colour scheme – but there just are no colours in the console at all. It looks ugly. (I admit there are some colours in the scheme but the interface is predominantly grey.)
  2. AV software not installed by default.
    The antivirus engines are on the system but they don’t have any dat files associated with them – you have to download them before the software has any definitions to work with -surely some definitions with the software would be better than none?
  3. Can’t do update all NOW.
    There is no option to update all the virus definitions in one go – you have do them one at a time. There is a scheduled task to update them about 10 minutes after installation – but if you want to start scanning NOW and protect your mailserver NOW rather than waiting 10 or more minutes for the definitions to be installed. In a busy environment this could mean a lot of emails getting onto a mail server without any virus protection
  4. Gui not mouse friendly
    There were no shortcut keys for any of the dialog buttons so the mouse has to be used for everything. I was doing the installation on the server console in a rack so had the fun of using the nipple on the keyboard which makes long movement around the screen a painful task. The updates for each antivirus definition meant clicking update now on the far right hand side of the screen, waiting for the update to process, Move the mouse over to the left hand side of the screen to select the next agent and then moving the mouse back to the far right hand side of the screen to select update now.
  5. Some virus’s detected twice when scanning/detect (default action!)
    When running the initial scan (which also has the setting so that the virus is only detected – no cleaning or deletion is set) most of the virus’s that were on the server – sober and netsky variants are detected twice. I think this may be due to the different names that the engines to each virus although it did seem to appear that various companies would appear in both occurances of the same virus. However, when you delete the virus you only get one entry – as expected as once it is deleted by one engine it is not going to be detected by any of the other engines.
  6. No delete button to delete items in quarantine – no right click menu.
    The quarantine screen has no delete feature visible. There are options to release the items but no delete. Instead you have to press the delete button. This may sound obvious but some sort of visual indication should really be on the screen.
  7. Pressing delete changes status to **retrievingdata**
    After pressing the delete key on the quarantine screen, all the virus status lines change to **retrieving data** and the whole screen starts to flicker. It is almost as if the screen is being redrawn each time the virus is being deleted on a very slow terminal. However this is not the case as no lines are deleted – it just continues to flicker. The only way to see that anything has been done is to select another screen in the program and then switch back to the quarantine.
  8. Defaults to sending an email to sender of virus laden email
    This is a bad option. It is a very rare occurance that the from address on a virus laden email is a genuine email address. Most email borne virus’s are the result of mass mailing infections with spoofed email address’s so what is the point on having the default option set to reply to the sender?
  9. No facility to see results of scheduled scan job
    You could look in the event log but I would expect the log to say that a scan was run but no virus’s were found in the application. This leads me on to the next point –
  10. Lots of registry entries to fix various issues that could exist
    Reading the readme (yes I actually did bother to read it) – gave details about a lot of registry settings that should be set depending on the user environment. A lot of these should really be in the UI – remember – we are always told to use the UI whenever possible and stay out of the registry – so why the need to delve into the registry for so many settings? This also means that there are too many undocumented features that are not apparent to the administrator (who doesn’t read the readme) This also makes the documenting of the server setup much more complicated. You now have to document each regkey (and the possibility of mistyping in the document) rather than screenshotting the application settings. Having said that, registry settings could be useful as you could export them – but they are in different areas of the registry and you could do this after the UI has made the changes for you.
  11. Logs in eventvwr only say “Manual Scan Started”
    If you run two manual scans, one for each store that you have and then look in the event log there is no way of telling which manual scan a log entry refers to – so don’t run two scans at the same time (this also goes for ensuring that the scheduled scans run at completely different times of the day
  12. No right click anywhere.
    It seems very odd to not have any context sensitive menus in an application nowadays – even notepad has them!
  13. Help pages, running on a server give error messages due to active content.
    There is not a lot MS can do about this apart from making the default page explain the settings that need to be done – Dell does this with their server admin tool. I know that an administrator should know this – but not all admin people know what they are doing – especially if the standard admin person is on holiday and someone else is standing in for them.
  14. Various logging enabled – but no links to the log files themselves
    I think this is because all the logs files are dumped to the eventlog – which makes it so much harder to parse when looking for an error. I guess you can use more utilities to export the eventlogs to a file/console but this shouldn’t really be necessary.
  15. Installation doesn’t walk through configuration of the server.
    Once the setup program has run I would have expected some sort of wizard to walk through the various configuration settings that need to be done to ensure that various settings are filled in correctly so that everything works. Instead you are left to work it out yourself so it is possible to run a scan, expecting a report but not get one as the administrator email address wasn’t filled in on another screen.
  16. Runs as system account
    I would have expected the option to either run with the Local System Account or to be given the option to run with a user defined service account
  17. The readme refers to kb article 911791 which doesn’t exist.
    But then again there are no documents in the technet knowledge base for this product
  18. The help file tells you to go to microsoft.com and access support
    Surely they could be more specific – but then again that is unlikely due to the next point.
  19. Antigen doesn’t even appear in the list of products on support.microsoft.com
    When I went to support.microsft.com there was a drop down list to select a product but it wasn’t listed. It was only when you went to the alphabetical list of productsthat Antigen is mentioned. (Strangely I can’t find that dropdown list on my pc at home so they may have changed the webpage?)
  20. Clicking on the Antigen Support site only has Antigen 7.5 and 8.0
    This is the page you are taken to when you select Antigen from the alphabetical list of products
  21. Search for antigen on the Antigen 9.0 page ) returns no data!
    Antigen finally appears under the search a product page but I was unable to return any data for a variety of queries for this product including searching on the word Antigen – I would expect that to come back with all the documents available but NO results are found.
  22. AEM (Antigen Enterprise Management) can be installed seperately
    This is a different product that looks like it may give better reporting features for the product – hmmm maybe this is why the reporting features are so useless. I say may give better results as there are no screenshots in the getting started guide – something which might be useful when guiding someone through the initial installation of the product.

All in all – I am disappointed with the product – yes it does the main job of checking and cleaning for virus’s. It also has other features such as antispam but I’ve not looked at those features. But the whole UI needs some serious development work before it could be used in earnest. I only had to install and manage it on one server (but I will probably install on another machine to see if some of the problems were unique to that one machine) but this would be a nightmare to manage on an enterprise scale.

0
Related Posts