HUB TRANSPORT CONFIGURATION: 1. Expand Antimalware in the left hand pane 2. Expand Hub Transport 3.

In the right hand pane set the following a. General Settings i. Check Enable transport antivirus scan ii. Check Enable Transport antispyware scan b. Engines and performance i. Select the second option, Scan with the subset of engines that are available

c. Scan Actions i. Detection 1. Virus: Action = Clean, Quarantine Files = Yes 2. Spyware: Action = Delete, Quarantine Files = Yes d. Additional Options i. Check: Optimize for performance by not rescanning messages already virus scanned ii. Set maximum container scan time (seconds) = 120 iii. Set illegal MIME header action: = Purge iv. Set transport sender information = Use MIME header v. Set process count = 4 vi. Set scanning timeout (Seconds) = 600

vii. Set Scan timeout action = delete

4. Expand Anti spam in the left hand pane

5. Make sure that antispam is disabled and all options are grayed out.

6. Skip filter lists as we have none

7. Select Filter Options a. Transport filtering options i. Check Enable file filters ii. Check Enable Header filters iii. Check Enable keyword filters b. Enable keyword filtering i. Check inbound ii. Check outbound c. Enable file filtering for these message directions i. Check inbound ii. Check outbound d. Tag text for message header = Junk-Mail

e. Tag text for subject line = SUSPECT:

8. Select online protection in the left hand pane and make sure that it is not enabled.

9. Select Global Settings in the left hand pane and select scan options a. Scan Targets Transport i. Check enable scanning b. Target types i. Check inbound ii. Check outbound

iii. Check internal

10. Select Engine options in the left hand pane a. UNC Authentication i. Uncheck enable UNC b. Proxy Server i. Uncheck enable proxy server c. Additional options i. Uncheck Update engines on server startup ii. Uncheck Enable as an update redistribution server

iii. Set engine download timeout (seconds) = 300

11. Select Advanced options from the left hand pane a. Scans i. Engine error action = Delete ii. Use this extension when replacing a deleted attachment = txt iii. Uncheck use external Domains.dat file instead of value iv. Domain names used for identifying internal addresses = int.elekta.com v. Uncheck use reverse DNS lookup when determining whether a message is inbound vi. Check Quarantine corrupted compressed files vii. Check Quarantine on timeout viii. Uncheck rescan messages already scanned by forefront online protection for exchange b. Deletion Criteria i. Check Delete corrupted compressed files ii. Check Delete corrupted UUEncoded files iii. Check Delete partial SMTP messages iv. Uncheck delete encrypted compressed files

c. Threshold Levels i. Maximum container file infections = 5 ii. Maximum container file size =25 iii. Maximum compressed file size = 20 iv. Maximum uncompressed file size = 100 v. Maximum nested attachments = 30 vi. Maximum nested depth compressed files = 5 d. Logging options i. Archive transport mail = none ii. Check enable transport incident logging iii. Check Enable event logging iv. Check incidents v. Check engines vi. Check operational vii. Check enable spam agent logging viii. Uncheck Enable content filtering incident logging ix. Check Enable performance counters e. Customer Experience Improvement Program i. Uncheck Join the Customer Experience Improvement Program f. Intelligent Engine Management i. Engine management = Automatic