Upgrade Forefront for exchange server to MSME

Hello, I need to know what points we should consider to uninstall the tool "Forefront for Exchange" on the company servers and after that install MSME (McAfee).
Can anyone help me?

This job is important because "Forefront for Exchange" is discontinued 31/12/15.

Best regards.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
MS already discontinued forefront. You can remove forefront from your exchange server and use msme.
btanExec ConsultantCommented:
May be good to follow MS guide though it stated 2010

e.g.Uninstalling from a standalone server
e.g. Uninstalling from a cluster system

But do note these
important considerations when uninstalling FPE:

•When FPE is uninstalled, Exchange services are stopped, resulting in a temporary interruption in mail flow. The services that are stopped are automatically restarted when FPE finishes uninstalling.

During uninstall, FPE waits four minutes for the Microsoft Exchange Information Store to stop; the uninstall may fail if the service does not stop within four minutes. If this occurs, manually stop the Microsoft Information Store service before uninstalling FPE, and then manually restart the Microsoft Information Store service after successfully uninstalling FPE.

•When uninstalling FPE, Active Directory® must be available in order for FPE to uninstall correctly.

•If the SharePoint Portal Alert service is on the server and running, an uninstall of FPE may require a restart.

•To prevent FPE from requiring a restart during an uninstall process, shut down any monitoring software and make sure that any command prompts or Windows Explorer windows do not have the FPE program folder or any of the subfolders open. After the uninstall process is complete, start the monitoring software again.

•If you have Microsoft Office Manager 2005 or Microsoft System Center Operations Manager 2007 agents installed, you might see services start unexpectedly after the product has been uninstalled. These agents are stopped (disabled) during an uninstall and automatically re-enabled when the process has completed. This is normal behavior.
Thereafter for MSME, may want to check out "Prerequisites when installing or upgrading to MSME 8.0" https://kc.mcafee.com/corporate/index?page=content&id=KB77173

But always good to check MSME release build note on the installation and caveats (if any). DO backup the server critical files for rollback as contingencies

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
matilo16Author Commented:

for uninstalling of the product, I see Microsoft Forefront Security for Exchange Server and dont see Microsoft Forefront Server Protection. Is the same tool?

Best regards,
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

AmitIT ArchitectCommented:
Forefront Security for Exchange Server is the right product. You can first disable it and then remove it. Run this command with admin mode.

fscutility /disable

This will unhook the forefront from Exchange, it might restart some services, so do it after business hours.
btanExec ConsultantCommented:
There is actually Forefront Security for Exchange Server (FSE) and Forefront Protection for Exchange Server (FPE). The link earlier shared is to FPE and for the former, for your case then is FSE. You may consider this link with the documentation for FSE @ https://technet.microsoft.com/en-us/library/bb795077.aspx 
To uninstall Forefront Security for Exchange Server  
1.Ensure that the Forefront Server Security Administrator is not running.

2.Open Services in the Control Panel.

3.Stop the FSCController service. This causes the Microsoft Exchange Transport Service and Microsoft Exchange Information Store to be stopped also.

4.When all these services have stopped, close the Services dialog box.

5.Open Add or Remove Programs in the Control Panel.

6.Remove Microsoft Forefront Security for Exchange Server. Click Yes to confirm the deletion.

7.At the Uninstall Complete screen, click Finish.

8.Any settings that you have made still remain in .fdb files in the Microsoft Forefront Security folder in Program Files(x86) (or whatever folder you installed to). Additionally, the incidents and quarantine database files remain, as well as Statistics.xml. If you will be reinstalling FSE and want to retain those settings, do nothing. If you will not be reinstalling FSE or if you want to start with fresh settings, delete that folder.

9.If you are not planning to re-install Forefront Security for Exchange Server, restart the stopped Exchange services.
better to make sure there is backup first done for FSE as stated in steps @ https://technet.microsoft.com/en-us/library/cc765430.aspx

For PSE or FPE cluster based type can check @ https://support.microsoft.com/en-us/kb/929081
matilo16Author Commented:
Hello, thanks for your response.

Could you help me in which Exchange servers should you install MSME? when I talk about them, I mean if all roles (mailbox, hub transport or both).
btanExec ConsultantCommented:
MSME scans an inbound, outbound or internal email. Hence minimally you should consider having MSME installed on all server with roles: Edge Transport, Hub Transport and Mailbox. However, if you do not have an Exchange server on the Edge or Hub Transport role, MSME will ignore the steps
related that role. This is for internal email scanning steps taken by MSME
1 The end‑user sends an email to an internal user, using the email client.
2 Exchange store receives the email and scans it in the Outbox folder.
3 If there is detection, it's replaced or deleted as per the product configuration and if replaced it is
submitted to Transport queue.
4 SMTP stack hosted by EdgeTransport.exe on Hub server role, receives the email.
5 MSME Transport Agent (McAfeeTxRoutingAgent) scans the email for File filtering, Content scanning, then Anti‑virus scanning.
6 If there is detection, it is dropped or replaced and appropriately returned to the SMTP stack.
7 MSME stamps the email with AV stamp, as per Microsoft specifications on Hub server role.
8 If the email is clean, it is returned to SMTP stack for further routing.
9 The Exchange Mailbox server receives the email.
10 Exchange store checks for AV stamp and if it matches, the email will not be sent to MSME scanning for VSAPI, else the email is scanned for Anti‑Virus, File filtering and Content Scanning by VSAPI.
matilo16Author Commented:

I need to know if must be installed the tool (McAfee for Exchange Server) on servers with only Mailbox role and why?.

Best regards,
btanExec ConsultantCommented:
Actually you do not need to if you go for Exchange 2013 which has built-in anti-spam (agent on Mail and Edge transport servers), anti-malware protection and data loss prevention - See this these and DLP (a premium feature that requires an Exchange Enterprise Client Access License (CAL)) can form as as part of transport rules
What are some advantages of pairing the built-in malware scanning feature with the FOPE cloud-hosted email filtering service (or the next version of this service, Exchange Online Protection (EOP))?

A. There are several advantages:
•The service uses multiple anti-malware engines whereas the built-in anti-malware protection uses a single engine.
•The service has reporting capabilities including malware statistics.
•The service provides the message trace feature for self-troubleshooting mail flow problems including malware detections.
MSME (pdf) has the equivalent and probably the "edge over" Exchange 2013 in built is likely the reporting and the AV via centrally managed from the McAfee ePO platform. That is if you are running EPO already widely deployed in Enterprise level. Otherwise using in built may be more cost effective. MSME is installed as  McAfee Security for Microsoft Exchange on a system where Microsoft Exchange Server 2003 is installed. It can be installed with the Edge transport role, Hub transport role, and Mailbox role. Install McAfee Security for Microsoft Exchange on a system where Microsoft Exchange Server 2007 or 2010 is installed. Then it can execute Transport Scanning for the Edge transport and Hub transport roles, and VirusScan API for the Mailbox role. See installation guide.

But note the MSME installed standalone to the Exchange server and then later managed by ePO, queries do not return results - https://kc.mcafee.com/corporate/index?page=content&id=KB77054
matilo16Author Commented:
Hello, maybe I did not give many details.
 My situation is:
Exchange 2007
MSME 8.0

My insstallation will be standalone.
What is the advantage to install it in the mailbox server role?
btanExec ConsultantCommented:
Exchange 2007 email role only does the AV scan not  anti-spam from MSME.
Select the required role.
• Mailbox — Setup configures McAfee Security for Microsoft Exchange for the Mailbox role and
install the relevant component - VirusScan API.
• Gateway — Setup configures McAfee Security for Microsoft Exchange for the Gateway role and
install the relevant components —Transport Scan ( Anti-Spam and Anti-VirusScan API).
• Both — Setup configures McAfee Security for Microsoft Exchange for both Mailbox and Gateway
roles and install the relevant components: On-Demand Scan and Transport Scan ( Anti-Spam
and Anti-VirusScan API).
8 Select Enable User Junk Folder Routing to allow the scanner to route your spam emails to the client's junk folder.
This is applicable only for the Mailbox role, and if you have installed the McAfee Anti-Spam Add-on
on your server.
Probably the advantage is the flexibility to modify installation still if you change the role subsequently, it can be handy single you are standalone
You can also modify the role of an existing McAfee Security for Microsoft Exchange installation depending on the requirement. Consider a scenario where you have installed McAfee Security for Microsoft Exchange with the Hub role on one server and with the Mailbox role on another server. All the users are connected to the server with the Mailbox role which in turn is connected to the sever with the Hub role. At some stage you decide to combine the two roles on a single server. You can modify the installation on the server with the Mailbox role to additionally execute the Hub role, without uninstalling and reinstalling the application.
matilo16Author Commented:

I would like to confirm if the tool does Forefront for Exchange scans base level or only at the hub transport level?

My exchange version is 2007.

btanExec ConsultantCommented:
Depends on where you install MSME -  Edge Transport Server, Hub Server, Mail Server. So in short, as already mentioned previously, in both Microsoft Exchange Server 2007 and 2010, MSME executes Transport Scanning for the Edge transport and Hub transport roles, and VirusScan API for the Mailbox role (based on the roles configured) - https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24248/en_US/msme_800_pg_00_en-us.pdf
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.