Important   This article contains information that shows you how to help to lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, Microsoft recommends that you evaluate the risks that are associated with implementing this resolution in your particular environment. If you choose to implement this resolution, take any appropriate additional steps to help to protect your system.

When you use Microsoft Forefront Threat Management Gateway (TMG) 2010 Malware Scanning, you can limit the size of files that are downloaded by using the Block files larger than (MB) option. Note The Block files larger than (MB)option is on the Inspection Settings tab of the Malware Inspection dialog box.If you set the value for this option so that TMG 2010 scans very large files, TMG Malware Scanning takes longer than expected. For example, a 4 gigabyte (GB) file can take as long as 30 minutes for the Malware Inspection engine to scan.Note You cannot configure TMG Malware Scanning to perform a partial scan and to scan only the first few megabytes of downloaded files.

Symptoms

Warning  This resolution may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. Microsoft does not recommend this resolution but is providing this information so that you can choose to implement this resolution at your own discretion. Use this resolution at your own risk.To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base article:

2517957 Software Update 1 Rollup 4 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1This hotfix introduces a new setting, ScanMaxSizeOnlyIfExceeds. This setting changes the behavior of the Block files larger than (MB) configuration setting from being a limit on the maximum size of downloaded files to a partial scan limit in megabytes when you set ScanMaxSizeOnlyIfExceeds to True.When ScanMaxSizeOnlyIfExceeds is set to True, no size limit is applied to downloaded files. However, when you download a file is larger than the value that is set in the Block files larger than (MB) option, only a portion of the file (equal to the size that is set in that option) is scanned.The default setting of ScanMaxSizeOnlyIfExceeds is False. You can apply this setting at the Array level or at the Rule level. To enable the setting by using a script, select the appropriate script from the ones that are presented below, and then run it on one of the array members. You can also use the TMG Management Console to set the value of Block files larger than (MB) option.

Arrary level script

Copy the following script into Notepad, save the script with the name EnableMaxSizeScanAllowRule.vbs, and then at a command prompt run the script as follows:

cscript EnableMaxSizeScanAllowRule.vbs

Const SE_VPS_GUID = "{DFAEF493-C442-4F80-9622-5DA4143287D8}"Const SE_VPS_NAME = "ScanMaxSizeOnlyIfExceeds"Const SE_VPS_VALUE = trueSub SetValue()    ' Create the root obect.    Dim root  ' The FPCLib.FPC root object    Set root = CreateObject("FPC.Root")    'Declare the other objects needed.    Dim array       ' An FPCArray object    Dim VendorSets  ' An FPCVendorParametersSets collection    Dim VendorSet   ' An FPCVendorParametersSet object    ' Get references to the array object    ' and the network rules collection.    Set array = root.GetContainingArray    set malwareInspectionSettings = array.MalwareInspectionSettings    set scannerSettings = malwareInspectionSettings.ScannerSettings    Set VendorSets = scannerSettings.VendorParametersSets    On Error Resume Next    Set VendorSet = VendorSets.Item( SE_VPS_GUID )    If Err.Number <> 0 Then        Err.Clear        ' Add the item        Set VendorSet = VendorSets.Add( SE_VPS_GUID )        CheckError        WScript.Echo "New VendorSet added... " & VendorSet.Name    Else        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)    End If    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then        Err.Clear        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE        If Err.Number <> 0 Then            CheckError        Else            VendorSets.Save false, true            CheckError            If Err.Number = 0 Then                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"            End If        End If    Else        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"    End IfEnd SubSub CheckError()    If Err.Number <> 0 Then        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description        Err.Clear    End IfEnd SubSetValue

Rule level script

Copy the following script into Notepad, save the script with the name EnableMaxSizeScanAllowRule.vbs, and then at a command prompt run the script as follows:

cscript EnableMaxSizeScanAllowRule /RuleName:”MyRule”Replace the placeholder MyRule with the name of the relevent TMG Access rule.

Const SE_VPS_GUID = "{DFAEF493-C442-4F80-9622-5DA4143287D8}"Const SE_VPS_NAME = "ScanMaxSizeOnlyIfExceeds"Const SE_VPS_VALUE = trueSub SetValue()    ' Create the root obect.    Dim root  ' The FPCLib.FPC root object    Set root = CreateObject("FPC.Root")    'Declare the other objects needed.    Dim array       ' An FPCArray object    Dim VendorSets  ' An FPCVendorParametersSets collection    Dim VendorSet   ' An FPCVendorParametersSet object    ' Get references to the array object    ' and the network rules collection.    Set array = root.GetContainingArray    ruleName= WScript.Arguments.Named("RuleName")    set rule = array.ArrayPolicy.PolicyRules.Item(ruleName)    set malwareInspectionSettings = rule.MalwareInspectionProperties    set scannerSettings = malwareInspectionSettings.ScannerSettings    Set VendorSets = scannerSettings.VendorParametersSets    On Error Resume Next    Set VendorSet = VendorSets.Item( SE_VPS_GUID )    If Err.Number <> 0 Then        Err.Clear        ' Add the item        Set VendorSet = VendorSets.Add( SE_VPS_GUID )        CheckError        WScript.Echo "New VendorSet added... " & VendorSet.Name    Else        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)    End If    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then        Err.Clear        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE        If Err.Number <> 0 Then            CheckError        Else            VendorSets.Save false, true            CheckError            If Err.Number = 0 Then                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"            End If        End If    Else        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"    End IfEnd SubSub CheckError()    If Err.Number <> 0 Then        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description        Err.Clear    End IfEnd SubSetValue

To revert the changes that you made by using the Array script or the Rule script, and to revert to the default behavior of the Block files larger than (MB) setting, edit the relevant script and change the following line from:

Const SE_VPS_VALUE = trueTo:

Const SE_VPS_VALUE = falseThen, rerun the script using the appropriate instructions.

Resolution

Important! Please be aware that, when you set ScanMaxSizeOnlyIfExceeds to False, you introduce a security risk. This occurs because a large file that contains malware in the unscanned section of the file could be passed by TMG to the client. Microsoft recommends full file scanning. Therefore, we advise that you use this setting only after you carefully consider the risk and only if you use a defense-in-depth approach to malware detection, including appropriate client-side anti-malware software.

More Information

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.