ESET Gateway Security for Microsoft Forefront Threat Management Gateway (TMG) Beta End of Life

KB Solution ID: SOLN3428|Last Revised: October 10, 2013

ESET Gateway Security for Microsoft Forefront Threat Management Gateway (TMG) will not be released for general availability and this product will be discontinued in the current Beta (release candidate) phase.

Reasons for this decision:

  1. In 2012, Microsoft announced that the entire Forefront product line (except the UAG & FIM) will be discontinued. Based on this fact, ESET will discontinue ESET Gateway Security for Microsoft Forefront TMG. Microsoft will provide continuous support for all existing customers through April 2020 (including the AV signature database updates if the AV protection was purchased). Microsoft has not indicated a replacement product from Microsoft.
  2. ESET will continue to focus on new Mail Security for Exchange and File Security for Windows Server releases, based on the new scanning core, with full support of the new version of ESET Remote Administrator.

Results of the decision:

  1. ESET Gateway Security for Microsoft Forefront TMG will be removed from the Beta pages of our website as of October 1, 2013.
  2. "Gateway Security 4.5 for MS Forefront TMG" configuration options will be removed from the ESET Configuration Editor in the upcoming ESET Remote Administrator 5.1 service release.
  3. For interested customers, a final General Availability (GA) candidate version is available, which has passed our internal QA testing process. However, no support will be offered for this product aside from standard virus signature database updates.

Contact your local reseller, distributor or ESET office for availability of the installation package of ESET Gateway Security for Microsoft Forefront TMG.


Known Issues:

ESET Gateway Security for Microsoft Forefront Threat Management Gateway (EGSP) has been discontinued in the Release Candidate beta phase, is intended for testing purposes and should not be run on production systems that contain important data.

  1. Installation on array with more than one member. When EGSP is not installed on all array members, the configuration is in inconsistent state.

    • EGSP must be installed on all array members separately or it must be uninstalled from all members separately.
  2. HTTP, Action: "Reject connection with reply".

    • HTTP response with message may not be visible in browser. Visibility depends on original target size and amount of data already downloaded into a browser at the time when the reason of rejection is detected (for example: found virus, SPAM, rule matched).
  3.  FTP, Downloading of large files, busy cursor, strange behavior of progress bar.

    • All downloaded files come to Gateway Security first and data is scanned there.
    • When target file is large (hundreds of MBs or GBs) it may take a long time to scan and download data. During the long download time, you may see a busy cursor (if it uses web browser) for several minutes depending on file size and network speed. During the first phase, the progress bar will display nothing. In the second phase, the checked file is downloaded from EGSP to the client.  After the file is scanned, the progress bar will begin to show the download from EGSP to the client.
    • To avoid problems with downloading of large files, set maximum timeout and disable sending of NOOP keep-alive commands on the client.
  4. IMAP, Notification message, X-headers are not inserted into scanned message.

    • IMAP protocol can download parts of email separately. This feature is set primarily in Mozilla Thunderbird and Apple Mail email clients. When the main email body is downloaded separately from a downloaded attachment containing a virus, EGSP will not write notification message into the email body because it is already on the client.
  5. IMAP, Subject of infected message does not contain notification about virus/spam.

    • All IMAP clients request email headers first and when opening email, the rest of email is downloaded.
    • This occurs when client requests only headers and EGSP cannot perform virus/spam scan.
    • This can occur when scan is performed while email body is being downloaded. When EGSP writes into subject information about virus/spam, the client already has original headers with original subject cached. Some clients may not refresh their header cache. Even if EGSP writes information about virus/spam into subject, the client is likely to display original subject without virus/spam information added. This is because in most cases client’s Microsoft Outlook uses its cached headers permanently.
  6. POP3, Many emails with "message blocked" in the subject field.

    • Default behavior of POP3 clients is to download message and then delete it from server. When EGSP needs to block email and send reply to client, the notification email is sent to the client instead of the original email, which still stays on the server. When client synchronizes Inbox, the original email is downloaded and scanned again and the notification reply is sent again. When the user deletes the "email blocked" message, the original remains on the server. The reason is that thereis no other way to notify the user about an infected message on the server only by sending notification email.
    • To change this behavior, an administrator can set "Delete message from the mail server" by going to advanced setup tree (F5 menu), navigating to Server Protection Antivirus and antispyware Microsoft Forefront TMG / Microsoft ISA Server POP3 and by using checkbox Delete message from the mail server can enable this option.
    • If a user accepts a "message deleted" email, when the message is deleted the original on the server is deleted too. This setting has no effect when POP3 client is set to leave messages on the server.
  7. POP3, Mozilla Thunderbird and blocking by rule.

    • When Gateway Security rejects POP3 messages because of a rule match, Mozilla Thunderbird clients stop downloading next messages.
  8. FTP connections from proxy clients.

    • When client is connected through ISA/TMG proxy server through port 8080, all FTP connections exist only between ISA/TMG and the target server. From client to ISA/TMG proxy there is an HTTP connection that is filtered by EGSP. If using a proxy client, use only the HTTP settings and not the FTP settings even for connections to FTP servers.
Rate this article:
1 2 3 4 5
Please comment on your rating...
We cannot respond to feedback from this form. Requests for assistance should be submitted through your normal support channel.
5 - Definitely
4 - Mostly
3 - Somewhat
2 - Not Really
1 - Not At All