Release Notes for Dr.Web for Microsoft ISA Server and Forefront TMG 11.00.0

Last updated on 11/18/2016

Dr.Web for Microsoft ISA Server and Forefront TMG (hereinafter- Dr.Web) is an application that protects enterprise networks against virus threats and spam. It integrates with the system in order to search and neutralize all types of threats in the stream of data going through Microsoft Internet Security and Acceleration Server (hereinafter – Microsoft ISA Server) and Microsoft Forefront Threat Management Gateway (hereinafter – Microsoft Forefront TMG) via HTTP, FTP, SMTP and POP3 protocols. The application checks the incoming Internet traffic for viruses, dialers, adware, hacktools, jokes and riskware.

The application builds in its filters into Microsoft Firewall Service and Microsoft Forefront TMG Firewall. This allows Dr.Web anti-virus engine receive and process data. Dr.Web operates on a platform that features its own password-protected web interface and an additional web console for advanced configuration.

Dr.Web for Microsoft ISA Server and Forefront TMG allows joining the servers, where the Microsoft firewalls reside, into a cluster (hierarchic tree of main server and sub-servers) to replicate the application parameters from the main server to the sub-servers and thus, manage the whole protection system from only one server.

Dr.Web performs the following functions:

Scans all Microsoft ISA Server and Microsoft Forefront TMG traffic transferred over HTTP, FTP (including FTP over HTTP), SMTP and POP3 protocols;

Blocks access to infected objects for users within the network protected by Microsoft ISA Server or Microsoft Forefront TMG firewall;

Isolates infected and suspicious objects

Registers incidents in Windows Event log and in the internal event database

Filters suspected spam email messages sent via SMTP protocol;

Adds notifications to email messages containing security threats;

Restricts access to specific web resources;

Collects statistics;

Automatically updates virus databases and components;

Dr.Web virus databases are constantly updated with new records to provide system protection. The application features a heuristic analyzer that ensures additional protection against viruses and threats that are not yet included into virus databases.

New Features in Version 11.00.0

FTP traffic scanning setup has been changed. When a file is being transferred to a user, a part of this file (0.5 Mbyte by default) is held down. If the application detects a threat in this file, it will corrupt its part. After that, the entire file will be transferred to the user.

Support has been added for HTTPS traffic in the Office control component. If the component gets triggered, it will return a connection error.

New Office control categories have been introduced. There are two new categories — URLs listed due to a notice from a copyright owner and Online games.

Parameters For curable objects and For incurable objects in the Scanning component settings have been joined in one parameter named For infected onjects.

Dr.Web Administrator Web Console interface has been localized into French.

Advanced settings for selecting types of damaged objects have been introduced.

A warning about unsaved changes in Dr.Web Administrator Web Console has been implemented. Now if you try to switch to another section without saving the changes, the application will ask for confirmation.

New filtering parameters have been implemented — Apply rules to a source and Apply rules to a recipient.

Installation folder structure has been changed.

Address of web interfaces have been changed:

Dr.Web Administrator Web Console new address: https://<ISA Server address>:2080/admin.

Dr.Web CMS Web Console new address: https://<ISA Server address>:2080/root.

A possibility to manage access privileges has been implemented for web interfaces. A user with restricted access privileges cannot modify settings in Dr.Web Administrator Web Console and cannot access Dr.Web CMS Web Console.

A number of error messages registered in the application event log and in Windows Event Log has been increased.

Resolved Issues and Improvements

Overall operation of the application is improved.

Other Changes

Support for Mozilla Firefox has been removed.

Dr.Web HTTP Filter has been removed. Dr.Web for Microsoft ISA Server and Forefront TMG operates only together with a configured proxy server.


System Requirements

A computer you are going to install Dr.Web for Microsoft ISA Server and Forefront TMG 11.00.0 on, must meet the following basic requirements:

Hardware requirements



For Microsoft ISA Server

For Microsoft Forefront TMG


733 MHz or higher frequency processor

1.86 GHz or higher frequency processor


1 GB or more

2 GB or more

Disk space

700 MB for installation

Additional disk space is needed for temporary data storage while performing the anti-virus check. The size of the disk space depends on the number of user requests and the size of the downloaded files.


VGA-compatible monitor

Operating system and software requirements



For Microsoft ISA Server

For Microsoft Forefront TMG

Operating system

One of the following:

Microsoft® Windows Server® 2003 x86 with:

MSXML 4.0 Service Pack 3 (Microsoft XML Core Services)

Service Pack 1 (SP1) or higher

Microsoft® Windows Server® 2003 R2 x86

MSXML 4.0 Service Pack 3 (Microsoft XML Core Services)

One of the following:

Microsoft® Windows Server® 2008 SP2 x64

Microsoft® Windows Server® 2008 R2 x64

File system



Microsoft® ISA Server 2004

Microsoft® ISA Server 2006

Microsoft® Forefront® TMG 2010 (Standard Edition or Enterprise Edition) with SP1 or SP2

Additional software

Microsoft .NET Framework 3.5 SP1

Dr.Web for Microsoft ISA Server and Forefront TMG 11.00.0 Installation

To install Dr.Web of the version 11.00.0:

1.Stop the Microsoft ISA Server/Microsoft Forefront TMG firewall service.

2.Before installation, make sure, that the built-in administrator account is enabled.

3.Run the installation file. The window with a list of installation languages will open. Select Russian or English as the installation language. Click OK.

4.A window with the text of the License Agreement will open. To continue installation you should read and accept the license by selecting I accept the terms in the license agreement. Click Next.

5.If the firewall service is still running, you will be prompted to stop it.

6.Select a licensing option.
By default, the Installation wizard searches for a life with the .key extension in %PROGRAMFILES%\DrWeb CMS for MSP\. Once the Wizard finds the key file, it will display the detailed license information.
You can use a local key and specify its location manually. If you click Activate product later, you will not be able to use the application until you activate your license.
Click Next.

7.On the Ready to install page, click Install to begin installation of Dr.Web on your computer.

8.Further actions of the Installation wizard do not require user actions. Once the installation is complete, you will be prompted to restart your computer.


While installing the application, it is necessary to restart Microsoft ISA Server/Microsoft Forefront TMG in order not to damage integrity of data on the server. Once the deletion is finished, start Microsoft Firewall Service/Microsoft Forefront TMG Firewall service again.

Additional Information

If you encounter any issues installing or using company products, before requesting for the assistance of the technical support, take advantage of the following options:

Download and review the latest manuals and guides at

Read the frequently asked questions at

Browse the Dr.Web official forum at

If you have not found solution for the problem, you can request direct assistance from Doctor Web technical support in one of the following ways:

Fill in the web from in the corresponding section at

Email to

Call by phone in Moscow: +7 (495) 789-45-86.

Refer to the official website at for regional and international office information of Doctor Web company.

All rights reserved. This document is a property of Doctor Web. No part of this document may be reproduced, published or transmitted in any form or by any means for any other purpose than the purchaser’s personal use without proper attribution.


Dr.Web, SpIDer Mail, SpIDer Guard, CureIt!, CureNet!, AV-Desk and the Dr.WEB logo are trademarks and registered trademarks of Doctor Web in Russia and/or other countries. Other trademarks, registered trademarks and company names used in this document are property of their respective owners.


In no event shall Doctor Web and its resellers or distributors be liable for errors or omissions, or any loss of profit or any other damage caused or alleged to be caused directly or indirectly by this document, the use of or inability to use information contained in this document.

© Doctor Web, 2016

Russia, Moscow — Saint Petersburg