Branch Cache in Windows 7

Windows BranchCache will not be available on Windows Server 2008.  It will be available on Windows Server 2008 R2 and Windows 7.  BranchCache is a brand new feature and is not based on any feature in ISA server.

In a distributed scenario or in a hosted cache scenario the defense against malicious content is the same.  Basically, a client will only read content from a peer (or hosted cache) which matches the content hashes the client retrieved from the original content server.

Example:
----
Client1 wants to access http:\\headquarters\example.foo.  Client1's HTTP stack resolves headquarters and sends it an HTTP GET for example.foo.

The headquarters server responds with BranchCache content information for example.foo (essentially hashes used to validate that some data are in fact part of the original content).

Client1 searches on the LAN for peers who have any part of the content (content is identified by a hash derived from the content itself so there is no ambiguity about which version of a file is being requested).  Client0 responds that it has the content.  Unfortunately, Client0 somehow ended up with a copy of example.foo which is infected with malware.

Client1 downloads example.foo from Client0 in small chunks.  Each chunk is hashed (using SHA-256 or higher) and compared to the hashes download in the content information from the headquarters server.  If any chunk's hash fails to match the hash Client1 got from headquarters then Client1 stops communicating with Client0 and tries to get the content from other peers.  Because Client0's copy of example.foo is infected it must not match the clean copy on the headquarters server so some part of it will fail to match the hashes Client1 retrieved from headquarters (either that or headquarters had an infected copy to start with, which BranchCache can't defend against).  A process which is using BranchCache to retrieve a file will not see any content chunks whose hashes do not match the hashes retrieved from the server.
----

Regarding malware scanning software, use of any software which tries to detect malware by comparing files to a database of examples of known malware is questionable for defending against new threats.  Malware authors have access to the malware scanning engine.  All the malware author needs to do is massage the format of the malware until the malware detector fails to detect it.  The malware detector must respond by identifying the new malware by some other means and shipping an update to the malware detector.  The malware authors always have the advantage.