Forefront Client Security unexpectedly scans files that are stored in network locations when you perform a full scan of a client computer

When you use Microsoft Forefront Client Security to perform a full scan of a client computer, Forefront Client Security unexpectedly scans files that are stored in network locations. On a network that has low bandwidth or that has high latency, Forefront Client Security may take a long time to scan. In this situation, Forefront Client Security seems to stop responding.

Note A full scan fully evaluates local hard disk drives. A full scan is not intended to scan network hard disk drives or removable hard disk drives.

This problem occurs because Forefront Client Security evaluates shortcuts, and scans the referenced files. Forefront Client Security scans these files even if they are stored in a network location.

This problem is resolved by a hotfix package for Forefront Client Security that is now available. This hotfix updates the behavior of the Forefront Client Security anti-malware client. For more information about this hotfix, click the following article number to view the article in the Microsoft Knowledge Base:

To work around this problem, you can try to delete any shortcuts file that point to network locations. Many shortcut files that point to network locations are stored on the computer in the following folder: To delete these shortcuts, enable one of the following Group Policy settings:

• Clear history of recently opened documents on exit
• Do not keep history of recently opened documents

To enable one of these policy settings, follow these steps:

1. Log on to the computer as a local administrator.
2. Click Start, click Run, type Gpedit.msc, and then click OK.
3. In the console tree, expand User Configuration, expand Administrative Templates, and then click Start Menu and Taskbar.
4. In the details pane, right-click Clear history of recently opened documents on exit, and then click Properties.
5. In the Setting tab, click Enabled, click Apply, and then click OK.
   
   Note When you enable this GPO, the list of items that you open is maintained until you log off the computer.
   
   Or, enable the Do not keep history of recently opened documents GPO. To do this, follow these steps:
   1. In the details pane, right-click Do not keep history of recently opened documents, and then click Properties.
   2. In the Setting tab, click Enabled, click Apply, and then click OK.
      
      Note When you enable this GPO, the list of items that you open is not maintained.
6. Exit the Local Group Policy Editor.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Forefront Client Security supports the following types of scans. These scans can be performed on all managed computers or on a specific managed computer.

• Full
• Quick
• Custom

These scans perform a full evaluation of local hard disk drives. These scans are not intended to scan network hard disk drives or removable hard disk drives.

Forefront Client Security also features a real-time scanner that responds to the "On-Access" event whenever a file is accessed. In this situation, Forefront Client Security intercepts the event and scans the file before it can be accessed. Forefront Client Security scans the file even if it is located on a shared network resource. This expected behavior is unrelated to the problem that is described in this article.