Description of Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2

Article translations Article translations
Article ID: 2302001 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

Microsoft has released Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2. This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.


New Feature: Kaspersky 8 Scan Engine

Microsoft will be retiring version 5 of the Kaspersky engine on February 1st, 2011. You are required to install Rollup 3 for Antigen 9 for Exchange/SMTP with Service Pack 2 before this date if you wish to continue using the Kaspersky engine after that date.

This rollup does not automatically install the Kaspersky 8 engine. The new engine will be download through the next successful engine update, after installation of the rollup.

If you wish to download the new engine immediately after the rollup installation, you can perform a manual engine update by navigating to SETTINGS then Scanner Updates in the Antigen Administrator client. Select the Kaspersky engine and click on the ‘Update Now’ button. Confirm that the engine update completed successfully and Antigen will now be using the Kaspersky 8 engine.

Link to Kaspersky 8 FAQ  blog: Kaspersky Engine Update: Install Rollups by Jan. 31, 2011


Issues that are fixed in Hotfix Rollup 3 for Microsoft Antigen 9 for Exchange Service Pack 2

  1. The AntigenClient.exe process in Antigen 9 for Exchange/SMTP may stop responding, and this generates a Dr. Watson crash that references Bucket ID 698749114
  2. With ContentScannerDiagnosticsLevel turned on, errors appear in ProgramLog
  3. The AntigenService.exe process crashes in Antigen for Exchange generating a Dr. Watson notification - Bucket ID 1229588505
  4. The Realtime.exe process does not start in Antigen for Exchange
  5. AntigenService.exe crashes in Antigen for Exchange when sending notification to a non-SMTP address



Details of the issues that are fixed in the hotfix rollup

  1. The AntigenClient.exe process in Antigen 9 for Exchange/SMTP may stop responding, and this generates a Dr. Watson crash that references Bucket ID 698749114
    Symptoms

    Dr. Watson reports Bucket ID [698749114] when this issue occurs. Additionally, the following information may be reported by Dr. Watson:

    Bucket ID                 -> 698749114

    Cab ID      -> 499202165

    OS Version              -> Windows 2003 Service Pack 2 (build 3790)

    [0]           ANTIGENCLIENT.EXE!CScanJob::GetTemplateName            [scanjob.cpp]

    [1]           ANTIGENCLIENT.EXE!CFilterActionPane::OnCommand         [antigenpanes.cpp]

    [2]           ANTIGENCLIENT.EXE!CRoundedWnd::WndProc    [roundedwnd.cpp]

    [3]           USER32.DLL!InternalCallWinProc           [callproc.asm]


  2. With ContentScannerDiagnosticsLevel turned on, errors appear in ProgramLog


    Problem

    When you enable Additional Content Scanner Diagnostics in Antigen by creating the registry key, ContentScannerDiagnosticsLevel (as instructed by Microsoft Customer Services and Support), Antigen’s ProgramLog.txt wll generate the following errors:

    ProgramLog errors:


    Tue Jul 27 15:12:01 2010 (  416-  264), "ERROR: FSS::ContentScanner::ScanProperties::ReadString(): Property id (5) doesn't exist."

    Tue Jul 27 15:12:01 2010 (  416- 2532), "ERROR: FSS::ContentScanner::ThreatScannerStreamAdapter::ThreatScannerStreamAdapter(): HeloEhloDomain not contained in properties."

    Tue Jul 27 15:12:01 2010 (  416-  264), "ERROR: FSS::ContentScanner::ThreatScannerStreamAdapter::ThreatScannerStreamAdapter(): MailFromAddress not contained in properties."

    Tue Jul 27 15:12:01 2010 (  416- 2532), "ERROR: FSS::ContentScanner::ThreatScannerStreamAdapter::ThreatScannerStreamAdapter(): RcptToAddresses not contained in properties."



    Cause


    The references to “ERROR:” are really informational and will be changed “DIAGNOSTICS:” if you install this rollup

    More Information


    ProgramLog.txt is found in the Data subfolder of your Antigen installation. By default, this will be: Antigen for Exchange: %Program Files (x86)%\Microsoft Antigen for Exchange\Data.


  3. The AntigenService.exe process crashes in Antigen for Exchange generating a Dr. Watson notification -  Bucket ID 1229588505

    Symptoms
    Dr. Watson reports Bucket ID [1129588505] when this issue occurs. Additionally, the following information may be reported by Dr. Watson:

    Bucket ID         -> 1229588505

    Cab ID             -> xxxxxxxxx

    OS Version      -> Windows 2003 Service Pack 2 (build 3790)

    [0]        ANTIGENSERVICE.EXE!unknown         [unknown]



  4. The Realtime.exe process does not start in Antigen for Exchange

    Problem

    The Realtime.exe process does not start in Antigen for Exchange during a reboot or failover on a single, or clustered, server.

    Cause

    Antigen queries Active Directory for Exchange configuration information including its own local computer name. When comparing the local computer name to the Active Directory name it takes case sensitivity into account. If a local computer name and an object listed in Active Directory are not duplicative in terms of case sensitivity, the RealTime.exe process  will not start.

    Symptoms

    1.) ProgramLog error: [date/time] ( PID/TID), "INFORMATION: No storage groups were found"
    2.) No RealTime Scan Jobs or Storage groups will be seen in the Antigen Administrator
  5. AntigenService.exe crashes in Antigen for Exchange when sending notification to a non-SMTP address

    Problem


    When Antigen for Exchange attempts to send a notification; e.g. a critical notification, to a recipient without a valid SMTP address, AntigenService.exe will crash.


    Symptoms
    ProgramLog error: ERROR: Unable to create Sybari service. hr=80070422

Hotfix rollup information

Download information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

How to install the hotfix rollup

 To install the hotfix rollup (on a non-clustered server), follow these steps: 
  1. Run the installer. To do this, double-click the hotfix rollup executable file.

    Note When the installer is running, the Antigen services are stopped.
  2. After the installation is complete, and the Forefront services are restarted, make sure that Antigen is working correctly.

    Notes
    • The Antigen services are restarted automatically during the installation.
    • Antigen service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see "Deployment Jobs" in the Forefront Server Security Management Console User's Guide. In this case, the installer runs in silent mode, and user input is not required. The rest of the process remains the same as when you double-click the executable file to run the installer .
 To install the hotfix rollup on a cluster, follow these steps:

Perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the EVS. Antigen needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8.

Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):
Source location: <LocalDisk>\Program Files\Microsoft Antigen for Exchange
Target location: <SharedDisk>\AntigenCluster\Engines

Notes:
1.       There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
2.       If you do not copy LocalEngineMapping.cab to the shared disk folder, Antigen will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).


Prerequisites

This hotfix rollup requires that Antigen 9 for Exchange Service Pack 2 is installed. 


File information

This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.

The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Aexmladapter.dll9.2.1097.67525,82420-Aug-201018:16x86
Ant5inst.dll9.2.1097.67967,16820-Aug-201018:16x86
Antigenasj.dll9.2.1097.67313,85620-Aug-201018:16x86
Antigenclient.exe9.2.1097.671,185,28020-Aug-201018:16x86
Antigendiag.exe9.2.1097.67286,20820-Aug-201018:16x86
Antigenimc.exe9.2.1097.67265,21620-Aug-201018:16x86
Antigeninternet.exe9.2.1097.67823,29620-Aug-201018:16x86
Antigenmanual.exe9.2.1097.67814,08020-Aug-201018:16x86
Antigenmonitor.exe9.2.1097.67241,15220-Aug-201018:16x86
Antigenpmdll.dll9.2.1097.67294,91220-Aug-201018:16x86
Antigenpmsetup.exe9.2.1097.67272,38420-Aug-201018:16x86
Antigenrealtime.exe9.2.1097.67794,62420-Aug-201018:16x86
Antigenservice.exe9.2.1097.671,512,44820-Aug-201018:16x86
Antigensmtpsink.dll9.2.1097.67430,59220-Aug-201018:16x86
Antigenstarter.exe9.2.1097.67209,92020-Aug-201018:16x86
Antigenstore.exe9.2.1097.67231,93620-Aug-201018:16x86
Antigenvsapi.dll9.2.1097.67327,16820-Aug-201018:16x86
Antutil.exe9.2.1097.67317,44020-Aug-201018:16x86
Fsecontentscanner.exe9.2.19.0670,08020-Aug-201018:08x86
Getenginefiles.exe9.2.1097.67671,23220-Aug-201018:16x86
Localenginemapping.cabNot Applicable6,39916-Jun-201021:14Not Applicable
Mimenavigator.dll9.2.1097.67296,96020-Aug-201018:16x86
Scanenginetest.exe9.2.1097.67527,36020-Aug-201018:16x86
Sfxcab.exe9.2.1097.6743,00823-Aug-201021:13x86
Smimenavigator.dll9.2.1097.67221,69620-Aug-201018:16x86
Statisticsmanager.dll9.2.1097.67509,95220-Aug-201018:15x86
Structstgnavigator.dll9.2.1097.67272,89620-Aug-201018:16x86
Sybariave.dllNot Applicable557,56820-Aug-201018:15x86
Sybariengine.dll9.2.1097.67136,70420-Aug-201018:15x86
Synchelper.dll1.2.0.110499,20020-Aug-201018:15x86
Tnefnavigator.dll9.2.1097.67283,13620-Aug-201018:16x86
Custom.dllNot Applicable86,68017-Aug-201015:07x86
Updspapi.dll6.3.13.0382,84027-Jul-200717:41x86

Properties

Article ID: 2302001 - Last Review: March 22, 2011 - Revision: 5.0
APPLIES TO
  • Microsoft Antigen 9.0 for SMTP Gateways Service Pack 2
  • Microsoft Antigen 9.0 for Exchange Service Pack 2
Keywords: 
kbautohotfix KB2302001

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com