Forefront Client Security antimalware client update: October 2010

Article ID: 2394433 - View products that this article applies to.
Expand all | Collapse all

Introduction

This article describes the Microsoft Forefront Client Security (FCS) anti-malware client issues that are fixed in this update package.


Issue 1
The malware landscape has evolved, requiring new techniques to fully remediate malware, including some rootkits.

Resolution
This update contains changes to the Forefront Client Security service to improve remediation of malicious software. You must apply this hotfix to enable this new feature.




Issue 2
Computers running Client Security become unresponsive and require a hard reset.

Resolution
This update corrects two issues in the mpfilter.sys kernel component used by Client Security that cause deadlocks.



Issue 3
During definition update, computers that utilize the Volume Shadow Copy service appear to hang for several minutes. This issue may occur on computers using backup software that leverages shadow copy volumes.

Resolution
This update alters how real-time protection caches files it scans within shadow copy volumes. The change reduces the amount of time needed to purge the cache during definition update.



Issue 4
Computers running Windows Vista, Windows 2008 Server, Windows 7 or Windows 2008 R2 Server, encounter a stop error with bugcheck error code 0x00000050. This stop error may occur on Windows 7 computers during the installation of Windows 7 Service Pack 1.

Resolution
This update corrects a stop error with the code 0x00000050 on computers running Windows Vista, Windows 2008 Server, Windows 7 or Windows 2008 R2 Server. If Client Security is installed on a computer, Windows 7 Service Pack 1 will check for the presence of this update or a supersending update before installing.


Issue 5
After a reboot on computers that normally have a highly utilized processor, the Client Security user interface (UI) appears hung. The condition corrects itself but may last several minutes.

Resolution
This update increases the loading priority of the antimalware engine and definitions during antimalware service start. The priority change enables the antimalware service to handle requests sooner, mitigating the UI unresponsiveness. However, this change may slightly increase boot time on limited systems by consuming more processor resources during system start.

Issue 7
Files encrypted using Novell or Steading System Software are not properly scanned during real-time protection.

Resolution
This update corrects an issue in real-time protection when volumes are encrypted using these technologies.







Back to the top | Give Feedback

Hotfix Information

A supported hotfix is available from Microsoft.

Note This hotfix is available from Microsoft Update and from Windows Server Update Services. If you want to obtain the file for deployment by using a different method, follow these steps:
  1. Visit the following Microsoft Update Catalog Web site: http://catalog.update.microsoft.com/v7/site/Home.aspx
    (http://catalog.update.microsoft.com/v7/site/Home.aspx)
  2. Type 2394433 in the Search box, and then click Search.
  3. Click Add to add the hotfix to the basket.
  4. Click Download.
  5. Click Browse, specify the folder to which you want to download the hotfix, and then click OK.
  6. Click Continue, and then click I Accept to accept the Microsoft Software License Terms.
  7. When the update is downloaded to the location that you specified, click Close

Prerequisites

There are no prerequisites for installing this hotfix.

Restart requirement

You may be required restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix replaces the anti-malware client that is deployed by using the Forefront Client Security deployment package (1.0.1725.0) on a computer.
976669
(http://support.microsoft.com/kb/976669/ )
Forefront Client Security deployment package (1.0.1725.0): December 2009
This hotfix replaces the following hotfixes:
979536
(http://support.microsoft.com/kb/979536/ )
Forefront Client Security anti-malware client update: April 2010
976668
(http://support.microsoft.com/kb/976668/ )
Forefront Client Security anti-malware client update: December 2009
971026
(http://support.microsoft.com/kb/971026/ )
A hotfix is available to resolve some problems with the Forefront Client Security anti-malware client
952265
(http://support.microsoft.com/kb/952265/ )
Data corruption may occur on a computer that has Forefront Client Security installed
938054
(http://support.microsoft.com/kb/938054/ )
A hotfix is available to resolve some problems with the Forefront Client Security client
956280
(http://support.microsoft.com/kb/956280/ )
The Forefront Client Security kernel-mode mini-filter unloads when you browse a network file share that contains many malicious files

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Forefront Client Security, x86-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amhelp.chmNot Applicable65,21619-Jul-201000:51
Mpasbase.vdm1.0.0.0572,72019-Jul-201000:52
Mpasdesc.dll1.5.1993.049,02420-Jul-201016:31
Mpasdlta.vdm1.0.0.09,00819-Jul-201000:52
Mpavbase.vdm1.0.0.0204,62419-Jul-201000:52
Mpavdlta.vdm1.0.0.09,04019-Jul-201000:52
Mpavrtm.dll1.5.1993.0128,38420-Jul-201016:12
Mpclient.dll1.5.1993.0366,97620-Jul-201016:12
Mpcmdrun.exe1.5.1993.0349,06420-Jul-201016:09
Mpengine.dll1.1.3520.03,308,62419-Jul-201000:52
Mpevmsg.dll1.5.1993.023,42420-Jul-201016:31
Mpfilter.sys1.5.1988.071,42419-Jul-201000:52
Mpoav.dll1.5.1993.092,03220-Jul-201016:12
Mprtmon.dll1.5.1993.0731,00820-Jul-201016:12
Mpsigdwn.dll1.5.1993.0129,92020-Jul-201016:12
Mpsoftex.dll1.5.1993.0518,01620-Jul-201016:12
Mpsvc.dll1.5.1993.0319,36020-Jul-201016:12
Mputil.dll1.5.1993.0177,02420-Jul-201016:12
Msascui.exe1.5.1993.01,033,60020-Jul-201016:12
Msmpcom.dll1.5.1993.0221,05620-Jul-201016:12
Msmpeng.exe1.5.1993.016,89620-Jul-201016:09
Msmplics.dll1.5.1993.09,08820-Jul-201016:12
Msmpres.dll1.5.1993.0766,33620-Jul-201016:31

Forefront Client Security, x64-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amhelp.chmNot Applicable65,21619-Jul-201000:51
Mpasbase.vdm1.0.0.0572,72019-Jul-201000:52
Mpasdesc.dll1.5.1993.049,53620-Jul-201018:44
Mpasdesc.dll (x86 directory)1.5.1993.049,02420-Jul-201016:31
Mpasdlta.vdm1.0.0.09,00819-Jul-201000:52
Mpavbase.vdm1.0.0.0204,62419-Jul-201000:52
Mpavdlta.vdm1.0.0.09,04019-Jul-201000:52
Mpavrtm.dll1.5.1993.0155,00820-Jul-201018:24
Mpclient.dll1.5.1993.0547,20020-Jul-201018:24
Mpclient.dll (x86 directory)1.5.1993.0366,97620-Jul-201016:12
Mpcmdrun.exe1.5.1993.0504,62420-Jul-201018:21
Mpengine.dll1.1.3520.04,431,95219-Jul-201000:52
Mpevmsg.dll1.5.1993.023,42420-Jul-201018:44
Mpfilter.sys1.5.1988.091,52019-Jul-201000:52
Mpoav.dll1.5.1993.0117,63220-Jul-201018:24
Mpoav.dll (x86 directory)1.5.1993.092,03220-Jul-201016:12
Mprtmon.dll1.5.1993.01,181,05620-Jul-201018:24
Mpsigdwn.dll1.5.1993.0179,58420-Jul-201018:24
Mpsoftex.dll1.5.1993.0791,42420-Jul-201018:24
Mpsvc.dll1.5.1993.0438,65620-Jul-201018:24
Mputil.dll1.5.1993.0247,16820-Jul-201018:24
Mputil.dll (x86 directory)1.5.1993.0177,02420-Jul-201016:12
Msascui.exe1.5.1993.01,636,73620-Jul-201018:24
Msmpcom.dll1.5.1993.0305,53620-Jul-201018:24
Msmpeng.exe1.5.1993.016,38420-Jul-201018:21
Msmplics.dll1.5.1993.09,08820-Jul-201018:24
Msmplics.dll (x86 directory)1.5.1993.09,08820-Jul-201018:24
Msmpres.dll1.5.1993.0764,28820-Jul-201018:44
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

This update is included in a new slipstream installation package of the Forefront Client Security client software. For more information about the slipstream installation package, click the following article number to view the article in the Microsoft Knowledge Base:
2394439
(http://support.microsoft.com/kb/2394439/ )
Forefront Client Security deployment package (1.0.xxxx.0): October 2010
Back to the top | Give Feedback



Known Issues

Microsoft has identified an issue when this update is installed on Windows 2000 which prevents the kernel-mode mini-filter driver, mpfilter.sys, from properly loading. For more information on this issue see the following article:

2459065
(http://support.microsoft.com/kb/2459065/ )
Problems on Windows 2000 after applying Forefront Client Security October 2010 update



Back to the top | Give Feedback

Properties

Article ID: 2394433 - Last Review: January 20, 2011 - Revision: 3.0
APPLIES TO
  • Microsoft Forefront Client Security
Keywords: 
kbqfe kbhotfixserver kbfix fep2010swept KB2394433
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top