Article ID: 2459065 - View products that this article applies to.
Client Security antimalware agents running on Windows 2000 do not properly detect malware via on-access protection after applying the Forefront Client Security October 2010 antimalware update described in the following articles:
(http://support.microsoft.com/kb/2394433/ )Forefront Client Security antimalware client update: October 2010
(http://support.microsoft.com/kb/2394439 / )Forefront Client Security deployment package (1.0.1728.0): October 2010
Client Security antimalware agents running on Windows 2000 will also produce two FCSAM 3002 error events in the System log:
10/25/2010 01:55:53 PM FCSAM Error 3002 SRV
These errors are sent to the FCS Collection server and are shown in the FCS management dashboard as Reporting Critical Issues. Affected computers will also be represented in the Computers Per Issue section under Alerts detected.
Microsoft has identified an issue in the Forefront Client Security agent on Windows 2000 which prevents the kernel-mode mini-filter driver, mpfilter.sys, from properly loading. This issue is specific to agents running on Windows 2000 and the Client Security October update and does not occur on other operating systems.
Hotfix InformationA supported hotfix is available from Microsoft. This fix applies only to Forefront Client Security agents running on Windows 2000.
Note This hotfix is available from Microsoft Update and from Windows Server Update Services. If you want to obtain the file for deployment by using a different method, follow these steps:
PrerequisitesThere are no prerequisites for installing this hotfix.
Restart requirementYou may be required restart the computer after you apply this hotfix.
Hotfix replacement informationThis hotfix replaces the anti-malware client that is deployed by using the Forefront Client Security deployment package (1.0.1725.0) on a computer.
976669This hotfix replaces the following hotfixes:
(http://support.microsoft.com/kb/976669/ )Forefront Client Security deployment package (1.0.1725.0): December 2009
(http://support.microsoft.com/kb/979536/ )Forefront Client Security anti-malware client update: April 2010
(http://support.microsoft.com/kb/976668/ )Forefront Client Security anti-malware client update: December 2009
(http://support.microsoft.com/kb/971026/ )A hotfix is available to resolve some problems with the Forefront Client Security anti-malware client
(http://support.microsoft.com/kb/952265/ )Data corruption may occur on a computer that has Forefront Client Security installed
(http://support.microsoft.com/kb/938054/ )A hotfix is available to resolve some problems with the Forefront Client Security client
(http://support.microsoft.com/kb/956280/ )The Forefront Client Security kernel-mode mini-filter unloads when you browse a network file share that contains many malicious files
File informationThe English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Forefront Client Security, x86-based versions
Collapse this tableExpand this table
WorkaroundIf either of the updates in the Symptom section are manually installed you must uninstall the Forefront Client Security October 2010 antimalware update on computers running Windows 2000 and install this update (KB2459065). You can uninstall the October 2010 update using one of the following methods:
In a properly functioning WSUS environment, after you uninstall the October 2010 update this version of the antimalware client will redeploy during the next Automatic Updates detection and installation cycle by applying the slipstream package described in the "More Information" section below. Alternatively, you may use the steps in the "Hotfix Information" section of this following article to manually download and install the Forefront Client Security antimalware agent on the affected computers after uninstalling the October 2010 update.
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
This update is a replacement for the October 2010(KB2394433) release for Client Security agents running on Windows 2000. This update is included in a new slipstream installation package of the Forefront Client Security client software also for Windows 2000 SP4 agents. For more information about the slipstream installation package, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/2464613/ )Forefront Client Security deployment package (1.0.1732.0) for Windows 2000 SP4
ApplicabilityTo determine if this issue affects you, consider the following: