Data corruption may occur on a computer that has Forefront Client Security installed

Article translations Article translations
Article ID: 952265 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Data corruption may occur on a computer that has Microsoft Forefront Client Security (FCS) installed. When this data corruption occurs, you may experience the following symptoms.

Symptom 1

If you upload a file to a Microsoft Office SharePoint Server site or to a Web Distributed Authoring and Versioning (WebDAV) site, the uploaded file may be corrupted. This symptom occurs at random times. It may occur with any file types and with any file name extensions. The corrupted files may contain additional zeros at the end of the file or at write-page boundaries.

Symptom 2

The Applicationhost.config file may be corrupted on a computer that is running Internet Information Services (IIS) 7.0. This symptom occurs at random times. It is likely to occur when you change IIS configurations for a Web site. The corrupted file may contain additional zeros at the end of the file or at write-page boundaries. Or, the file may be truncated.

In this situation, the Web site configuration cannot load, and the following information is logged in the IIS log:
8:56:16 PM [ERROR] Unable to IISAddVirtualDirectory. ERROR: Error adding virtual directory ' server1' to W3SVC '2904452': The data is invalid.
8:56:16 PM [ERROR] Unable to add account filter. ERROR: Exception adding ISAPI filter, DomainMapper, to Metabase path, W3SVC/2904452: The data is invalid.

Symptom 3

On a Windows Server 2008 computer that runs Hyper-V, when you use the New Virtual Machine Wizard to create a virtual machine, the operation fails. Additionally, you receive the following error message:
The server encountered an error while configuring memory on the New Virtual Machine. Wizard Failed in rolling back the created virtual machine. Please delete it manually afterwards.

Failed to add device 'Microsoft Synthetic Ethernet Port'

The Virtual Machines configuration GUID at 'C:\Program Data\Microsoft\Windows\Hyper-V' is no longer accessible: The requested operation cannot be performed on a file with a user-mapped section open. (0x800704C8)

CAUSE

This problem occurs because of a known issue of cache coherency between mapped I/O requests and non-cached I/O requests. Forefront Client Security real-time protection uses memory mapped I/O requests for scanning files. This problem affects non-cached I/O requests. It may cause data corruption or cause truncation operations to be unsuccessful.

MORE INFORMATION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Note This hotfix is available from Microsoft Update and from Windows Server Update Services. If you want to obtain the file for deployment by using a different method, follow these steps:
  1. Visit the following Microsoft Update Catalog Web site:
    http://catalog.update.microsoft.com/v7/site/Home.aspx
  2. Type 952265 in the Search box, and then click Search.
  3. Click Add to add the hotfix to the basket.
  4. Near the search bar at the top, click the view basket link.
  5. Click Download.
  6. Click Browse, specify the folder to which you want to download the hotfix, and then click OK.
  7. Click Continue, and then click I Accept to accept the Microsoft Software License Terms. The hotfix starts to download.
  8. Wait until the hotfix is downloaded to the specified location, and then click Close.

Known issues with this update

  • This hotfix may not be installed when you use Windows Update to install updates on a computer that is running a Server Core installation of Windows Server 2008. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    955884 The update for Forefront Client Security (update 952265) may not be installed on a Server Core installation of Windows Server 2008 when you use Windows Update

Prerequisites

No prerequisites are required.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix replaces hotfix 938054. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
938054 A hotfix is available to resolve some problems with the Forefront Client Security client

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Forefront Client Security, x86-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amhelp.chmNot applicable65,21607-Mar-200721:43
Mpasbase.vdm1.0.0.0572,72007-Mar-200721:44
Mpasdesc.dll1.5.1955.052,27215-May-200821:00
Mpasdlta.vdm1.0.0.09,00807-Mar-200721:44
Mpavbase.vdm1.0.0.0204,62407-Mar-200721:44
Mpavdlta.vdm1.0.0.09,04007-Mar-200721:44
Mpavrtm.dll1.5.1955.0129,58415-May-200820:40
Mpclient.dll1.5.1955.0369,71215-May-200820:40
Mpcmdrun.exe1.5.1955.0350,36015-May-200820:37
Mpengine.dll1.1.3520.03,308,62415-May-200820:15
Mpevmsg.dll1.5.1955.026,67215-May-200820:59
Mpfilter.sys1.5.1954.053,16815-May-200820:15
Mpoav.dll1.5.1955.095,28015-May-200820:40
Mprtmon.dll1.5.1955.0734,25615-May-200820:40
Mpsigdwn.dll1.5.1955.0133,16815-May-200820:40
Mpsoftex.dll1.5.1955.0521,26415-May-200820:40
Mpsvc.dll1.5.1955.0307,76015-May-200820:40
Mputil.dll1.5.1955.0180,27215-May-200820:40
Msascui.exe1.5.1955.01,036,84815-May-200820:40
Msmpcom.dll1.5.1955.0224,30415-May-200820:40
Msmpeng.exe1.5.1955.018,70415-May-200820:37
Msmplics.dll1.5.1955.012,33615-May-200820:40
Msmpres.dll1.5.1955.0769,58415-May-200821:00
Forefront Client Security, x64-based versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amhelp.chmNot applicable65,21607-Mar-200721:43
Mpasbase.vdm1.0.0.0572,72007-Mar-200721:44
Mpasdesc.dll1.5.1955.052,78415-May-200823:23
Mpasdlta.vdm1.0.0.09,00807-Mar-200721:44
Mpavbase.vdm1.0.0.0204,62407-Mar-200721:44
Mpavdlta.vdm1.0.0.09,04007-Mar-200721:44
Mpavrtm.dll1.5.1955.0155,69615-May-200823:00
Mpclient.dll1.5.1955.0549,93615-May-200823:00
Mpcmdrun.exe1.5.1955.0506,43215-May-200822:57
Mpengine.dll1.1.3520.04,431,95215-May-200820:15
Mpevmsg.dll1.5.1955.026,67215-May-200823:22
Mpfilter.sys1.5.1954.067,12015-May-200820:15
Mpoav.dll1.5.1955.0120,88015-May-200822:59
Mprtmon.dll1.5.1955.01,184,30415-May-200823:00
Mpsigdwn.dll1.5.1955.0182,83215-May-200822:59
Mpsoftex.dll1.5.1955.0794,67215-May-200823:00
Mpsvc.dll1.5.1955.0419,37615-May-200823:00
Mputil.dll1.5.1955.0250,41615-May-200823:00
Msascui.exe1.5.1955.01,639,98415-May-200823:00
Msmpcom.dll1.5.1955.0308,78415-May-200823:00
Msmpeng.exe1.5.1955.018,19215-May-200822:57
Msmplics.dll1.5.1955.012,33615-May-200822:59
Msmpres.dll1.5.1955.0767,53615-May-200823:23

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 952265 - Last Review: January 21, 2011 - Revision: 4.0
APPLIES TO
  • Microsoft Forefront Client Security
Keywords: 
kbhotfixserver kbqfe kbautohotfix kberrmsg kbexpertiseinter fep2010swept KB952265

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com