Forefront Client Security anti-malware client update: December 2009

Article ID: 976668 - View products that this article applies to.
Expand all | Collapse all

On This Page

This article describes the Microsoft Forefront Client Security (FCS) anti-malware client issues that are fixed in this hotfix package for Forefront Client Security.
Back to the top | Give Feedback

INTRODUCTION

Issues that this hotfix package fixes

Issue 1

Client setup for Forefront Client Security fails when Forefront Client Security is installed on a server that is running Windows Server 2008 R2 Core. The following error is found in the FCSAM.log file:
DIFXAPP: ERROR - The operating system you are running on is not supported. Only Windows 2000, Windows XP, Windows Server 2003 and Windows codenamed Longhorn are supported.
This client setup error also occurs on a computer that is running Windows 7 or Windows Server 2008 R2 when Windows Application Compatibility is disabled.

This problem occurs because the earlier versions of the anti-malware client used the Driver Install Frameworks (DIFx) for Applications libraries that were not originally designed for use on Windows 7 or for use on Windows Server 2008 R2. Forefront Client Security installations on these operating systems succeed because of an operating system application compatibility setting. This application compatibility setting is not present on a server that is running Windows Server 2008 R2 Core and is not applied if it is disabled on a computer that is running Windows 7 or Windows Server 2008 R2.

Workaround
On Windows 7 or Windows Server 2008 R2 non-Core editions, re-enable Windows Application Compatibility.
Resolution
The installation package for this anti-malware client update uses a revised version of the DIFx for Applications libraries that is natively compatible with Windows 7 and with Windows Server 2008 R2. Therefore, the installation package for this anti-malware client update does not require the application compatibility settings.

Issue 2

Occasionally scheduled scans are not initiated on certain Forefront Client Security clients that are running Windows 2000 Server.
Resolution
This problem is caused by a timing issue. This timing issue occurs when the MpCmdRun.exe utility is called for scheduled scans on a computer that is running Windows 2000 Server. This update corrects the timing issue so that scheduled scans are initiated correctly.

Issue 3

Generically or heuristically found malware that is detected by a scheduled scan is suspended. However, action may not be automatically taken upon the malware.
Resolution
After you apply this update, all malware detected in a scheduled scan is automatically taken action upon regardless of the detection type (concrete, generic, or heuristic) when a Forefront Client Security policy is deployed.

Issue 4

After you install the anti-malware update 971026, some managed Forefront Client Security clients on Windows XP and on Windows Server 2003 take longer to log on. This delay occurs after a restart if one or more file or folder path exclusions that are network-based are set.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
971026
(http://support.microsoft.com/kb/971026/ )
A hotfix is available to resolve some problems with the Forefront Client Security anti-malware client
File or folder path exclusions that are network-based are fully resolved into device paths before the scanning worker threads are initialized in the Forefront Client Security startup process. The delay occurs if the kernel mode mini-filter of Forefront Client Security intercepts the file I/O from the logon process while the network-based file or folder paths are being resolved.
Workaround
Customers who are experiencing this issue and who cannot immediately apply this update can work around the issue by removing all file or folder path exclusions that are network-based. Then implement the DisableScanningNetworkFiles policy setting described in Microsoft Knowledge Base (KB) article 971026.
Resolution
After you apply this update, only the local exclusions are applied before the scanning worker threads are initialized in the Forefront Client Security startup process. After initialization, the full configuration is refreshed to include file or folder path exclusions that are network-based.

This update also honors the DisableScanningNetworkFiles policy setting. Therefore, the customers who implement this setting do not have to re-create file or folder path exclusions that are network-based after they apply this update.

Hotfix information

A supported hotfix is available from Microsoft.

Note This hotfix is available from Microsoft Update and from Windows Server Update Services. If you want to obtain the file for deployment by using a different method, follow these steps:
  1. Visit the following Microsoft Update Catalog Web site:
    http://catalog.update.microsoft.com/v7/site/Home.aspx
    (http://catalog.update.microsoft.com/v7/site/Home.aspx)
  2. Type 976668 in the Search box, and then click Search.
  3. Click Add to add the hotfix to the basket.
  4. Near the search bar at the top, click the view basket link.
  5. Click Download.
  6. Click Browse, specify the folder to which you want to download the hotfix, and then click OK.
  7. Click Continue, and then click I Accept to accept the Microsoft Software License Terms.
  8. When the update is downloaded to the location that you specified, click Close.

Prerequisites

There are no prerequisites for installing this hotfix.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix replaces the following hotfixes:
971026
(http://support.microsoft.com/kb/971026/ )
A hotfix is available to resolve some problems with the Forefront Client Security anti-malware client
952265
(http://support.microsoft.com/kb/952265/ )
Data corruption may occur on a computer that has Forefront Client Security installed
938054
(http://support.microsoft.com/kb/938054/ )
A hotfix is available to resolve some problems with the Forefront Client Security client
956280
(http://support.microsoft.com/kb/956280/ )
The Forefront Client Security kernel-mode mini-filter unloads when you browse a network file share that contains many malicious files

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Forefront Client Security, 32-bit versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amhelp.chmNot Applicable65,21628-Oct-0817:55
Mpasbase.vdm1.0.0.0572,72028-Oct-0817:58
Mpasdesc.dll1.5.1973.049,0243-Sep-0921:07
Mpasdlta.vdm1.0.0.09,00828-Oct-0817:58
Mpavbase.vdm1.0.0.0204,62428-Oct-0817:58
Mpavdlta.vdm1.0.0.09,04028-Oct-0817:58
Mpavrtm.dll1.5.1973.0128,3683-Sep-0920:48
Mpclient.dll1.5.1973.0366,4483-Sep-0920:48
Mpcmdrun.exe1.5.1973.0349,0643-Sep-0919:06
Mpengine.dll1.1.3520.03,308,62428-Oct-0817:57
Mpevmsg.dll1.5.1973.023,4083-Sep-0921:07
Mpfilter.sys1.5.1969.069,61615-May-0917:35
Mpoav.dll1.5.1973.092,0323-Sep-0920:48
Mprtmon.dll1.5.1973.0731,0083-Sep-0920:48
Mpsigdwn.dll1.5.1973.0129,9043-Sep-0920:48
Mpsoftex.dll1.5.1973.0518,0163-Sep-0920:48
Mpsvc.dll1.5.1973.0304,4963-Sep-0920:48
Mputil.dll1.5.1973.0177,0083-Sep-0920:48
Msascui.exe1.5.1973.01,033,5843-Sep-0920:48
Msmpcom.dll1.5.1973.0221,0403-Sep-0920:48
Msmpeng.exe1.5.1973.016,8803-Sep-0919:06
Msmplics.dll1.5.1973.09,0723-Sep-0920:48
Msmpres.dll1.5.1973.0766,3203-Sep-0921:07
Forefront Client Security, 64-bit versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amhelp.chmNot Applicable65,21628-Oct-0817:55
Mpasbase.vdm1.0.0.0572,72028-Oct-0817:58
Mpasdesc.dll1.5.1973.049,5364-Sep-092:40
Mpasdlta.vdm1.0.0.09,00828-Oct-0817:58
Mpavbase.vdm1.0.0.0204,62428-Oct-0817:58
Mpavdlta.vdm1.0.0.09,04028-Oct-0817:58
Mpavrtm.dll1.5.1973.0154,9924-Sep-092:21
Mpclient.dll1.5.1973.0546,6724-Sep-092:21
Mpcmdrun.exe1.5.1973.0504,1124-Sep-092:18
Mpengine.dll1.1.3520.04,431,95228-Oct-0817:57
Mpevmsg.dll1.5.1973.023,4084-Sep-092:40
Mpfilter.sys1.5.1969.088,94415-May-0917:35
Mpoav.dll1.5.1973.0117,6164-Sep-092:21
Mprtmon.dll1.5.1973.01,181,0564-Sep-092:21
Mpsigdwn.dll1.5.1973.0179,5684-Sep-092:21
Mpsoftex.dll1.5.1973.0791,4084-Sep-092:21
Mpsvc.dll1.5.1973.0416,1284-Sep-092:21
Mputil.dll1.5.1973.0247,1524-Sep-092:21
Msascui.exe1.5.1973.01,636,7204-Sep-092:21
Msmpcom.dll1.5.1973.0305,5204-Sep-092:21
Msmpeng.exe1.5.1973.016,3684-Sep-092:18
Msmplics.dll1.5.1973.09,0884-Sep-092:21
Msmpres.dll1.5.1973.0764,2724-Sep-092:40
Back to the top | Give Feedback

MORE INFORMATION

This update is included in a new slipstream installation package of the Forefront Client Security client software. For more information about the slipstream installation package, visit the following Microsoft Knowledge Base article:
976669
(http://support.microsoft.com/kb/976669/ )
Forefront Client Security deployment package (1.0.1725.0): December 2009
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

Properties

Article ID: 976668 - Last Review: January 20, 2011 - Revision: 2.0
APPLIES TO
  • Microsoft Forefront Client Security
Keywords: 
kbsurveynew kbexpertiseinter kbqfe kbhotfixserver fep2010swept KB976668
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top