The installation log file for the update, typically located at %ProgramFiles%\Microsoft Forefront\Client Security\Client\Logs\mp_ambits.log, contains information similar to the below.
In this situation, the Security State Assessment(SSA) and Microsoft Operation Manager components remain installed.
Note: the symptom "Error: The specified service has been marked for deletion" may also occur due to different causes.
- WSUS administrators can decline or not approve KB2508823 for installation
- Avoid installing KB2508823 with “Install updates and shutdown”. This may be accomplished by
- a recommendation by administrators to users
- enforcement though Automatic Updates group policy: Computer Configuration/Administrative Templates/Windows Components/Windows Update- Do not display ‘Install Updates and shut down’ option in Shut Down Windows dialog box.
- installing the update KB2508823 through WSUS deadlines; this triggers its installation immediately. For more information on WSUS deadlines, see the TechNet article Client Behavior with Update Deadlines
For automated correction through Microsoft Update and WSUS, see More Information section below.
For manual correction, there are a number of options
- Download and install KB2508823 manually. There are steps to do this in the Hotfix information section of the article: http://support.microsoft.com/kb/2508823
- Approve in WSUS “Client Update for Microsoft Forefront Client Security (1.0.1728.0)” and decline both the March update(KB2508823) and the Client Update for Microsoft Forefront Client Security (1.0.1736.0) (2508824). After the next Automatic Updates detection and installation cycle, this will redeploy the prior antimalware agent
- Approve the “Client Update for Microsoft Forefront Client Security (1.0.1736.0)” slipstream update.
NOTE: In some cases this will fail with 0x666 ERROR_PRODUCT_VERSION
If you are seeing ERROR_PRODUCT_VERSION failures installing the slipstream you can uninstall SSA and that should allow it to work.
This fix is available from Microsoft Update and from Windows Server Update Services (WSUS). The update uses the following conditions to determine if it should apply the March 2011 update. If all conditions are met the update will be installed:
- The Forefront Client Security State Assessment (SSA) agent is installed
- The Forefront Client Security Antimalware agent is not installed.
- Specific antimalware agent registry keys are present.
- The computer operating system is Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2.