In Forefront Security for SharePoint, some default deletion messages may lead a user or an administrator to assume mistakenly that an error occurred or that a virus was found

This article has been archived. It is offered "as is" and will no longer be updated.
Symptoms
Microsoft Forefront Security for SharePoint currently uses the following default deletion messages:
  • CorruptedCompressedFile
  • CorruptedCompressedUuencodeFile
  • EncryptedCompressedFile
  • Exceedingly compressed size
  • ExceedinglyInfected
  • ExceedinglyNested
  • Exceedingly nested folder structure
  • LargeInfectedContainerFile
  • UnReadableCompressedFile
  • UnWritableCompressedFile
Forefront Security for SharePoint uses these default deletion messages to describe the file types that contain certain compressed characteristics. When Forefront Security for SharePoint finds these compressed characteristics, it deletes the files and creates these default deletion messages. However, such messages may lead a user or an administrator to assume mistakenly that an error occurred or that a virus was found.
Resolution
To resolve this problem, install Forefront Security for SharePoint with Service Pack 3 (SP3). This service pack lets an administrator modify registry settings to customize the default deletion messages.

For more information about Forefront Security for SharePoint SP3, click the following article number to view the article in the Microsoft Knowledge Base:
967995 Description of Forefront Security for SharePoint with Service Pack 3
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
After you install Forefront Security for SharePoint with SP3, you can customize the messages by manually creating the following REG_SZ registry entries:
  • OverrideCorruptedCompressedFile
  •  OverrideCorruptedUuencode
  • OverrideCorruptedCompressedFile
  • OverrideEncyptedCompressedFile
  • OverrideExceedinglyInfected
  • OverrideExceedinglyNested
  • OverrideFragmentedMessage
  • OverrideLargeInfectedContainerFile
  • OverrideScanTimeExceeded
  • OverrideUnReadableCompressedFile
  • OverrideUnWritableCompressedFile
  • OverrideIllegalMimeHeader
You can create these REG_SZ registry entries in the following registry subkeys:
  • On a 32-bit computer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Server Security\SharePoint
  • On a 64-bit computer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\SharePoint
Then, you can open the registry entries and edit the values to contain the messages that you want. You do not have to restart any services after you create and edit these registry entries.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
deletion text, forefront, change, compressed, registry, UnwriteableCompressed
Properties

Article ID: 968268 - Last Review: 01/16/2015 17:12:43 - Revision: 4.0

Microsoft Forefront Security for SharePoint, Microsoft Forefront Security for SharePoint Service Pack 1, Microsoft Forefront Security for SharePoint Service Pack 2

  • kbnosurvey kbarchive kbexpertiseinter kbbug kbqfe kbsurveynew kbprb KB968268
Feedback