Summary
An issue has been identified in Forefront Security for Exchange Service Pack 2 Hotfix Rollup 3 in the way that it retrieves updates for version 8 of the Kaspersky antivirus scan engine.
The incremental engine update functionality may fail resulting in a full engine update. This full engine update may require downloading an engine file package in excess of 160 megabytes. Due to the size and frequency of the engine update, servers may experience a noticeable spike in resource consumption.The nature of this issue necessitates providing a solution through a hotfix as opposed through the more traditional conduit of a typical engine update.
After the hotfix is applied, resource consumption will decrease.Resolution
Use the hotfix button at the top of this page to acquire the hotfix.
The patch will contain 1 new binary file; GetEngineFiles.exe. The patch version of GetEngineFiles.exe will be version 10.2.955.0. On the system where FSE 10.2 RU3 is installed there will be a GetEnginesFiles.exe file installed that has a version of 10.2.0954.0. The GetEngineFiles.exe file, by default, is located here: C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server Rename the current copy (e.g. GetEngineFiles.old) and place the new patched binary it in’s place. No system services or processes need to be interrupted while applying the hotfix.Engine Update Test
After you have applied the hotfix, you can test update functionality by performing a manual update. 1.) Open the Forefront interface 2.) Navigate to Settings and then Scanner Updates 3.) Highlight the Kaspersky engine 4.) Click Update Now Please note that the first update after applying this hotfix may result in a long update time as we perform a full engine update. However, after this initial engine update, subsequent times will drop notably as incremental updates are now functioning properly.