When you use Windows Update to install updates on a computer that is running a Server Core installation of Windows Server 2008, the update for Microsoft Forefront Client Security (update 952265) may not be installed.
For more information about update 952265, click the following article number to view the article in the Microsoft Knowledge Base:
952265 Data corruption may occur on a computer that has Forefront Client Security installed
When this problem occurs, information that resembles the following is logged in the %windir%\WindowsUpdate.log file:
AutomaticUpdates Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Forefront Client Security (KB952265)
Also, information that resembles the following is logged in the "%programfiles%\Microsoft Forefront\Client Security\Client\Logs\Mp_ambits.log" file:
MSI (s) (FC!08) [18:00:23:703]: PROPERTY CHANGE: Deleting StopProcessList property. Its current value is 'MSASCui.exe MpCmdRun.exe'.
Action start 18:00:23: StopRunningProcessW.
STOP PROCESS: INFO: Running process found: MSASCui.exe (3068).
STOP PROCESS: ERROR: Failed to Enumerate Windows for process: MSASCui.exe (3068). HRESULT = 0x80070514
Action ended 18:00:23: StopRunningProcessW. Return value 3.
Action ended 18:00:23: INSTALL. Return value 3.
MSI (s) (FC:40) [18:00:23:703]: Note: 1: 1708
MSI (s) (FC:40) [18:00:23:703]: Product: Microsoft Forefront Client Security Antimalware Service -- Installation failed.
During the installation of update 952265, the Windows Update service tries to stop any running processes that are associated with the Forefront Client Security client. This requires the SeDebugPrivilege user right. By default, a Server Core installation of Windows Server 2008 does not grant this right to the Windows Update service.
To resolve this problem, manually install update 952265. To do this, follow these steps:
On a different computer, visit the following Microsoft Update Catalog Web site:
Type 952265 in the Search box, and then click Search.
Click Add to add the hotfix to the basket.
Near the search bar at the top, click view basket.
Click Browse, specify a folder to which you want to save the hotfix, and then click OK.
Click Continue, and then accept the Microsoft Software License Terms. The hotfix starts to download.
Copy the language and architecture version of the downloaded hotfix to a location that can be accessed from the Windows Server 2008-based computer.
Run the hotfix at the command prompt on the Windows Server 2008-based computer.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about the Server Core installation option of Windows Server 2008, visit the following Microsoft Web page:
952265Data corruption may occur on a computer that has Forefront Client Security installed
902093How to read the Windowsupdate.log file