Archive for the ‘known issue’ Category

FCS – Upcoming solution for installation issues with March 2011 Update

March 31st, 2011 Comments off

We have been working hard on a solution for customers that encountered issues with our update in March. I wanted to let you know what we are planning to address this.

We are authoring a package that is specifically designed to find systems that have a failed upgrade to our March update. To do this, we will be pushing a package from Microsoft Update that looks for several specific conditions:

  1. The SSA package from Forefront Client Security to be present.

  2. Several Antimalware registry keys are present, even though Antimalware software had been removed due to an upgrade.

  3. You are running Vista or higher OS (including Server OS like Windows Server 2008)

If all of these items are true, then we will reinstall the update package and return the system to normal.

If a system fails any one of these conditions, we aren’t going to install. The first case is a safe check because only FCSv1 customers have this particular package. The second one is equally important, because if a admin has actually intentionally removed FCSv1, the Antimwalware keys we are looking for would no longer exist. The third obviously focuses the package on machines that it applies to.

We are planning to release this package on 4/5. Our intention is to make this available and visible before the upcoming patch Tuesday window so administrators and users can choose to deploy it ahead of any other updates pending the following Tuesday. WSUS admins will be able to find this package by its KB number 2524280.

Please note that this package is intended to fix only a very specific case of an upgrade failure. There are many technical reasons that a package may fail to upgrade that we cannot address in this manner. Examples include a damaged registry, Windows installer repository issues or binaries being held by external processes beyond our control. If you need additional assistance please contact your support professional or visit .

Forefront Client Security Engineering team

Categories: FCS, FCS Support, Forefront, KB, known issue, WSUS Tags:

FCS: 64-Bit Clients do not report the antimalware version in the Computer Details report in the Forefront Client Security management console

January 26th, 2011 Comments off

An issue has been identified in Forefront Client Security (FCS) where when viewing the computer details report from the Forefront Client Security management console, the antimalware client version on 64-bit clients is not reported accurately. This is because of an error in the way the Operations Manger 2005 Management Pack collects this information.

During Forefront Client Security installation, the antimalware package creates several registry keys and creates files in several different directories. During the antimalware installation on 64-bit computers, the following key is created under [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Forefront\Client Security\1.0\AM]

“InstallLocation=C:\\Program Files (x86)\\Microsoft Forefront\\Client Security\\Client\\Antimalware\\”

The antimalware version is not reported because the MOM agent is 32-bit and on 64-bit computers runs under Windows on windows subsystem. Because of this the MOM agent queries the WOW6432 node of HKEY_LOCAL_MACHINE. When the MOM script queries for the installation path and gets a value of “C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Antimalware,” it then attempts to discover the file version for MsMpEng.exe, which is not located in this directory. On 64-bit computers MsMpEng.exe is located in “c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware. When this query fails, the AM version property is set to “N/A”.

If you are experiencing this issue, we suggest you open a support case with using one of the methods documented here: Chris Norman, Senior Escalation Engineer

Categories: 64 bit, computer details, FCS, known issue Tags: