We have been working hard on a solution for customers that encountered issues with our update in March. I wanted to let you know what we are planning to address this.
We are authoring a package that is specifically designed to find systems that have a failed upgrade to our March update. To do this, we will be pushing a package from Microsoft Update that looks for several specific conditions:
The SSA package from Forefront Client Security to be present.
Several Antimalware registry keys are present, even though Antimalware software had been removed due to an upgrade.
You are running Vista or higher OS (including Server OS like Windows Server 2008)
If all of these items are true, then we will reinstall the update package and return the system to normal.
If a system fails any one of these conditions, we aren’t going to install. The first case is a safe check because only FCSv1 customers have this particular package. The second one is equally important, because if a admin has actually intentionally removed FCSv1, the Antimwalware keys we are looking for would no longer exist. The third obviously focuses the package on machines that it applies to.
We are planning to release this package on 4/5. Our intention is to make this available and visible before the upcoming patch Tuesday window so administrators and users can choose to deploy it ahead of any other updates pending the following Tuesday. WSUS admins will be able to find this package by its KB number 2524280.
Please note that this package is intended to fix only a very specific case of an upgrade failure. There are many technical reasons that a package may fail to upgrade that we cannot address in this manner. Examples include a damaged registry, Windows installer repository issues or binaries being held by external processes beyond our control. If you need additional assistance please contact your support professional or visit http://support.microsoft.com/ph/12632 .
Forefront Client Security Engineering team
So I’ve been around here at Microsoft for a bit, and have been working with Microsoft products (and products related to Microsoft) for some time, but even now things slip under radar and get missed.
Fortunately, folks like Stefan Schörling (links to his blog) are fantastic at finding tidbits that can make your job easier.
I wanted to call out a blog post by Stefan about a Codeplex tool called Package This - that allows you to build a custom help file, using the TechNet Library as a source. Coolness in a major way. Wish I had this tool when I was out in the field….
Microsoft Management Summit is just a few days away in Las Vegas. We hope to see you there. You will see a lot of Forefront Endpoint Protection (FEP) at MMS this year!
Here’s the list of Forefront Endpoint Protection Sessions at MMS, please make sure to check them out. Please stop by at the FEP kiosk and share your feedback with the FEP extended team of engineers and consultants from around the world.
10:15a - 11:30a
BI01 Advanced Malware Threat Detection and Removal with Forefront Endpoint Protection 2010
4:00p - 5:15p
BI02 Forefront Endpoint Protection Overview: Managing desktop security and antimalware solution with System Center Configuration Manager
Integrating Management & Security at Microsoft: Forefront Endpoint Protection 2010 deployment case study at Microsoft
11:45a - 1:00p
Forefront Endpoint Protection Overview-Instructor Led Lab
5:30p - 6:30p
BOF: Forefront Endpoint Protection 2010 Setup and Configuration (Birds of Feather-Interactive session)
Looking forward to meeting you in Las Vegas!
Adwait Joshi Sr. Technical Product Manager Management and Security Division
We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it.
A computer attempts to use the install updates and shutdown Windows feature to update to the latest version of FCSv1. After restart, the computer does not have the Antimalware agent installed, but will still have the Security State Assessment(SSA) and Microsoft Operation Manager components installed.
This issue only occurs on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It does not occur on Windows XP, Windows Server 2003 or Windows 2000. This issue was not introduced in the March Update. It is caused by a previously undetected problem in the October 2010 update. Please review the steps below for what options you should take.
For the bug to occur, the system must have either th policy setting changing the default shutdown behavior or the user clicks on “Apply updates at Shutdown”. If the update is deployed or manually installed in other ways, this bug does not occur.
What can I do to address this issue myself?
There are a number of workarounds that can be used currently.
Avoiding the issue
If you have computers which experience this issue and are now unprotected, there are a number of options
What is Microsoft doing to address this?
We are doing the following:
We take the support of our customers very seriously. If you need additional assistance please contact your support professional or visit http://support.microsoft.com/ph/12632 .
Sincerely, the Microsoft Forefront Client Security Engineering team.
Today (8 March 2011), we released an update to FCSv1. Changes include:
For already installed FCS client installations, install the update for Microsoft Knowledge Base article 2508823 (http://support.microsoft.com/kb/2508823).For new FCS Client installations, deploy the client components listed in Microsoft Knowledge Base article 2508824 (http://support.microsoft.com/kb/2508824).
For more information about the update, Microsoft Knowledge Base article 2508823 (http://support.microsoft.com/kb/2508823) has the detail.
Visio is one of the most popular tools for creating diagrams that describe effective systems and processes. In every project in which I participate, when it comes to documenting what you did I always have to create a diagram where I defined architecture, server configuration, network, etc. A picture is worth a thousand words and Visio is the tool of choice in these documentation tasks.
With SMSMap you can read FEP components and ConfigMgr/SMS site roles through COM and automate Visio to draw a diagram of the hierarchy including the FEP SQL Reporting Server, FEP Data Warehouse SQL Server, and the FEP Reporting Component.
Developed by Jeff Tondt this free utility is available at http://www.tondtware.com and works on ConfigMgr SP2 / R3 and down to SMS 2003. Seeing the whole FEP/ConfigMgr hierarchy as a picture can help you quickly understand how your infrastructure is laid out. This handy tool automates creation of your infrastructure documentation and frees you up for other Forefront product installations.
Some screenshots of SMSMap: