We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it.
A computer attempts to use the install updates and shutdown Windows feature to update to the latest version of FCSv1. After restart, the computer does not have the Antimalware agent installed, but will still have the Security State Assessment(SSA) and Microsoft Operation Manager components installed.
This issue only occurs on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It does not occur on Windows XP, Windows Server 2003 or Windows 2000. This issue was not introduced in the March Update. It is caused by a previously undetected problem in the October 2010 update. Please review the steps below for what options you should take.
For the bug to occur, the system must have either th policy setting changing the default shutdown behavior or the user clicks on “Apply updates at Shutdown”. If the update is deployed or manually installed in other ways, this bug does not occur.
What can I do to address this issue myself?
There are a number of workarounds that can be used currently.
Avoiding the issue
If you have computers which experience this issue and are now unprotected, there are a number of options
What is Microsoft doing to address this?
We are doing the following:
We take the support of our customers very seriously. If you need additional assistance please contact your support professional or visit http://support.microsoft.com/ph/12632 .
Sincerely, the Microsoft Forefront Client Security Engineering team.
Today (8 March 2011), we released an update to FCSv1. Changes include:
For already installed FCS client installations, install the update for Microsoft Knowledge Base article 2508823 (http://support.microsoft.com/kb/2508823).For new FCS Client installations, deploy the client components listed in Microsoft Knowledge Base article 2508824 (http://support.microsoft.com/kb/2508824).
For more information about the update, Microsoft Knowledge Base article 2508823 (http://support.microsoft.com/kb/2508823) has the detail.
Windows Update tried to install this on my PC last night but ended up completely removing FCS!
Any update on when we may see the new authored patch to resolve this problem? We currently have a large number of computers across all our sites experiencing this problem, which is having a considerable knock-on effect to our staff. We've followed the instructions above, but try as we might we can't get the broken machines to install the previous version.
So far the only thing that's fixing them is manually un-installing the SSA, and then running an new WSUS detect/update cycle, which does work (and installs the previous version - 1.0.1728). Obviously we're not amazingly keen to have to do this by hand across the entire fleet of damaged Win7 machines, but it's looking more and more like it's going to be our only option.
Is there anything else that you could suggest?
Thanks for your help,
So we are working on a schedule as we speak and we will communicate it as soon as we have high confidence in it. We have impacted quite a number of people unintentionally, and we don't want to make anything worse.
That said this specific issue is very well understood and the scope is only on Vista/Win2k8 and above OS. However, we have had sporadic information on other OS platforms, which have had different errors than what is described above. If you have an issue on those OS, please use the Support information above and let us know.
Douglas Hill - MSFT - Forefront Engineering.