We have been working hard on a solution for customers that encountered issues with our update in March. I wanted to let you know what we are planning to address this.

We are authoring a package that is specifically designed to find systems that have a failed upgrade to our March update. To do this, we will be pushing a package from Microsoft Update that looks for several specific conditions:

  1. The SSA package from Forefront Client Security to be present.

  2. Several Antimalware registry keys are present, even though Antimalware software had been removed due to an upgrade.

  3. You are running Vista or higher OS (including Server OS like Windows Server 2008)

If all of these items are true, then we will reinstall the update package and return the system to normal.

If a system fails any one of these conditions, we aren’t going to install. The first case is a safe check because only FCSv1 customers have this particular package. The second one is equally important, because if a admin has actually intentionally removed FCSv1, the Antimwalware keys we are looking for would no longer exist. The third obviously focuses the package on machines that it applies to.

We are planning to release this package on 4/5. Our intention is to make this available and visible before the upcoming patch Tuesday window so administrators and users can choose to deploy it ahead of any other updates pending the following Tuesday. WSUS admins will be able to find this package by its KB number 2524280.

Please note that this package is intended to fix only a very specific case of an upgrade failure. There are many technical reasons that a package may fail to upgrade that we cannot address in this manner. Examples include a damaged registry, Windows installer repository issues or binaries being held by external processes beyond our control. If you need additional assistance please contact your support professional or visit http://support.microsoft.com/ph/12632 .

Forefront Client Security Engineering team