We have been seeing some Antigen 9.x servers up past rollup-3 that are still not updating to Kaspersky 8.

As of last week, customers still running Kaspersky5 started getting errors during attempted updates.

This is normally due to one or more files being missing in the following directories.

%databasepath%\Engines\localenginemapping.cab

%databasepath\Engines\Metadata\universalmanifest.cab

Database path is your install path \ Data on a standalone server

or

<drive>:\Antigencluster\Data on a cluster server.

You should have copies of These files in your Antigen install files directory.

If you do not please open a free case to get copies of these files to get Kaspersky up to date.

We have had a few strange detection issues last week due to some non-standard configurations.

1. Spam filtering not working for User X

This one was due to a setting in content filtering.

There is a setting called AntispamBypassEnabled  for each user.

In forefront the agent log will show a content bypass enabled, skipping for every mail to that user.

You can find and fix this setting by doing the following…

 

[PS] C:>get-mailbox USERMAILBOXNAME | fl *spam*,*

SCL AntispamBypassEnabled : False

SCLDeleteThreshold :

SCLDeleteEnabled :

SCLRejectThreshold :

SCLRejectEnabled :

SCLQuarantineThreshold :

SCLQuarantineEnabled :

SCLJunkThreshold :

SCLJunkEnabled :

The above settings will bypass organization level settings.

In this case, the user was set to true for bypass. So nothing got deleted or rejected or put in junk.

2. The next issue was a customer that had everything up and running but no scanning on real-time.

There is a per-database setting for VSAPI. You can find the keys in the following registry locations.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\EXCHANGE-SERVERNAME\DATABASENAME-GUID-OF-YOUR-DATABASE]

"VirusScanEnabled"=dword:00000000

"VirusScanProactiveScanning"=dword:00000000

0 = no scanning

1= scanning