DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 968268 - Last Review: March 16, 2012 - Revision: 3.0

SYMPTOMS

Microsoft Forefront Security for SharePoint currently uses the following default deletion messages:
  • CorruptedCompressedFile
  • CorruptedCompressedUuencodeFile
  • EncryptedCompressedFile
  • Exceedingly compressed size
  • ExceedinglyInfected
  • ExceedinglyNested
  • Exceedingly nested folder structure
  • LargeInfectedContainerFile
  • UnReadableCompressedFile
  • UnWritableCompressedFile
Forefront Security for SharePoint uses these default deletion messages to describe the file types that contain certain compressed characteristics. When Forefront Security for SharePoint finds these compressed characteristics, it deletes the files and creates these default deletion messages. However, such messages may lead a user or an administrator to assume mistakenly that an error occurred or that a virus was found.

RESOLUTION

To resolve this problem, install Forefront Security for SharePoint with Service Pack 3 (SP3). This service pack lets an administrator modify registry settings to customize the default deletion messages.

For more information about Forefront Security for SharePoint SP3, click the following article number to view the article in the Microsoft Knowledge Base:
967995  (http://support.microsoft.com/kb/967995/ ) Description of Forefront Security for SharePoint with Service Pack 3
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
After you install Forefront Security for SharePoint with SP3, you can customize the messages by manually creating the following REG_SZ registry entries:
  • OverrideCorruptedCompressedFile
  •  OverrideCorruptedUuencode
  • OverrideCorruptedCompressedFile
  • OverrideEncyptedCompressedFile
  • OverrideExceedinglyInfected
  • OverrideExceedinglyNested
  • OverrideFragmentedMessage
  • OverrideLargeInfectedContainerFile
  • OverrideScanTimeExceeded
  • OverrideUnReadableCompressedFile
  • OverrideUnWritableCompressedFile
  • OverrideIllegalMimeHeader
You can create these REG_SZ registry entries in the following registry subkeys:
  • On a 32-bit computer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Server Security\SharePoint
  • On a 64-bit computer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\SharePoint
Then, you can open the registry entries and edit the values to contain the messages that you want. You do not have to restart any services after you create and edit these registry entries.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

APPLIES TO
  • Microsoft Forefront Security for SharePoint
  • Microsoft Forefront Security for SharePoint Service Pack 1
  • Microsoft Forefront Security for SharePoint Service Pack 2
Keywords: 
kbexpertiseinter kbbug kbqfe kbsurveynew kbprb KB968268
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support