DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 978300 - Last Review: February 17, 2010 - Revision: 2.0

Hotfix Download Available
View and request hotfix downloads
 

On This Page

SUMMARY

Microsoft has released Hotfix Rollup 1 for Microsoft Forefront Security for SharePoint with Service Pack 3. This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.

MORE INFORMATION

New feature in Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3

Before this rollup, Forefront Server Security for SharePoint only enabled the deletion of files that exceed any of the following four General Option limits:
  • Max Container Scan Time (Real-Time)
  • Max Container Scan Time (Manual)
  • Max Nested Attachments
  • Max Nested Compressed Files
Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3 now includes the ability to perform a "Skip: detect only" action on files that exceed any of these four General Option limits. To do this, disable the Delete Corrupted Compressed Files General Option, after you have applied the hotfix rollup.

Note When the Delete Corrupted Compressed Files General Option is enabled, files that match any of these four General Options will also be deleted. To locate these features, on the Settings menu in the Forefront Administrator console, click General Options.

Issues that are fixed in Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3

In addition to the fixes included in all service packs and rollups for Forefront Security for SharePoint, this hotfix rollup fixes the following issues.

Details of the issues that are fixed in the hotfix rollup

  1. An error message is logged when you use Microsoft Forefront Server Security Management Console to update the scan engines: "ERROR: A standard exception was caught in GetEngineFiles. invalid string position"
  2. Forefront Server Security for SharePoint may clean and upload a file to SharePoint instead of performing the expected behavior of blocking the file
  3. Forefront Server Security for SharePoint does not quarantine the whole OpenXML document during a Quick or Manual scan
  4. The Incidents panel in Forefront Security Server for SharePoint may display the user GUID or remain blank in the Document Creator column, instead of displaying the actual user name
  5. The FSCController.exe process may crash and generate a Dr. Watson crash that references Bucket ID 671966687
  6. Excessive logging in Forefront Security for SharePoint may cause upload or download delays in SharePoint
  7. The FSCController.exe process crashes and generates a Dr. Watson crash that references Bucket ID 653246026
  8. Files are detected as CorruptedCompressedFile when the MaxUnCompressedFileSize registry value is set to 0xFFFFFFFF
  9. Forefront Server Security for SharePoint services do not start if the installation root directory contains a file that is named "Program"
  10. Forefront Server Security for SharePoint may falsely detect that valid Office 2003 Word documents contain CorruptedCompressedFile viruses
  11. When you rename an existing File Filter list, this causes the File Filter list to be disabled, and configuration settings revert to default settings in Forefront Server Security for SharePoint
  12. Performance is improved in Forefront Server Security for SharePoint for actioning hidden infected files in 2007 Microsoft Office OpenXML documents that were originally created by using beta versions of 2007 Microsoft Office
  13. Memory is not released from scan processes when Forefront Server Security for SharePoint scans certain GZip files
  14. Memory is not released from scan processes when Forefront Server Security for SharePoint scans TAR files that are inside GZip files
  15. Memory is not released from scan processes when Forefront Server Security for SharePoint scans Mac Zip files that are inside another archive or compressed file
  16. An FSS-ELI Scheduled Task is not created if all engine updates are disabled in Forefront Server Security for SharePoint
  17. All engine updates roll back in Forefront Server Security for SharePoint if the installation root contains a file that is named "Program"
  18. Filter Lists settings are not applied when you perform a silent installation of Forefront Server Security for SharePoint
  19. Exceptions during a Forefront for SharePoint manual scan cause "ExceedinglyNested" detection and file removal
  20. When you generate a Forefront Diagnostic for Forefront Security for SharePoint, you are prompted to "press any key" to complete the data collection
  21. When an engine update fails in Forefront Security for SharePoint because of an invalid database path, Forefront does not log a concise error message
  22. When a template from one Forefront Security for SharePoint installation is applied to another installation, the installation that receives the template may lose all Forefront settings and stop scanning documents
  23. A scan engine update fails and logs a warning message in the ProgramLog.txt file
  1. An error message is logged when you use Microsoft Forefront Server Security Management Console to update the scan engines: "ERROR: A standard exception was caught in GetEngineFiles. invalid string position"

    Symptoms

    When you use the Microsoft Forefront Server Security Management Console (FSSMC) to update the scan engines on Forefront Security for SharePoint, the engine updates fail. Additionally, the following error message is logged:
    Date/Time (3284- 1556), ERROR: A standard exception was caught in GetEngineFiles. invalid string position."
    back to Top
  2. Forefront Server Security for SharePoint may clean and upload a file to SharePoint instead of performing the expected behavior of blocking the file

    Symptoms

    If a file contains both a component that can be cleaned, such as a virus, together with a component that should be blocked, such as a Keyword Filter, the file is cleaned and uploaded instead of blocked.

    back to Top
  3. Forefront Server Security for SharePoint does not quarantine the whole OpenXML document during a Quick or Manual scan

    Symptoms

    An OpenXML document was deleted and quarantined during a Quick or Manual scan. You locate and try to deliver the OpenXML document from the Forefront Server Security for SharePoint Quarantine. But you find that only a sub-file of the document is present. For example, Newletter.docx is deleted according to a Keyword filter during a Manual scan. However, only document.xml is present in the Quarantine.

    More information

    OpenXML files are basically container files. When Forefront Server Security for SharePoint makes a detection in the file, only the specific sub-file within is actioned and quarantined if the Quarantine Files option is enabled. Therefore, an administrator cannot deliver the whole OpenXML document from quarantine to the intended recipient.

    back to Top
  4. The Incidents panel in Forefront Security Server for SharePoint may display the user GUID or remain blank in the Document Creator column, instead of displaying the actual user name

    Symptoms

    An administrator may see GUIDs or blanks in the Incidents panel in the Document Creator column.

    More Information

    Forefront Security Server for SharePoint may be unable to identify a document creator name of a file that it lists in the Incidents panel. The user name is blank or is displayed as a GUID.

    back to Top
  5. The FSCController.exe process may crash and generate a Dr. Watson crash that references Bucket ID 671966687

    Symptoms

    The FSCController.exe process may crash. This generates a Dr. Watson crash that references Bucket ID 671966687. The crash generates the following stack dump file:
    OLE32.DLL!CStdMarshal::DisconnectCliIPIDs [marshal.cxx]
    OLE32.DLL!CStdMarshal::Disconnect [marshal.cxx]
    OLE32.DLL!CStdMarshal::HandlePendingDisconnect [marshal.cxx]
    OLE32.DLL!CStdMarshal::Finish_QueryRemoteInterfaces  [marshal.cxx]
    OLE32.DLL!CStdMarshal::QueryRemoteInterfaces [marshal.cxx]
    OLE32.DLL!CStdIdentity::CInternalUnk::QueryMultipleInterfaces	 [stdid.cxx]
    OLE32.DLL!CStdIdentity::CInternalUnk::QueryInterface	 [stdid.cxx]
    RPCRT4.DLL!IUnknown_QueryInterface_Proxy	 [proxy.cxx]
    FSCCONTROLLER.EXE!CRealtimeProxy::DisableScanEngine [realtimeproxy.cpp]
    FSCCONTROLLER.EXE!CSybariService::DisableScanEngines [sybariservice.cpp]
    RPCRT4.DLL!Invoke [stubless.asm]
    RPCRT4.DLL!NdrStubCall2  [srvcall.cxx]
    RPCRT4.DLL!CStdStubBuffer_Invoke  [stub.cxx]
    OLE32.DLL!SyncStubInvoke [channelb.cxx]
    OLE32.DLL!StubInvoke  [channelb.cxx]
    OLE32.DLL!CCtxComChnl::ContextInvoke  [ctxchnl.cxx]
    OLE32.DLL!MTAInvoke	 [callctrl.cxx]
    OLE32.DLL!STAInvoke	 [callctrl.cxx]
    OLE32.DLL!AppInvoke	 [channelb.cxx]
    OLE32.DLL!ComInvokeWithLockAndIPID	 [channelb.cxx]
    OLE32.DLL!ComInvoke	 [channelb.cxx]
    OLE32.DLL!ThreadDispatch [chancont.cxx]
    OLE32.DLL!ThreadWndProc  [chancont.cxx]
    USER32.DLL!InternalCallWinProc  [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow  [clmsg.c]
    USER32.DLL!DispatchMessageWorker [clmsg.c]
    USER32.DLL!DispatchMessageW  [cltxt.h]
    FSCCONTROLLER.EXE!CServiceModule::Run [antigenservice.cpp]
    FSCCONTROLLER.EXE!CServiceModule::ServiceMain  [antigenservice.cpp]
    ADVAPI32.DLL!ScSvcctrlThreadA [scapi.cxx]
    KERNEL32.DLL!BaseThreadInitThunk [thread.c]
    NTDLL.DLL!__RtlUserThreadStart [rtlexec.c]
    NTDLL.DLL!_RtlUserThreadStart	 [rtlexec.c]
    
    back to Top
  6. Excessive logging in Forefront Security for SharePoint may cause upload or download delays in SharePoint

    Symptoms

    You may experience upload or download delays in SharePoint.

    Cause

    This issue may occur because default level logging in Forefront Security for SharePoint may be resource intensive.

    back to Top
  7. The FSCController.exe process crashes and generates a Dr. Watson crash that references Bucket ID 653246026

    Symptoms

    The FSCController.exe crashes and generates a Dr. Watson crash that references Bucket ID 653246026. The crash generates the following stack dump file:
    FSCCONTROLLER.EXE!CRealtimeProxy::Shutdown	 [realtimeproxy.cpp]
    FSCCONTROLLER.EXE!ShutdownStorageGroup	 [sybariservice.cpp]
    FSCCONTROLLER.EXE!CSybariService::ShutdownStorageGroup	 [sybariservice.cpp]
    FSCCONTROLLER.EXE!CSybariService::ShutdownStorageGroup	 [sybariservice.cpp]
    RPCRT4.DLL!Invoke	 [stubless.asm]
    RPCRT4.DLL!NdrStubCall2	 [srvcall.cxx]
    RPCRT4.DLL!CStdStubBuffer_Invoke	 [stub.cxx]
    OLEAUT32.DLL!CUnivStubWrapper::Invoke	 [rpcwrap.cpp]
    OLE32.DLL!SyncStubInvoke	 [channelb.cxx]
    OLE32.DLL!StubInvoke	 [channelb.cxx]
    OLE32.DLL!CCtxComChnl::ContextInvoke	 [ctxchnl.cxx]
    OLE32.DLL!MTAInvoke	 [callctrl.cxx]
    OLE32.DLL!STAInvoke	 [callctrl.cxx]
    OLE32.DLL!AppInvoke	 [channelb.cxx]
    OLE32.DLL!ComInvokeWithLockAndIPID	 [channelb.cxx]
    OLE32.DLL!ComInvoke	 [channelb.cxx]
    OLE32.DLL!ThreadDispatch	 [chancont.cxx]
    OLE32.DLL!ThreadWndProc	 [chancont.cxx]
    USER32.DLL!InternalCallWinProc	 [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow	 [clmsg.c]
    USER32.DLL!DispatchMessageWorker	 [clmsg.c]
    USER32.DLL!DispatchMessageW	 [cltxt.h]
    FSCCONTROLLER.EXE!CServiceModule::Run	 [antigenservice.cpp]
    FSCCONTROLLER.EXE!CServiceModule::ServiceMain	 [antigenservice.cpp]
    ADVAPI32.DLL!ScSvcctrlThreadA	 [scapi.cxx]
    KERNEL32.DLL!BaseThreadInitThunk	 [thread.c]
    NTDLL.DLL!__RtlUserThreadStart	 [rtlexec.c]
    NTDLL.DLL!_RtlUserThreadStart	 [rtlexec.c]
    
    back to Top
  8. Files are detected as CorruptedCompressedFile when the MaxUnCompressedFileSize registry value is set to 0xFFFFFFFF

    Symptoms

    If you set the value of the MaxUnCompressedFileSize registry value to 0xFFFFFFFF, Forefront Server Security for SharePoint detects files as CorruptedCompressedFile, regardless of their file size.

    If you have enabled the Delete Corrupted Compressed Files setting, the file is also deleted. To locate this setting, on the Settings menu in the Forefront Administrator console, click General Option.

    back to Top
  9. Forefront Server Security for SharePoint services do not start if the installation root directory contains a file that is named "Program"

    Symptoms

    Forefront Server Security for SharePoint services do not start if the installation root directory, such as C:, contains a file that is named "Program."

    Cause

    Forefront Server Security for SharePoint services do not contain quotation marks around the path of the executable that they trigger when they start. This causes the system to look for any file in the path. For example, "C:\Program" may be found for a path of the file "C:\Program Files (x86)\Microsoft Forefront Security\SharePoint Server\FSCController.exe." This means that Forefront finds the wrong file and cannot start the service.

    Workaround

    If you experience this issue, and you cannot install this rollup package, to resolve this issue immediately, put quotations marks around the path of the executable in the Services registry. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
    812486  (http://support.microsoft.com/kb/812486/ ) Event ID 7000 and "%1 Is Not a Valid Win32 Application" error message when you start a service
    back to Top
  10. Forefront Server Security for SharePoint may falsely detect that valid Microsoft Office 2003 Word documents contain CorruptedCompressedFile viruses

    Symptoms

    Forefront Server Security for SharePoint falsely detects that valid Office 2003 Word documents contain CorruptedCompressedFiles viruses. The attachment is removed as a virus.

    An e-mail attachment is removed, and an incident is logged in the Incidents panel that the file was removed as a CorruptedCompressedFile virus. The ProgramLog.txt file contains the following entry:
    INFORMATION: Realtime scan found virus: Folder: folder_name Storage Group\file name Message: subject line Incident: CorruptedCompressedFile State: Removed
    Note The folder_name placeholder is the name of the folder where the virus was found.

    Cause

    This issue occurs because of the method that Forefront Server Security for SharePoint uses to parse the Word document.

    back to Top
  11. When you rename an existing File Filter list, this causes the File Filter list to be disabled, and configuration settings revert to default settings in Forefront Server Security for SharePoint

    Symptoms

    Consider the following scenario:
    1. You rename an existing File Filter list. To locate the list, on the Filter Lists menu in the Forefront Administrator console, click Filtering.
    2. You view the File Filter list.
    In this scenario, the File Filter lists is displayed as Disabled, and all configuration settings such as Action, General and Identify are set to their default values.

    back to Top
  12. Performance is improved in Forefront Server Security for SharePoint for actioning hidden infected files in 2007 Microsoft Office OpenXML documents that were originally created by using beta versions of 2007 Microsoft Office

    Symptoms

    Some 2007 Microsoft Office OpenXML documents may contain hidden subfiles. For example, these hidden files can be files that are not referenced in the document's file_name.xml.rels file.

    Cause

    This issue occurs because of certain inefficiencies in the additional code that is used to scan hidden files in 2007 Microsoft Office OpenXML documents.

    More information

    The fix for this issue enables Forefront Server Security for SharePoint to scan the file more efficiently by using fewer system resources.

    Note RTM releases of 2007 Microsoft Office do not open any files that are not referenced in the document's file_name.xml.rels file.

    back to Top
  13. Memory is not released from scan processes when Forefront Server Security for SharePoint scans certain GZip files

    Symptoms

    Memory is not released from scan processes when Forefront Server Security for SharePoint scans GZip files.

    When this issue occurs, you may find that one or more of the following entries is logged in the ProgramLog.txt file:
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "Insufficient memory to continue the execution of the program.""
    
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "No more threads can be created in the system. (Exception from HRESULT: 0x800700A4)""
    
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "Value does not fall within the expected range.""
    
    "DIAGNOSTIC: localizestream.cpp::LocalizeStream(): Failed to allocate memory for local stream 0x8007000e"
    
    "ERROR: ReadWideCharBufferFromStream(): Attempted read of 5572 byte(s). Actual bytes read were 0. hr=8007000e"
    
    "ERROR: FSCRealtimeScanner: Exception occurred (0xc0000005) at address 0x056C3769, p[0]=0x0, p[1]=0x3287224f"
    "eax=0x00000000 ebx=0x32871fb7 ecx=0x07bdcfd0 edx=0x328721cd"
    "esi=0x07c8e3dc edi=0x32871fb7 ebp=0x07c6f0d0 esp=0x0102a2f8"
    "102a2f0: 00000000 00000000 00000000"
    ...
    "102f720: 00000004 0042378f 8007000e"
    
    Additionally, the following entries may be logged in the HRLog.txt file:
    "INFORMATION: F 0x8007000e, 775-(primaryobject)"
    "INFORMATION: F 0x8007000e, 1209-(primaryobject)"
    "INFORMATION: F 0x8007000e, 1855-(primaryobject)"
    "INFORMATION: S 0x8007000e, 7103-(workthread)"
    
    Note Many of these entries contain the following hexadecimal code:
    0x8007000E
    This hexadecimal code means "Not enough storage is available to complete this operation" or "ERROR_OUTOFMEMORY."

    Cause

    This issue can cause the memory that is consumed by Forefront scan processes such as FSCRealtimeScanner.exe, FSCTransportScanner.exe, or FSCManualScanner.exe to grow exponentially. This may ultimately cause a low-memory condition on the server.

    back to Top
  14. Memory is not released from scan processes when Forefront Server Security for SharePoint scans TAR files that are inside GZip files

    Symptoms

    Memory is not released from scan processes after Forefront Server Security for SharePoint scans tarball files (TAR files that are compressed inside GZip files, such as .tar.gz or .tgz).

    When this issue occurs, you may find that one or more of the following entries is logged in ProgramLog.txt file:
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "Insufficient memory to continue the execution of the program.""
    
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "No more threads can be created in the system. (Exception from HRESULT: 0x800700A4)""
    
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "Value does not fall within the expected range.""
    
    "DIAGNOSTIC: localizestream.cpp::LocalizeStream(): Failed to allocate memory for local stream 0x8007000e"
    
    "ERROR: ReadWideCharBufferFromStream(): Attempted read of 5572 byte(s). Actual bytes read were 0. hr=8007000e"
    
    "ERROR: FSCRealtimeScanner: Exception occurred (0xc0000005) at address 0x056C3769, p[0]=0x0, p[1]=0x3287224f"
    "eax=0x00000000 ebx=0x32871fb7 ecx=0x07bdcfd0 edx=0x328721cd"
    "esi=0x07c8e3dc edi=0x32871fb7 ebp=0x07c6f0d0 esp=0x0102a2f8"
    "102a2f0: 00000000 00000000 00000000"
    ...
    "102f720: 00000004 0042378f 8007000e"
    
    Additionally, the following entries may be logged in the HRLog.txt file:
    "INFORMATION: F 0x8007000e, 775-(primaryobject)"
    "INFORMATION: F 0x8007000e, 1209-(primaryobject)"
    "INFORMATION: F 0x8007000e, 1855-(primaryobject)"
    "INFORMATION: S 0x8007000e, 7103-(workthread)"
    
    Note Many of these entries contain the following hexadecimal code:
    0x8007000E
    This hexadecimal code means "Not enough storage is available to complete this operation" or "ERROR_OUTOFMEMORY."

    Cause

    This issue may cause the memory that is consumed by the Forefront scan processes such as FSCRealtimeScanner.exe, FSCTransportScanner.exe, or FSCManualScanner.exe to grow exponentially. This may ultimately cause a low-memory condition on the server.

    back to Top
  15. Memory is not released from scan processes when Forefront Server Security for SharePoint scans Mac Zip files that are inside another archive or compressed file

    Symptoms

    Memory is not released from the scan process when Forefront Server Security for SharePoint scans Mac Zip files that are inside another archive or compressed file.

    When this issue occurs, you may find that one or more of the following entries is logged in the ProgramLog.txt file:
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "Insufficient memory to continue the execution of the program.""
    
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "No more threads can be created in the system. (Exception from HRESULT: 0x800700A4)""
    
    "ERROR: An exception has occurred within ForefrontAgent's Scan method. Exception message = "Value does not fall within the expected range.""
    
    "DIAGNOSTIC: localizestream.cpp::LocalizeStream(): Failed to allocate memory for local stream 0x8007000e"
    
    "ERROR: ReadWideCharBufferFromStream(): Attempted read of 5572 byte(s). Actual bytes read were 0. hr=8007000e"
    
    "ERROR: FSCRealtimeScanner: Exception occurred (0xc0000005) at address 0x056C3769, p[0]=0x0, p[1]=0x3287224f"
    "eax=0x00000000 ebx=0x32871fb7 ecx=0x07bdcfd0 edx=0x328721cd"
    "esi=0x07c8e3dc edi=0x32871fb7 ebp=0x07c6f0d0 esp=0x0102a2f8"
    "102a2f0: 00000000 00000000 00000000"
    ...
    "102f720: 00000004 0042378f 8007000e"
    
    Additionally, the following entries may be logged in the HRLog.txt file:
    "INFORMATION: F 0x8007000e, 775-(primaryobject)"
    "INFORMATION: F 0x8007000e, 1209-(primaryobject)"
    "INFORMATION: F 0x8007000e, 1855-(primaryobject)"
    "INFORMATION: S 0x8007000e, 7103-(workthread)"
    
    Note Many of these entries contain the following hexadecimal code:
    0x8007000E
    This hexadecimal code means "Not enough storage is available to complete this operation" or "ERROR_OUTOFMEMORY."

    Cause

    This issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.

    back to Top
  16. An FSS-ELI Scheduled Task is not created if all engine updates are disabled in Forefront Server Security for SharePoint

    Symptoms

    An FSS-ELI Scheduled Task is not created if all engine updates are disabled in Forefront Server Security for SharePoint.

    Cause

    This issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.

    Workaround

    If you experience this issue and cannot install this rollup package to resolve this issue immediately, follow these steps to work around the issue temporarily:
    1. Schedule at least one engine update, such as the Worm List. To do this, on the Settings menu in the Forefront Administrator Console, click Scanner Updates.
    2. Restart Forefront SharePoint services. This enables Forefront Server Security for SharePoint to create the FSS-ELI Scheduled Task.


    More information

    The FSS-ELI Scheduled Task is responsible for updating Forefront’s Engine Licensing Information (ELI) file EngineInfo.cab. If engine updates are not enabled for any engines, the FSS-ELI Scheduled Task is not created.

    To enable engine updates for any engine, on the Settings menu in the Forefront Administrator Console, click Scanner Updates.

    Note For example, this may be a configuration that you may choose if you use Forefront Server Security Management Console to distribute engines centrally.

    back to Top
  17. All engine updates roll back in Forefront Server Security for SharePoint if the installation root contains a file that is named "Program"

    Symptoms

    When you try to update a scan engine in Forefront Server Security for SharePoint, it rolls back. A new scan engine is downloaded, but the scan engine cannot be integrated. The new engine is rolled back, and Forefront reverts to the old engine.

    Additionally, the following entries may be logged in the Application log and in the ProgramLog.txt file for each attempted engine update. The following example is for the Microsoft scan engine:
    "INFORMATION: The Microsoft scan engine has been downloaded"
    "INFORMATION: The Microsoft scan engine has been staged."
    "ERROR: (0x000000c1) %1 is not a valid Win32 application. Unable to launch ScanEngineTest for the Microsoft scan engine."
    "INFORMATION: The Microsoft scan engine has been rolled back."
    
    Cause

    This issue occurs because, when a new scan engine is downloaded, Forefront must first test it before integrating the scan engine. ScanEngineTest.exe is used for this purpose.

    The path of ScanEngineTest.exe is not enclosed in quotation marks in the engine update code in Forefront. This causes the system to look for any file in the path. For example, "C:\Program" may be found for a path of the file "C:\Program Files (x86)\Microsoft Forefront Security\SharePoint Server\ScanEngineTest.exe." This means that Forefront finds the wrong file and cannot complete the scan engine test. The engine is then rolled back.

    This issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.

    back to Top
  18. Filter Lists settings are not applied when you perform a silent installation of Forefront Server Security for SharePoint

    Symptoms

    Consider the following scenario:
    • You use the -t parameter to specify a Template.fdb file when you run the Forefront Server Security for SharePoint setup as a silent installation.
    • The Template.fdb file contains custom Filter Lists.
    In this scenario, the custom Filter Lists are not populated in the new installation. However, the installation of Forefront Server Security for SharePoint is successful.

    Cause

    This issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.

    More information

    The FilterLists.fdb file is not created until the Forefront Administrator console is opened for the first time. Setup is therefore unable to load any custom Filter Lists into the FilterLists.fdb file during a silent installation because the FilterLists.fdb file does not exist at that point.

    back to Top
  19. Exceptions during a Forefront for SharePoint manual scan cause "ExceedinglyNested" detection and file removal

    Symptoms

    During a manual scan on SharePoint, Forefront Security for SharePoint incorrectly detects Office and e-mail documents as "ExceedinglyNested." Forefront Server for SharePoint quarantines these files, and the documents in SharePoint are replaced with deletion text.

    Cause

    This issue may occur during the manual scan if Forefront Security for SharePoint enters into an unhealthy state where exceptions are thrown. Additionally, the manual scan may try to continue scanning documents.

    If these exceptions occur in a specific code location, it will cause the counters that track exceedingly nested files to become invalid. These invalid counters cause the Forefront Security for SharePoint manual scan to incorrectly detect normal files as "ExceedinglyNested."

    back to Top
  20. When you generate a Forefront Diagnostic for Forefront Security for SharePoint, you are prompted to "press any key" to complete the data collection

    Symptoms

    When you generate a Forefront Diagnostic for Forefront Security for SharePoint, you are prompted to "press any key" to complete the data collection. To complete the data collection, you must have administrative credentials.

    back to Top
  21. When an engine update fails in Forefront Security for SharePoint because of an invalid database path, Forefront does not log a concise error message

    Symptoms

    When an invalid database path is present in the Forefront for SharePoint registry settings, the engine update is not completed. Additionally, a concise error message is not logged.

    More information

    After you install Forefront Security for SharePoint Service Pack 3 Rollup 1, the following error message will now be logged in the Application log when an engine update fails because of an invalid database path:
    Source: FSCController

    Event ID: 100

    Severity: Error

    ERROR: The database path in the registry does not exist.
    back to Top
  22. When a template from one Forefront Security for SharePoint installation is applied to another installation, the installation that receives the template may lose all Forefront settings and stop scanning documents

    Symptoms

    In some scenarios, when RPC issues occur as a Forefront Security for SharePoint template is applied from one Forefront Security for SharePoint server to another, the Forefront Security for SharePoint settings may be deleted on the server that receives the template before the template is applied. Because of certain RPC and networking issues, the new template cannot be applied. This causes Forefront to stop scanning.

    Cause

    This issue may occur because of the order in which Forefront for SharePoint applies a template. This process starts with the deletion of the existing database configurations on the Forefront for SharePoint server that receives the template, and then the new template is applied. Networking issues may interfere with applying the new template after the existing database configurations are deleted.

    back to Top
  23. A scan engine update fails and logs a warning message in the ProgramLog.txt file

    If any of the Forefront Security for SharePoint Server external scan engine vendors release a scan engine update that incorporates files that are packaged within subdirectories, the scan engine update fails. Additionally, a warning message is logged in the ProgramLog.txt file that resembles the following:
    WARNING: A failure was reported by the synchronization observer while installing the scanner. Action = 0x00000001. C:\Forefront Installation Directory\EngineName\Bin\bases/stt/
    Cause

    This problem occurs because Forefront Security for SharePoint Server cannot update a scan engine that contains one or more subdirectories in its update package.

    back to Top

Hotfix rollup information

Download information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

How to install the hotfix rollup

To install the hotfix rollup, follow these steps:
  1. Run the installer. To do this, double-click the hotfix rollup executable file.

    Note When the installer is running, the Forefront and SharePoint services are stopped.
  2. After the installation is complete, and the Forefront and SharePoint services are restarted, make sure that Forefront is working correctly.

    Notes
    • The Forefront and SharePoint services are restarted automatically during the installation.
    • Forefront service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see "Deployment Jobs" in the Forefront Server Security Management Console User's Guide. In this case, the installer runs in silent mode, and there is no user input that is required. The rest of the process remains the same as when you run the installer by double-clicking the executable file.

Prerequisites

There are no prerequisites for installing this hotfix rollup.

File information

This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.

The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Aexmladapter.dll10.2.945.0379,24812-Jan-201001:34x86
Custominstall.dll10.2.945.0922,99212-Jan-201001:34x86
Customuninstall.dll10.2.945.0342,38412-Jan-201001:34x86
Eventstrings-en_us.dll10.2.945.0118,64012-Jan-201001:34x86
Eventstrings.dll10.2.945.0118,64012-Jan-201001:34x86
Extractfiles.exe10.2.945.0338,28812-Jan-201001:34x86
Filterengine.dll10.2.945.0332,65612-Jan-201001:34x86
Fscadmarksvc.exe10.2.945.089,08811-Jan-201023:35x86
Fsccodec.dll10.2.945.0194,92812-Jan-201001:34x86
Fsccontroller.exe10.2.945.01,607,02412-Jan-201001:34x86
Fsccontrollerps.dll10.2.945.085,36012-Jan-201001:34x86
Fscdiag.exe10.2.945.0487,79212-Jan-201001:34x86
Fscexec.exe10.2.945.057,20012-Jan-201001:34x86
Fscmanualscanner.exe10.2.945.0899,44012-Jan-201001:34x86
Fscrealtimescanner.exe10.2.945.0882,54412-Jan-201001:34x86
Fscstarter.exe10.2.945.0249,20012-Jan-201001:34x86
Fscstatsserv.exe10.2.945.0270,70412-Jan-201001:34x86
Fscutility.exe10.2.945.0494,44812-Jan-201001:34x86
Fssaclient.exe10.2.945.01,221,48812-Jan-201001:34x86
Fsspcontroller.exe10.2.945.0320,36812-Jan-201001:34x86
Fsspnavigator.dll10.2.945.0275,31212-Jan-201001:34x86
Fsspusernamefilter.dll10.2.945.0195,44012-Jan-201001:34x86
Getenginefiles.exe10.2.945.0643,95212-Jan-201001:34x86
Gziparchive.dll10.2.945.0267,12012-Jan-201001:34x86
Installservice.exe10.2.945.049,00812-Jan-201001:34x86
Installtask.exe10.2.945.0226,67212-Jan-201001:34x86
Launcher.exe10.2.945.0215,40812-Jan-201001:34x86
Macbinnavigator.dll10.2.945.0241,52012-Jan-201001:34x86
Mimenavigator.dll10.2.945.0322,92812-Jan-201001:34x86
Multimapper.dll10.2.945.0672,62412-Jan-201001:34x86
Openxmlnavigator.dll10.2.945.092,52812-Jan-201001:34x86
Perfmonitorsetup.exe10.2.945.0294,76812-Jan-201001:34x86
Programlogmsg.dll10.2.945.0111,47212-Jan-201001:34x86
Rarnavigator.dll10.2.945.0333,68012-Jan-201001:34x86
Remotinglayer.dll10.2.945.082,28812-Jan-201001:34x86
Scanengines.dll10.2.945.0562,03212-Jan-201001:34x86
Scanenginetest.exe10.2.945.0359,79212-Jan-201001:34x86
Semsetup.exe10.2.945.0292,20812-Jan-201001:34x86
Sfxcab.exe10.2.945.039,42410-Feb-201014:03x86
Smimenavigator.dll10.2.945.0238,44812-Jan-201001:34x86
Spvsapi.dll10.2.945.0333,16812-Jan-201001:34x86
Statisticsmanager.dll10.2.945.0537,45612-Jan-201001:34x86
Structstgnavigator.dll10.2.945.0300,40012-Jan-201001:34x86
Tararchive.dll10.2.945.0249,20012-Jan-201001:34x86
Tnefnavigator.dll10.2.945.0308,08012-Jan-201001:34x86
Uuencodenavigator.dll10.2.945.0256,88012-Jan-201001:34x86
Version.exe10.2.945.0309,61612-Jan-201001:34x86
Ziparchive.dll10.2.945.0304,49612-Jan-201001:34x86
Fscperfmonitor.dll10.2.945.0315,76012-Jan-201001:34x86
Custom64.dllNot Applicable74,75202-Feb-201017:47x86
Updspapi.dll6.3.16.0380,26410-Oct-200813:57x86

APPLIES TO
  • Microsoft Forefront Security for SharePoint
Keywords: 
kbautohotfix kbdownload kbfix kberrmsg kbbug atdownload kbexpertiseinter kbsurveynew kbqfe kbhotfixserver KB978300
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support