Forefront Security for Exchange Server: Description of Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2

SUPPORT SOLUTION:
Microsoft has released Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2. This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup..Issues that are resolved with Hotfix Rollup 4 for Forefront Security for Exchange Service Pack 2

.Filter sets do not work after upgrading to Forefront Security for Exchange with Service Pack 2The FSCTransportScanner.exe process crashes in Forefront Server for Exchange stopping mail flowEmail is sent to the Forefront UNDELIVERABLE folder instead of being deliveredThe Kaspersky antivirus scan engine on Forefront Security for Exchange fails to update from an engine redistribution serverDetails of the issues that are fixed in the hotfix rollup
3,
 Filter sets do not work after upgrading to Forefront Security for Exchange with Service Pack 2SymptomsAfter applying Service Pack 2 for Forefront Security for Exchange filter sets are still visible, however they are non-functional. Positive filter matches are no longer filtered. Forefront functions as if the filter set is not there, even though it is still visible.CauseForefront Security for Exchange is unable to read into filter sets after the upgrade.The FSCTransportScanner.exe process crashes in Forefront Server for Exchange stopping mail flowSymptomsYou experience the following symptoms on the Forefront Server for Exchange server:-Steady or intermittent delays in mail flow. -The following error will be present in the Application Log:EventID: 1000Source: Application ErrorForefront hotfix rollup 3 Faulting application FSCTransportScanner.exe Faulting application FSCTransportScanner.exe, version 10.2.954.0, [time stamp], faulting module ntdll.dll, version 6.0.6002.18005, [time stamp], exception code 0xc0000005, fault offset 0×0002ac0f, [process id], [application start time].CauseForefront Security for Exchange is attempting to free memory from a heap, from which it did not originally allocate memory.Email is sent to the Forefront UNDELIVERABLE folder instead of being deliveredSymptomsMail is delivered to the Forefront Security for Exchange UNDELIVERABLE folder instead of to the recipient.The following error is seen in the ProgramLog.txt:Date/Time (PID), “ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Insufficient memory to continue the execution of the program.”Date/Time (PID),”INFORMATION: ArchiveMailMessage called to archive d:\Forefront\Data\Archive\Undeliverable\[file name]“More informationThis will typically occur on files that are 90 MB in size or greater.CauseForefront Security for Exchange is unable to restart a scan job after recovering from an out of memory state. This causes file to be sent to UNDELIVERABLE folder.The Kaspersky antivirus scan engine on Forefront Security for Exchange fails to update from an engine redistribution serverSummaryAn issue has been identified in Forefront Security for Exchange in the way that it retrieves updates for version 8 of the Kaspersky antivirus scan engine.The incremental engine update functionality may fail resulting in a full engine update. This full engine update may require downloading an engine file package in excess of 160 megabytes. Due to the size and frequency of the engine update, servers may experience a noticeable spike in resource consumption which can degrade overall productivity of the server.SymptomsThe Kaspersky antivirus scan engine on the managed Exchange server running Forefront Security for Exchange may fail to update.The Kaspersky engine folder on the redistribution server is deleted.Due to the size and frequency of the engine update, servers may experience a noticeable spike in resource consumption which can degrade overall productivity of the server.Download information
3,
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. If the hotfix is available for download, there is a “Hotfix download available” section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The “Hotfix download available” form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.How to install the hotfix rollup
3,
To install the hotfix rollup, follow these steps: Run the installer. To do this, double-click the hotfix rollup executable file.Note When the installer is running, the Forefront services are stopped. After the installation is complete, and the Forefront services are restarted, make sure that Forefront is working correctly.NotesThe Forefront services are restarted automatically during the installation.Prerequisites
3,
This hotfix rollup requires that ForefrontSecurity for Exchange with Service Pack 2 is installed. File information
3,
This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.
The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.Collapse this tableExpand this tableFile nameFile versionFile sizeDateTimePlatformAdonavigator.dll10.2.956.0422,18424-Feb-201119:50×86Adonavigator64.dll10.2.956.0717,09624-Feb-201119:55×64Adonavsvc.exe10.2.956.0155,94424-Feb-201119:55×64Aexmladapter.dll10.2.956.0380,71224-Feb-201119:50×86Custominstall.dll10.2.956.0924,45624-Feb-201119:50×86Customuninstall.dll10.2.956.0343,33624-Feb-201119:50×86Eventstrings-en_us.dll10.2.956.0119,59224-Feb-201119:50×86Eventstrings.dll10.2.956.0119,59224-Feb-201119:50×86Extractfiles.exe10.2.956.0339,24024-Feb-201119:50×86Filterengine.dll10.2.956.0333,60824-Feb-201119:50×86Fscadmarksvc.exe10.2.956.089,08824-Feb-201116:48×86Fscappscanner.dll10.2.956.0335,65624-Feb-201119:50×86Fsccodec.dll10.2.956.0196,39224-Feb-201119:50×86Fsccommon.dll10.2.956.019,24024-Feb-201119:50×86Fsccontroller.exe10.2.956.01,608,48824-Feb-201119:50×86Fsccontrollerps.dll10.2.956.086,31224-Feb-201119:50×86Fsccontroller_net_wrapper.dll10.2.956.035,62424-Feb-201119:50×86Fscdiag.exe10.2.956.0488,74424-Feb-201119:50×86Fscexec.exe10.2.956.058,15224-Feb-201119:50×86Fscmanualscanner.exe10.2.956.0900,90424-Feb-201119:50×86Fscmonitor.exe10.2.956.0266,02424-Feb-201119:50×86Fscmonitorps.dll10.2.956.052,00824-Feb-201119:50×86Fscrealtimescanner.exe10.2.956.0883,49624-Feb-201119:50×86Fscstarter.exe10.2.956.0250,15224-Feb-201119:50×86Fscstatsserv.exe10.2.956.0271,65624-Feb-201119:50×86Fsctransportscanner.exe10.2.956.0904,48824-Feb-201119:50×86Fscutility.exe10.2.956.0495,91224-Feb-201119:50×86Fseagent_8.0.685.dll10.2.956.084,77624-Feb-201119:50×86Fseccrservice.exe10.2.956.0850,21624-Feb-201119:50×86Fseimc.exe10.2.956.0325,41624-Feb-201119:50×86Fsemailpickup.exe10.2.956.092,96824-Feb-201119:50×86Fsestore.exe10.2.956.0248,61624-Feb-201119:50×86Fsevsapi.dll10.2.956.0617,76824-Feb-201119:55×64Fsevsapiex.dll10.2.956.077,60824-Feb-201119:55×64Fssaclient.exe10.2.956.01,222,44024-Feb-201119:50×86Getenginefiles.exe10.2.956.0716,07224-Feb-201119:50×86Gziparchive.dll10.2.956.0268,07224-Feb-201119:50×86Installservice.exe10.2.956.049,96024-Feb-201119:50×86Installtask.exe10.2.956.0227,62424-Feb-201119:50×86Launcher.exe10.2.956.0401,19224-Feb-201119:55×64Localenginemapping.cabNot Applicable6,39916-Jun-201021:14Not ApplicableMacbinnavigator.dll10.2.956.0242,47224-Feb-201119:50×86Mimenavigator.dll10.2.956.0323,88024-Feb-201119:50×86Multimapper.dll10.2.956.0678,18424-Feb-201119:50×86Openxmlnavigator.dll10.2.956.093,48024-Feb-201119:50×86Perfmonitorsetup.exe10.2.956.0295,72024-Feb-201119:50×86Programlogmsg.dll10.2.956.0112,42424-Feb-201119:50×86Rarnavigator.dll10.2.956.0334,63224-Feb-201119:50×86Remotinglayer.dll10.2.956.083,24024-Feb-201119:50×86Remotinglayer64.dll10.2.956.0116,52024-Feb-201119:55×64Scanengines.dll10.2.956.0562,98424-Feb-201119:50×86Scanenginetest.exe10.2.956.0360,74424-Feb-201119:50×86Semsetup.exe10.2.956.0293,16024-Feb-201119:50×86Sfxcab.exe10.2.956.039,42425-Feb-201114:15×86Smimenavigator.dll10.2.956.0239,40024-Feb-201119:50×86Statisticsmanager.dll10.2.956.0538,40824-Feb-201119:50×86Structstgnavigator.dll10.2.956.0301,35224-Feb-201119:50×86Synchelper.dll10.2.956.0508,20024-Feb-201119:50×86Tararchive.dll10.2.956.0250,15224-Feb-201119:50×86Tnefnavigator.dll10.2.956.0309,03224-Feb-201119:50×86Uuencodenavigator.dll10.2.956.0257,83224-Feb-201119:50×86Version.exe10.2.956.0310,56824-Feb-201119:50×86Ziparchive.dll10.2.956.0305,44824-Feb-201119:50×86Fscperfmonitor.dll10.2.956.0316,71224-Feb-201119:50×86Fscperfmonitor.dll10.2.956.0545,57624-Feb-201119:55×64Custom64.dllNot Applicable117,40030-Sep-201020:30×64Updspapi.dll6.3.16.0463,72010-Oct-200816:42×64.

For File Repair and Data Recovery, visit File Repair / Data Recovery