Forefront Security for SharePoint: Description of Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
By TechSupport
SUPPORT PROBLEM: Description of Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
Applications Supported:
COPYRIGHT NOTICE: (c) 2007 Microsoft Corporation. All rights reserved.
SUPPORT SOLUTION:
Microsoft has released Hotfix Rollup 1 for Microsoft Forefront Security for SharePoint with Service Pack 3. This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup..New feature in Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
Before this rollup, Forefront Server Security for SharePoint only enabled the deletion of files that exceed any of the following four General Option limits: Max Container Scan Time (Real-Time) Max Container Scan Time (Manual) Max Nested Attachments Max Nested Compressed FilesHotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3 now includes the ability to perform a “Skip: detect only” action on files that exceed any of these four General Option limits. To do this, disable the Delete Corrupted Compressed Files General Option, after you have applied the hotfix rollup.Note When the Delete Corrupted Compressed Files General Option is enabled, files that match any of these four General Options will also be deleted.
To locate these features, on the Settings menu in the Forefront Administrator console, click General Options. .Issues that are fixed in Hotfix Rollup 1 for Forefront Security for SharePoint with Service Pack 3
In addition to the fixes included in all service packs and rollups for Forefront Security for SharePoint, this hotfix rollup fixes the following issues.Details of the issues that are fixed in the hotfix rollup
3,
An error message is logged when you use Microsoft Forefront Server Security Management Console to update the scan engines: “ERROR: A standard exception was caught in GetEngineFiles. invalid string position”Forefront Server Security for SharePoint may clean and upload a file to SharePoint instead of performing the expected behavior of blocking the fileForefront Server Security for SharePoint does not quarantine the whole OpenXML document during a Quick or Manual scanThe Incidents panel in Forefront Security Server for SharePoint may display the user GUID or remain blank in the Document Creator column, instead of displaying the actual user nameThe FSCController.exe process may crash and generate a Dr. Watson crash that references Bucket ID 671966687Excessive logging in Forefront Security for SharePoint may cause upload or download delays in SharePointThe FSCController.exe process crashes and generates a Dr. Watson crash that references Bucket ID 653246026Files are detected as CorruptedCompressedFile when the MaxUnCompressedFileSize registry value is set to 0xFFFFFFFFForefront Server Security for SharePoint services do not start if the installation root directory contains a file that is named “Program”Forefront Server Security for SharePoint may falsely detect that valid Office 2003 Word documents contain CorruptedCompressedFile virusesWhen you rename an existing File Filter list, this causes the File Filter list to be disabled, and configuration settings revert to default settings in Forefront Server Security for SharePointPerformance is improved in Forefront Server Security for SharePoint for actioning hidden infected files in 2007 Microsoft Office OpenXML documents that were originally created by using beta versions of 2007 Microsoft Office Memory is not released from scan processes when Forefront Server Security for SharePoint scans certain GZip filesMemory is not released from scan processes when Forefront Server Security for SharePoint scans TAR files that are inside GZip files Memory is not released from scan processes when Forefront Server Security for SharePoint scans Mac Zip files that are inside another archive or compressed fileAn FSS-ELI Scheduled Task is not created if all engine updates are disabled in Forefront Server Security for SharePointAll engine updates roll back in Forefront Server Security for SharePoint if the installation root contains a file that is named “Program”Filter Lists settings are not applied when you perform a silent installation of Forefront Server Security for SharePointExceptions during a Forefront for SharePoint manual scan cause “ExceedinglyNested” detection and file removalWhen you generate a Forefront Diagnostic for Forefront Security for SharePoint, you are prompted to “press any key” to complete the data collectionWhen an engine update fails in Forefront Security for SharePoint because of an invalid database path, Forefront does not log a concise error messageWhen a template from one Forefront Security for SharePoint installation is applied to another installation, the installation that receives the template may lose all Forefront settings and stop scanning documentsA scan engine update fails and logs a warning message in the ProgramLog.txt fileAn error message is logged when you use Microsoft Forefront Server Security Management Console to update the scan engines: “ERROR: A standard exception was caught in GetEngineFiles. invalid string position”SymptomsWhen you use the Microsoft Forefront Server Security Management Console (FSSMC) to update the scan engines on Forefront Security for SharePoint, the engine updates fail. Additionally, the following error message is logged:Date/Time (3284- 1556), ERROR: A standard exception was caught in GetEngineFiles. invalid string position.”back to TopForefront Server Security for SharePoint may clean and upload a file to SharePoint instead of performing the expected behavior of blocking the fileSymptomsIf a file contains both a component that can be cleaned, such as a virus, together with a component that should be blocked, such as a Keyword Filter, the file is cleaned and uploaded instead of blocked.back to TopForefront Server Security for SharePoint does not quarantine the whole OpenXML document during a Quick or Manual scanSymptomsAn OpenXML document was deleted and quarantined during a Quick or Manual scan. You locate and try to deliver the OpenXML document from the Forefront Server Security for SharePoint Quarantine. But you find that only a sub-file of the document is present. For example, Newletter.docx is deleted according to a Keyword filter during a Manual scan. However, only document.xml is present in the Quarantine.More informationOpenXML files are basically container files. When Forefront Server Security for SharePoint makes a detection in the file, only the specific sub-file within is actioned and quarantined if the Quarantine Files option is enabled. Therefore, an administrator cannot deliver the whole OpenXML document from quarantine to the intended recipient.back to TopThe Incidents panel in Forefront Security Server for SharePoint may display the user GUID or remain blank in the Document Creator column, instead of displaying the actual user nameSymptomsAn administrator may see GUIDs or blanks in the Incidents panel in the Document Creator column.More InformationForefront Security Server for SharePoint may be unable to identify a document creator name of a file that it lists in the Incidents panel. The user name is blank or is displayed as a GUID.back to TopThe FSCController.exe process may crash and generate a Dr. Watson crash that references Bucket ID 671966687SymptomsThe FSCController.exe process may crash. This generates a Dr. Watson crash that references Bucket ID 671966687. The crash generates the following stack dump file:OLE32.DLL!CStdMarshal::DisconnectCliIPIDs [marshal.cxx]
OLE32.DLL!CStdMarshal::Disconnect [marshal.cxx]
OLE32.DLL!CStdMarshal::HandlePendingDisconnect [marshal.cxx]
OLE32.DLL!CStdMarshal::Finish_QueryRemoteInterfaces [marshal.cxx]
OLE32.DLL!CStdMarshal::QueryRemoteInterfaces [marshal.cxx]
OLE32.DLL!CStdIdentity::CInternalUnk::QueryMultipleInterfaces [stdid.cxx]
OLE32.DLL!CStdIdentity::CInternalUnk::QueryInterface [stdid.cxx]
RPCRT4.DLL!IUnknown_QueryInterface_Proxy [proxy.cxx]
FSCCONTROLLER.EXE!CRealtimeProxy::DisableScanEngine [realtimeproxy.cpp]
FSCCONTROLLER.EXE!CSybariService::DisableScanEngines [sybariservice.cpp]
RPCRT4.DLL!Invoke [stubless.asm]
RPCRT4.DLL!NdrStubCall2 [srvcall.cxx]
RPCRT4.DLL!CStdStubBuffer_Invoke [stub.cxx]
OLE32.DLL!SyncStubInvoke [channelb.cxx]
OLE32.DLL!StubInvoke [channelb.cxx]
OLE32.DLL!CCtxComChnl::ContextInvoke [ctxchnl.cxx]
OLE32.DLL!MTAInvoke [callctrl.cxx]
OLE32.DLL!STAInvoke [callctrl.cxx]
OLE32.DLL!AppInvoke [channelb.cxx]
OLE32.DLL!ComInvokeWithLockAndIPID [channelb.cxx]
OLE32.DLL!ComInvoke [channelb.cxx]
OLE32.DLL!ThreadDispatch [chancont.cxx]
OLE32.DLL!ThreadWndProc [chancont.cxx]
USER32.DLL!InternalCallWinProc [callproc.asm]
USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
USER32.DLL!DispatchMessageWorker [clmsg.c]
USER32.DLL!DispatchMessageW [cltxt.h]
FSCCONTROLLER.EXE!CServiceModule::Run [antigenservice.cpp]
FSCCONTROLLER.EXE!CServiceModule::ServiceMain [antigenservice.cpp]
ADVAPI32.DLL!ScSvcctrlThreadA [scapi.cxx]
KERNEL32.DLL!BaseThreadInitThunk [thread.c]
NTDLL.DLL!__RtlUserThreadStart [rtlexec.c]
NTDLL.DLL!_RtlUserThreadStart [rtlexec.c]
back to TopExcessive logging in Forefront Security for SharePoint may cause upload or download delays in SharePointSymptomsYou may experience upload or download delays in SharePoint.CauseThis issue may occur because default level logging in Forefront Security for SharePoint may be resource intensive.back to TopThe FSCController.exe process crashes and generates a Dr. Watson crash that references Bucket ID 653246026SymptomsThe FSCController.exe crashes and generates a Dr. Watson crash that references Bucket ID 653246026. The crash generates the following stack dump file: FSCCONTROLLER.EXE!CRealtimeProxy::Shutdown [realtimeproxy.cpp]
FSCCONTROLLER.EXE!ShutdownStorageGroup [sybariservice.cpp]
FSCCONTROLLER.EXE!CSybariService::ShutdownStorageGroup [sybariservice.cpp]
FSCCONTROLLER.EXE!CSybariService::ShutdownStorageGroup [sybariservice.cpp]
RPCRT4.DLL!Invoke [stubless.asm]
RPCRT4.DLL!NdrStubCall2 [srvcall.cxx]
RPCRT4.DLL!CStdStubBuffer_Invoke [stub.cxx]
OLEAUT32.DLL!CUnivStubWrapper::Invoke [rpcwrap.cpp]
OLE32.DLL!SyncStubInvoke [channelb.cxx]
OLE32.DLL!StubInvoke [channelb.cxx]
OLE32.DLL!CCtxComChnl::ContextInvoke [ctxchnl.cxx]
OLE32.DLL!MTAInvoke [callctrl.cxx]
OLE32.DLL!STAInvoke [callctrl.cxx]
OLE32.DLL!AppInvoke [channelb.cxx]
OLE32.DLL!ComInvokeWithLockAndIPID [channelb.cxx]
OLE32.DLL!ComInvoke [channelb.cxx]
OLE32.DLL!ThreadDispatch [chancont.cxx]
OLE32.DLL!ThreadWndProc [chancont.cxx]
USER32.DLL!InternalCallWinProc [callproc.asm]
USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
USER32.DLL!DispatchMessageWorker [clmsg.c]
USER32.DLL!DispatchMessageW [cltxt.h]
FSCCONTROLLER.EXE!CServiceModule::Run [antigenservice.cpp]
FSCCONTROLLER.EXE!CServiceModule::ServiceMain [antigenservice.cpp]
ADVAPI32.DLL!ScSvcctrlThreadA [scapi.cxx]
KERNEL32.DLL!BaseThreadInitThunk [thread.c]
NTDLL.DLL!__RtlUserThreadStart [rtlexec.c]
NTDLL.DLL!_RtlUserThreadStart [rtlexec.c]
back to TopFiles are detected as CorruptedCompressedFile when the MaxUnCompressedFileSize registry value is set to 0xFFFFFFFFSymptomsIf you set the value of the MaxUnCompressedFileSize registry value to 0xFFFFFFFF, Forefront Server Security for SharePoint detects files as CorruptedCompressedFile, regardless of their file size.If you have enabled the Delete Corrupted Compressed Files setting, the file is also deleted. To locate this setting, on the Settings menu in the Forefront Administrator console, click General Option.back to TopForefront Server Security for SharePoint services do not start if the installation root directory contains a file that is named “Program”SymptomsForefront Server Security for SharePoint services do not start if the installation root directory, such as C:, contains a file that is named “Program.”CauseForefront Server Security for SharePoint services do not contain quotation marks around the path of the executable that they trigger when they start. This causes the system to look for any file in the path. For example, “C:\Program” may be found for a path of the file “C:\Program Files (x86)\Microsoft Forefront Security\SharePoint Server\FSCController.exe.” This means that Forefront finds the wrong file and cannot start the service.WorkaroundIf you experience this issue, and you cannot install this rollup package, to resolve this issue immediately, put quotations marks around the path of the executable in the Services registry.
For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
812486Â
(http://support.microsoft.com/kb/812486/
)
Event ID 7000 and “%1 Is Not a Valid Win32 Application” error message when you start a service
back to TopForefront Server Security for SharePoint may falsely detect that valid Microsoft Office 2003 Word documents contain CorruptedCompressedFile virusesSymptomsForefront Server Security for SharePoint falsely detects that valid Office 2003 Word documents contain CorruptedCompressedFiles viruses. The attachment is removed as a virus.An e-mail attachment is removed, and an incident is logged in the Incidents panel that the file was removed as a CorruptedCompressedFile virus. The ProgramLog.txt file contains the following entry: INFORMATION: Realtime scan found virus: Folder: folder_name Storage Group\file name Message: subject line Incident: CorruptedCompressedFile State: RemovedNote The folder_name placeholder is the name of the folder where the virus was found.CauseThis issue occurs because of the method that Forefront Server Security for SharePoint uses to parse the Word document.back to TopWhen you rename an existing File Filter list, this causes the File Filter list to be disabled, and configuration settings revert to default settings in Forefront Server Security for SharePointSymptomsConsider the following scenario:You rename an existing File Filter list. To locate the list, on the Filter Lists menu in the Forefront Administrator console, click Filtering.You view the File Filter list. In this scenario, the File Filter lists is displayed as Disabled, and all configuration settings such as Action, General and Identify are set to their default values.back to TopPerformance is improved in Forefront Server Security for SharePoint for actioning hidden infected files in 2007 Microsoft Office OpenXML documents that were originally created by using beta versions of 2007 Microsoft Office SymptomsSome 2007 Microsoft Office OpenXML documents may contain hidden subfiles. For example, these hidden files can be files that are not referenced in the document’s file_name.xml.rels file.CauseThis issue occurs because of certain inefficiencies in the additional code that is used to scan hidden files in 2007 Microsoft Office OpenXML documents.More informationThe fix for this issue enables Forefront Server Security for SharePoint to scan the file more efficiently by using fewer system resources.Note RTM releases of 2007 Microsoft Office do not open any files that are not referenced in the document’s file_name.xml.rels file.back to TopMemory is not released from scan processes when Forefront Server Security for SharePoint scans certain GZip filesSymptomsMemory is not released from scan processes when Forefront Server Security for SharePoint scans GZip files.When this issue occurs, you may find that one or more of the following entries is logged in the ProgramLog.txt file:”ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Insufficient memory to continue the execution of the program.”"
“ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “No more threads can be created in the system. (Exception from HRESULT: 0×800700A4)”"
“ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Value does not fall within the expected range.”"
“DIAGNOSTIC: localizestream.cpp::LocalizeStream(): Failed to allocate memory for local stream 0×8007000e”
“ERROR: ReadWideCharBufferFromStream(): Attempted read of 5572 byte(s). Actual bytes read were 0. hr=8007000e”
“ERROR: FSCRealtimeScanner: Exception occurred (0xc0000005) at address 0×056C3769, p[0]=0×0, p[1]=0×3287224f”
“eax=0×00000000 ebx=0×32871fb7 ecx=0×07bdcfd0 edx=0×328721cd”
“esi=0×07c8e3dc edi=0×32871fb7 ebp=0×07c6f0d0 esp=0×0102a2f8″
“102a2f0: 00000000 00000000 00000000″
…
“102f720: 00000004 0042378f 8007000e”
Additionally, the following entries may be logged in the HRLog.txt file:”INFORMATION: F 0×8007000e, 775-(primaryobject)”
“INFORMATION: F 0×8007000e, 1209-(primaryobject)”
“INFORMATION: F 0×8007000e, 1855-(primaryobject)”
“INFORMATION: S 0×8007000e, 7103-(workthread)”
Note Many of these entries contain the following hexadecimal code: 0×8007000E This hexadecimal code means “Not enough storage is available to complete this operation” or “ERROR_OUTOFMEMORY.”CauseThis issue can cause the memory that is consumed by Forefront scan processes such as FSCRealtimeScanner.exe, FSCTransportScanner.exe, or FSCManualScanner.exe to grow exponentially. This may ultimately cause a low-memory condition on the server.back to TopMemory is not released from scan processes when Forefront Server Security for SharePoint scans TAR files that are inside GZip files SymptomsMemory is not released from scan processes after Forefront Server Security for SharePoint scans tarball files (TAR files that are compressed inside GZip files, such as .tar.gz or .tgz).When this issue occurs, you may find that one or more of the following entries is logged in ProgramLog.txt file:”ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Insufficient memory to continue the execution of the program.”"
“ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “No more threads can be created in the system. (Exception from HRESULT: 0×800700A4)”"
“ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Value does not fall within the expected range.”"
“DIAGNOSTIC: localizestream.cpp::LocalizeStream(): Failed to allocate memory for local stream 0×8007000e”
“ERROR: ReadWideCharBufferFromStream(): Attempted read of 5572 byte(s). Actual bytes read were 0. hr=8007000e”
“ERROR: FSCRealtimeScanner: Exception occurred (0xc0000005) at address 0×056C3769, p[0]=0×0, p[1]=0×3287224f”
“eax=0×00000000 ebx=0×32871fb7 ecx=0×07bdcfd0 edx=0×328721cd”
“esi=0×07c8e3dc edi=0×32871fb7 ebp=0×07c6f0d0 esp=0×0102a2f8″
“102a2f0: 00000000 00000000 00000000″
…
“102f720: 00000004 0042378f 8007000e”
Additionally, the following entries may be logged in the HRLog.txt file:”INFORMATION: F 0×8007000e, 775-(primaryobject)”
“INFORMATION: F 0×8007000e, 1209-(primaryobject)”
“INFORMATION: F 0×8007000e, 1855-(primaryobject)”
“INFORMATION: S 0×8007000e, 7103-(workthread)”
Note Many of these entries contain the following hexadecimal code: 0×8007000E This hexadecimal code means “Not enough storage is available to complete this operation” or “ERROR_OUTOFMEMORY.”CauseThis issue may cause the memory that is consumed by the Forefront scan processes such as FSCRealtimeScanner.exe, FSCTransportScanner.exe, or FSCManualScanner.exe to grow exponentially. This may ultimately cause a low-memory condition on the server.back to TopMemory is not released from scan processes when Forefront Server Security for SharePoint scans Mac Zip files that are inside another archive or compressed fileSymptomsMemory is not released from the scan process when Forefront Server Security for SharePoint scans Mac Zip files that are inside another archive or compressed file.When this issue occurs, you may find that one or more of the following entries is logged in the ProgramLog.txt file:”ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Insufficient memory to continue the execution of the program.”"
“ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “No more threads can be created in the system. (Exception from HRESULT: 0×800700A4)”"
“ERROR: An exception has occurred within ForefrontAgent’s Scan method. Exception message = “Value does not fall within the expected range.”"
“DIAGNOSTIC: localizestream.cpp::LocalizeStream(): Failed to allocate memory for local stream 0×8007000e”
“ERROR: ReadWideCharBufferFromStream(): Attempted read of 5572 byte(s). Actual bytes read were 0. hr=8007000e”
“ERROR: FSCRealtimeScanner: Exception occurred (0xc0000005) at address 0×056C3769, p[0]=0×0, p[1]=0×3287224f”
“eax=0×00000000 ebx=0×32871fb7 ecx=0×07bdcfd0 edx=0×328721cd”
“esi=0×07c8e3dc edi=0×32871fb7 ebp=0×07c6f0d0 esp=0×0102a2f8″
“102a2f0: 00000000 00000000 00000000″
…
“102f720: 00000004 0042378f 8007000e”
Additionally, the following entries may be logged in the HRLog.txt file:”INFORMATION: F 0×8007000e, 775-(primaryobject)”
“INFORMATION: F 0×8007000e, 1209-(primaryobject)”
“INFORMATION: F 0×8007000e, 1855-(primaryobject)”
“INFORMATION: S 0×8007000e, 7103-(workthread)”
Note Many of these entries contain the following hexadecimal code: 0×8007000E This hexadecimal code means “Not enough storage is available to complete this operation” or “ERROR_OUTOFMEMORY.”CauseThis issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.back to TopAn FSS-ELI Scheduled Task is not created if all engine updates are disabled in Forefront Server Security for SharePointSymptomsAn FSS-ELI Scheduled Task is not created if all engine updates are disabled in Forefront Server Security for SharePoint.CauseThis issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.WorkaroundIf you experience this issue and cannot install this rollup package to resolve this issue immediately, follow these steps to work around the issue temporarily: Schedule at least one engine update, such as the Worm List. To do this, on the Settings menu in the Forefront Administrator Console, click Scanner Updates.Restart Forefront SharePoint services. This enables Forefront Server Security for SharePoint to create the FSS-ELI Scheduled Task.More informationThe FSS-ELI Scheduled Task is responsible for updating Forefront’s Engine Licensing Information (ELI) file EngineInfo.cab. If engine updates are not enabled for any engines, the FSS-ELI Scheduled Task is not created.To enable engine updates for any engine, on the Settings menu in the Forefront Administrator Console, click Scanner Updates.Note For example, this may be a configuration that you may choose if you use Forefront Server Security Management Console to distribute engines centrally.back to TopAll engine updates roll back in Forefront Server Security for SharePoint if the installation root contains a file that is named “Program”SymptomsWhen you try to update a scan engine in Forefront Server Security for SharePoint, it rolls back. A new scan engine is downloaded, but the scan engine cannot be integrated. The new engine is rolled back, and Forefront reverts to the old engine.Additionally, the following entries may be logged in the Application log and in the ProgramLog.txt file for each attempted engine update. The following example is for the Microsoft scan engine:”INFORMATION: The Microsoft scan engine has been downloaded”
“INFORMATION: The Microsoft scan engine has been staged.”
“ERROR: (0×000000c1) %1 is not a valid Win32 application. Unable to launch ScanEngineTest for the Microsoft scan engine.”
“INFORMATION: The Microsoft scan engine has been rolled back.”
CauseThis issue occurs because, when a new scan engine is downloaded, Forefront must first test it before integrating the scan engine. ScanEngineTest.exe is used for this purpose.The path of ScanEngineTest.exe is not enclosed in quotation marks in the engine update code in Forefront. This causes the system to look for any file in the path. For example, “C:\Program” may be found for a path of the file “C:\Program Files (x86)\Microsoft Forefront Security\SharePoint Server\ScanEngineTest.exe.” This means that Forefront finds the wrong file and cannot complete the scan engine test. The engine is then rolled back.This issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.back to TopFilter Lists settings are not applied when you perform a silent installation of Forefront Server Security for SharePointSymptomsConsider the following scenario: You use the -t parameter to specify a Template.fdb file when you run the Forefront Server Security for SharePoint setup as a silent installation.The Template.fdb file contains custom Filter Lists. In this scenario, the custom Filter Lists are not populated in the new installation. However, the installation of Forefront Server Security for SharePoint is successful.CauseThis issue occurs because of a problem with the TNEFNavigator.dll file in Forefront Server Security for SharePoint.More informationThe FilterLists.fdb file is not created until the Forefront Administrator console is opened for the first time. Setup is therefore unable to load any custom Filter Lists into the FilterLists.fdb file during a silent installation because the FilterLists.fdb file does not exist at that point.back to TopExceptions during a Forefront for SharePoint manual scan cause “ExceedinglyNested” detection and file removalSymptomsDuring a manual scan on SharePoint, Forefront Security for SharePoint incorrectly detects Office and e-mail documents as “ExceedinglyNested.” Forefront Server for SharePoint quarantines these files, and the documents in SharePoint are replaced with deletion text.CauseThis issue may occur during the manual scan if Forefront Security for SharePoint enters into an unhealthy state where exceptions are thrown. Additionally, the manual scan may try to continue scanning documents.If these exceptions occur in a specific code location, it will cause the counters that track exceedingly nested files to become invalid. These invalid counters cause the Forefront Security for SharePoint manual scan to incorrectly detect normal files as “ExceedinglyNested.”back to TopWhen you generate a Forefront Diagnostic for Forefront Security for SharePoint, you are prompted to “press any key” to complete the data collectionSymptomsWhen you generate a Forefront Diagnostic for Forefront Security for SharePoint, you are prompted to “press any key” to complete the data collection. To complete the data collection, you must have administrative credentials.back to TopWhen an engine update fails in Forefront Security for SharePoint because of an invalid database path, Forefront does not log a concise error messageSymptomsWhen an invalid database path is present in the Forefront for SharePoint registry settings, the engine update is not completed. Additionally, a concise error message is not logged.More informationAfter you install Forefront Security for SharePoint Service Pack 3 Rollup 1, the following error message will now be logged in the Application log when an engine update fails because of an invalid database path:Source: FSCControllerEvent ID: 100
Severity: Error
ERROR: The database path in the registry does not exist.
back to TopWhen a template from one Forefront Security for SharePoint installation is applied to another installation, the installation that receives the template may lose all Forefront settings and stop scanning documentsSymptomsIn some scenarios, when RPC issues occur as a Forefront Security for SharePoint template is applied from one Forefront Security for SharePoint server to another, the Forefront Security for SharePoint settings may be deleted on the server that receives the template before the template is applied. Because of certain RPC and networking issues, the new template cannot be applied. This causes Forefront to stop scanning.CauseThis issue may occur because of the order in which Forefront for SharePoint applies a template. This process starts with the deletion of the existing database configurations on the Forefront for SharePoint server that receives the template, and then the new template is applied. Networking issues may interfere with applying the new template after the existing database configurations are deleted.back to TopA scan engine update fails and logs a warning message in the ProgramLog.txt fileIf any of the Forefront Security for SharePoint Server external scan engine vendors release a scan engine update that incorporates files that are packaged within subdirectories, the scan engine update fails. Additionally, a warning message is logged in the ProgramLog.txt file that resembles the following: WARNING: A failure was reported by the synchronization observer while installing the scanner. Action = 0×00000001. C:\Forefront Installation Directory\EngineName\Bin\bases/stt/ CauseThis problem occurs because Forefront Security for SharePoint Server cannot update a scan engine that contains one or more subdirectories in its update package.back to Top.Hotfix rollup information
Download information
3,
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. If the hotfix is available for download, there is a “Hotfix download available” section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix. Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: http://support.microsoft.com/contactus/?ws=support
(http://support.microsoft.com/contactus/?ws=support)
Note The “Hotfix download available” form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.How to install the hotfix rollup
3,
To install the hotfix rollup, follow these steps: Run the installer. To do this, double-click the hotfix rollup executable file.Note When the installer is running, the Forefront and SharePoint services are stopped. After the installation is complete, and the Forefront and SharePoint services are restarted, make sure that Forefront is working correctly.NotesThe Forefront and SharePoint services are restarted automatically during the installation.Forefront service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see “Deployment Jobs” in the Forefront Server Security Management Console User’s Guide. In this case, the installer runs in silent mode, and there is no user input that is required. The rest of the process remains the same as when you run the installer by double-clicking the executable file.Prerequisites
3,
There are no prerequisites for installing this hotfix rollup.File information
3,
This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.
The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.Collapse this tableExpand this tableFile nameFile versionFile sizeDateTimePlatformAexmladapter.dll10.2.945.0379,24812-Jan-201001:34×86Custominstall.dll10.2.945.0922,99212-Jan-201001:34×86Customuninstall.dll10.2.945.0342,38412-Jan-201001:34×86Eventstrings-en_us.dll10.2.945.0118,64012-Jan-201001:34×86Eventstrings.dll10.2.945.0118,64012-Jan-201001:34×86Extractfiles.exe10.2.945.0338,28812-Jan-201001:34×86Filterengine.dll10.2.945.0332,65612-Jan-201001:34×86Fscadmarksvc.exe10.2.945.089,08811-Jan-201023:35×86Fsccodec.dll10.2.945.0194,92812-Jan-201001:34×86Fsccontroller.exe10.2.945.01,607,02412-Jan-201001:34×86Fsccontrollerps.dll10.2.945.085,36012-Jan-201001:34×86Fscdiag.exe10.2.945.0487,79212-Jan-201001:34×86Fscexec.exe10.2.945.057,20012-Jan-201001:34×86Fscmanualscanner.exe10.2.945.0899,44012-Jan-201001:34×86Fscrealtimescanner.exe10.2.945.0882,54412-Jan-201001:34×86Fscstarter.exe10.2.945.0249,20012-Jan-201001:34×86Fscstatsserv.exe10.2.945.0270,70412-Jan-201001:34×86Fscutility.exe10.2.945.0494,44812-Jan-201001:34×86Fssaclient.exe10.2.945.01,221,48812-Jan-201001:34×86Fsspcontroller.exe10.2.945.0320,36812-Jan-201001:34×86Fsspnavigator.dll10.2.945.0275,31212-Jan-201001:34×86Fsspusernamefilter.dll10.2.945.0195,44012-Jan-201001:34×86Getenginefiles.exe10.2.945.0643,95212-Jan-201001:34×86Gziparchive.dll10.2.945.0267,12012-Jan-201001:34×86Installservice.exe10.2.945.049,00812-Jan-201001:34×86Installtask.exe10.2.945.0226,67212-Jan-201001:34×86Launcher.exe10.2.945.0215,40812-Jan-201001:34×86Macbinnavigator.dll10.2.945.0241,52012-Jan-201001:34×86Mimenavigator.dll10.2.945.0322,92812-Jan-201001:34×86Multimapper.dll10.2.945.0672,62412-Jan-201001:34×86Openxmlnavigator.dll10.2.945.092,52812-Jan-201001:34×86Perfmonitorsetup.exe10.2.945.0294,76812-Jan-201001:34×86Programlogmsg.dll10.2.945.0111,47212-Jan-201001:34×86Rarnavigator.dll10.2.945.0333,68012-Jan-201001:34×86Remotinglayer.dll10.2.945.082,28812-Jan-201001:34×86Scanengines.dll10.2.945.0562,03212-Jan-201001:34×86Scanenginetest.exe10.2.945.0359,79212-Jan-201001:34×86Semsetup.exe10.2.945.0292,20812-Jan-201001:34×86Sfxcab.exe10.2.945.039,42410-Feb-201014:03×86Smimenavigator.dll10.2.945.0238,44812-Jan-201001:34×86Spvsapi.dll10.2.945.0333,16812-Jan-201001:34×86Statisticsmanager.dll10.2.945.0537,45612-Jan-201001:34×86Structstgnavigator.dll10.2.945.0300,40012-Jan-201001:34×86Tararchive.dll10.2.945.0249,20012-Jan-201001:34×86Tnefnavigator.dll10.2.945.0308,08012-Jan-201001:34×86Uuencodenavigator.dll10.2.945.0256,88012-Jan-201001:34×86Version.exe10.2.945.0309,61612-Jan-201001:34×86Ziparchive.dll10.2.945.0304,49612-Jan-201001:34×86Fscperfmonitor.dll10.2.945.0315,76012-Jan-201001:34×86Custom64.dllNot Applicable74,75202-Feb-201017:47×86Updspapi.dll6.3.16.0380,26410-Oct-200813:57×86.
For File Repair and Data Recovery, visit File Repair / Data Recovery