Share via


Console issues

Applies To: Forefront Client Security

This topic contains the following sections:

Threat Override list empty

Starting the Client Security console produces an error

14 Day History report does not display in the Client Security console

Alerts report a malware infection twice for the same client computer

Incomplete list of threats in Client Security policy

Threat Override list empty

When editing a Client Security policy, you may notice that the Threat Override list is empty.

Background

This can occur for the following reasons:

  • Antimalware definitions not being updated   For more information, see "'Antimalware definitions cannot be updated' message" in Messages.

  • No Service Principal Name (SPN) for the SQL Server computer in Active Directory   Without an SPN in Active Directory, the Forefront Client Security Management Service cannot authenticate to the server and import definition information.

Solution

You must create the SPN for SQL Server in Active Directory. For information about creating SPNs dynamically, see Knowledge Base article 319723

(https://go.microsoft.com/fwlink/?LinkId=86553).

Incomplete list of threats in Client Security policy

After installing Client Security, you may notice only a small set of threats listed on the Overrides tab in the properties for a Client Security policy. Additionally, malware detected in your environment may be listed as a code number instead of a name.

Background

To keep the lists of threats up to date, the Client Security management server uses definition updates downloaded from either the distribution server or Microsoft Update. If the management server cannot download these updates, you will see incomplete lists of threats and code numbers for identified malware.

Solution

Ensure that the management server is correctly configured to point to a Client Security distribution server (WSUS) and that it is also opted-in to Microsoft Update.

Starting the Client Security console produces an error

Starting the Client Security console results in the following message:

Error message

An error occurred during view refreshing. Verify that you have successfully completed the Configuration wizard and have permission to access the management server.

Further Details:

Exception of type 'Microsoft.Forefront.ClientSecurity.Exceptions.DatabaseConnectionFailedExceptions' was thrown. Login failed for user username.

Background

This error occurs if the user's logon account has not been granted proper permissions in the Client Security databases.

Solution

Grant the user account permissions as documented in Working with user roles in the Client Security Administration Guide (https://go.microsoft.com/fwlink/?LinkID=86555).

14 Day History report does not display in the Client Security console

When you open the Client Security console, you might notice the following message under 14 Day History report:

Error message

Microsoft Forefront Client Security cannot display this report. Confirm that the reporting server is available, the account name and password are correct, and the account has permissions to access the report.

Background

There are two possible causes for this issue:

  • The user opening the Client Security console has not been granted Client Security Report Viewer permissions. For more information, see Working with user roles in the Client Security Administration Guide (https://go.microsoft.com/fwlink/?LinkID=86555).

  • The SQL Server Reporting Services site needs to be added to the list of trusted sites. To add the SQL Server Reporting Services site to the list of trusted sites, perform the following procedure.

Solution

To solve this issue, do the following.

To add the SQL Reporting Services site to the list of trusted sites

  1. In Internet Explorer, on the Tools menu, click Internet Options.

  2. Click the Security tab, and then click the Local intranet zone.

  3. Click the Sites button.

    Note

    If you have not disabled the Internet Explorer Enhanced Security Configuration in Windows Server 2003, go to step 5.

  4. Click the Advanced button.

  5. In the Add this website to the zone box, type the URL of the SQL Server Reporting Services site. For example, https://servername.

  6. Click Add, click Close, and then click OK for all subsequent dialog boxes.

  7. Refresh the Client Security console.

Alerts report a malware infection twice for the same client computer

Repeated alerts can occur when a malware alert is generated on a client computer.

Background

The alert is generated twice: first for the malware detection in the organization, and again for the malware detection on the individual computer. For any additional instances of this malware in the organization, the alerts are consolidated into the first alert. For any additional instances of this malware on this computer, the alerts are consolidated into the second alert.