Messages

Applies To: Forefront Client Security

This topic contains the following sections:

MOM agent properties cannot be modified

MOM scripts fail to execute or results are not passed to the MOM server

"Script Timed Out" alert received

Alert received that a full scan is required

Antimalware definitions cannot be updated

Uninstall prompts you to close other programs

Stopping a scheduled scan fails with error 0x80080017

Error when installing Client Security on Vista 64-bit

Opening the Client Security UI fails with error 0x80070005

For more information about errors or messages that occur in specific areas of Client Security, see the following sections:

Client Security area Section

Installation and configuration

Setup issues

Accessing reports

Reporting issues

Using the Client Security console

Console issues

Definitions

Definitions issues

MOM agent properties cannot be modified

After installing Client Security, you may notice that you are unable to successfully change any settings for the agent in the MOM Administrator console (under Global Settings/Agents). You receive the following error:

Error message

The agent heartbeat interval must be less than the management server heartbeat interval. Please enter a value less than the Management Server heartbeat interval and try again.

Solution

To enable agent configuration changes

  1. On the management server, open the MOM Administrator console.

  2. In the tree, expand Administration and click Global Settings.

  3. In the details pane, double-click Management Servers and click the Heartbeat Checking tab.

  4. In the Interval to scan for agent heartbeats box, enter 602 and click OK.

MOM scripts fail to execute or results are not passed to the MOM server

On the MOM server, you may notice one of the following messages:

Error message

The response processor failed to execute a response. The response returned the error message: The object exporter specified was not found.

The response processor was denied to execute a response. The action account the MOM Agent is using doesn't have enough privileges. Returned error message: Access is denied.

Background

These events can occur if the MOM agent on the client computers does not have the correct dependencies set. The MOM agent for Client Security is required to be dependent on winmgmt (Windows Management Instrumentation service), rpcss (Remote Procedure Call service), and eventlog (Event Log service).

To determine the MOM dependencies

  1. In the Run dialog box, type cmd, and then click OK:

  2. In the Command Prompt window, type the following command, and then press ENTER:

    sc qc MOM

  3. The dependencies listed should be the following:

    • winmgmt

    • rpcss

    • eventlog

Solution

If any of the previously listed dependencies for the MOM service are missing, do the following:

To reset the MOM dependencies

  1. Type the following command in the Command Prompt window:

    sc config mom depend= rpcSs/eventLog/winmgmt

  2. Stop and then restart the MOM service.

Important

The space after the equal sign (=) is important and needs to be included in the command.

"Script Timed Out" alert received

You may periodically see the "Script Timed Out" alert appear on the MOM Operator console. This alert is typically sent from agents on mobile computers or computers running Windows Vista.

Background

This alert can occur when the computers in question have resumed from hibernation.

Solution

There is a hotfix for the hibernation problem included on the Client Security CD. The fix for the Client Security servers is in the Servers folder on the CD, and the client fix is in the Clients folder. Apply the mom2005-rtm-kb926665-x86-ia64.msi file found in these folders to both client systems experiencing the hibernation problem and the Client Security servers.

For more information about this fix, see Knowledge Base article 926665 (https://go.microsoft.com/fwlink/?LinkId=86599).

Alert received that a full scan is required

In the MOM Operator console, under Microsoft Forefront Client Security, you may see an alert with the name "Malware on Network - Failed Response (Alert Level 5)." The description of the alert states "To finish removing spyware and other potentially unwanted software, you need to run a full scan."

Background

The malware has been mitigated, but to make certain the affected system is fully protected (and there are no other instances of that malware in other files), a full system scan is required. The user is not prompted in this case, and the administrator must intervene.

Solution

Using the Client Security console, start a scan targeting the affected agents.

Antimalware definitions cannot be updated

You may receive the following message on the management server:

Error message

The antimalware definitions on this Client Security server cannot be updated. The definitions have not been updated since Client Security was installed. Because of this, the Client Security console and reports cannot display correct information about updated definitions and new threats. In addition, your Client Security server is not protected from those threats.

You might receive this message immediately after installing Client Security, before the server has finished downloading the updates. In that case, wait a short while and see if the definitions are correctly updated. Otherwise, verify that this server is configured to download updated definitions from your distribution server (the WSUS server) or from Microsoft Update. For more information about configuring this setting, see the documentation at this address:

https://go.microsoft.com/fwlink/?LinkId=82382

If the server is correctly configured, then verify that it is connected to your distribution server.

Version of the definitions on this server

Antispyware definition: v%1

Antivirus definition: v%2%

Background

This message indicates that the installation of the Client Security agent on the management server has not received updated definitions since the installation of the management server.

Solution

If you have just finished installing Client Security, wait a short time to see if the definitions will be downloaded. If it has been awhile since Client Security was installed, you need to determine if your definition update method is working.

To determine if your update method is working:

Uninstall prompts you to close other programs

When attempting to uninstall Client Security from a client computer, you might receive the following error message:

Error message

The following applications should be closed before continuing the installation: programnames

Background

This problem occurs with Microsoft Office 2003. For more information, see Knowledge Base article 841532 (https://go.microsoft.com/fwlink/?LinkId=82250).

Solution

On the client computer, exit all running programs, and then restart the uninstall procedure.

Stopping a scheduled scan fails with error 0x80080017

After upgrading to Windows Vista from Windows XP (with Client Security already installed), if you attempt to stop a scheduled scan, it might fail with the following error:

Error message

Microsoft Forefront Client Security failed with the following error: 0x80080017. This class is not configured to support Elevated activation.

Background

This error occurs because the registry information that allows elevation is not added when Client Security is installed on a computer running Windows XP.

Solution

First, disable Windows Defender as described in Client issues.

Then uninstall the Client Security agent and rerun the Client Security installation program clientsetup.exe, using the /NOMOM switch.

Error when installing Client Security on Vista 64-bit

When installing the Client Security agent on a computer running the 64-bit edition of the Windows Vista operating system and User Account Control enabled, you receive the following error message: "Installation failed. Failed to initialize log file…Make sure that the log path and file and/or install path is valid and accessible." In this case, client setup fails.

Solution

To avoid this issue, you must run client setup from an elevated command prompt.

To open an elevated command prompt

  1. On the Start menu, click All Programs, and then click Accessories.

  2. Right-click Command Prompt, and then click Run as administrator.

  3. In the User Account Control dialog box, click Continue.

Opening the Client Security UI fails with error 0x80070005

When you attempt to open the Client Security UI on a computer running Windows 2000, you may get the following error message: "Application failed to initialize: 0x80070005."

Background

On client computers running Windows 2000, only administrators can open the Client Security UI.

Solution

Log on as an administrator and try again.