Any suggestions? Export (0) Print
Expand All

Event issues

This topic contains the following sections:

Event ID 3002

Event ID 3006 incorrectly occurs

Event ID 5000 and 5001 occur periodically

Agent installation fails with event ID 11724

Running a scan results in event ID 10004

After installing the Client Security agent on computers running Windows XP Service Pack 2 (SP2), you may receive the following error in the System log of Event Viewer:

Error message

Event ID 3002: Microsoft Forefront Client Security Real-Time Protection agent has encountered an error and failed.


Agent: OnAccessAgent

Error Code: 0x80070032

Error description: The request is not supported.


When the Client Security agent is installed, a Windows XP hotfix (KB914882) is installed prior to the agent component. This is a required hotfix for Client Security to run on Windows XP SP2. However, clientsetup.exe does not restart the client system, which is required by the hotfix.


Restart the affected client computers.

In some instances, you may see event ID 3006 appear with the following information:

Error message

Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software.

Error Code: 0x80508022

Error description: To finish removing spyware and other potentially unwanted software, restart the computer.


Restart the affected computers.

You may see an error with event ID 5000 followed by an information event ID 5001.


This pair of events is generated by the Antimalware Service when it reports statistics back to SpyNet. For more information about SpyNet, see Configuring SpyNet reporting in the Client Security Administrator's Guide (

The user is prompted for consent if there is any identifying personal data in the submission. If there is no identifying personal data and the user has selected the option to use SpyNet, there will be no prompt.


These messages can be ignored.

Installation of the Client Security agent might fail with an error in the event log that contains the following text: "Product: Forefront Client Security -- Installation Operation Failed."


To determine the cause of the failure, on the client computer, in the Client Security installation folder, open the clientsetup.log file. If you did not specify a custom installation location when running clientsetup.exe, the log file is in the following location:

%Program Files%\Microsoft Forefront\Client Security\Client\Logs

The clientsetup.log file lists the log file for the appropriate agent component that failed.

When you attempt to run an SSA scan on a Client Security agent, the scan fails and logs event ID 10004, with the following text:

Error message

The Forefront Client Security State Assessment Service could not access the installation directory.

A scan will not be performed.


This occurs when the Client Security State Assessment Service cannot read the install path in the registry.


In the registry, for the Security State Assessment Service, enter the correct installation folder.

To correct the registry information
  1. On the affected Client Security agent, find the location of the FcsSas.exe file.

  2. Click Start, click Run, type regedit, and click OK.

  3. Browse to the following location in the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Forefront\Client Security\1.0\SSA

  4. In the right pane, double-click InstallDir.

  5. In the Edit String dialog box, in the Value Data box, enter the path to the FcsSas.exe file, and then click OK.

© 2016 Microsoft