Definitions issues

Applies To: Forefront Client Security

This topic contains the following sections:

Agent unable to contact the distribution server

Windows Update repeatedly offers the same definition update

Definition download error

Definition update fails with error 0x80080005

Definition update date on client does not match distribution server

Agent definition updates out of date

Agent unable to contact the distribution server

Managed computers might not be able to contact the distribution server. When this occurs, an exclamation point icon appears in the notification area.

Background

The distribution server uses WSUS. Client computers can access WSUS either on the default TCP port of 80 or on the custom TCP port of 8530. This is configured when WSUS is installed on the distribution server.

Solution

Verify that the client computers have either outbound TCP port 80 or port 8530 enabled.

Windows Update repeatedly offers the same definition update

After you accept and install a definition update, the shield icon might appear again, offering the same update.

Background

This can occur when the Forefront Client Security Antimalware Service is in a stopped state. Without the Antimalware Service running, definition updates cannot complete their installation.

Solution

Start the Antimalware Service.

Definition download error

After installing the Client Security agent, you may receive an error when downloading definition updates. This error message contains error code 8024402c.

Background

This error occurs when the Client Security agent attempts to update definitions from Microsoft Update. The Local System account is unable to access the Internet due to a lack of proper proxy server configuration.

Solution

First, verify that you can successfully connect to the Microsoft Update Web site. If successful, you must configure the Local System account with the proper proxy server information. To do this, perform the following steps for the corresponding operating system.

To configure the proxy settings on Windows Vista

  1. Click the Start menu, click All Programs, and then click Accessories.

  2. Right-click Command Prompt, and then click Run as administrator.

  3. In the User Account Control dialog box, click Continue.

  4. Type the following command and press ENTER:

    netsh winhttp import proxy source=ie

To configure the proxy settings on Windows XP

  • Open a command prompt, type the following command, and press ENTER:

    proxycfg –u

If you are unable to connect to the Microsoft Update Web site, verify your proxy server is configured correctly.

Definition update fails with error 0x80080005

You may see a message stating that updating of definitions failed with error 0x80080005. Additionally, you may also see error code 0x8007277a in the WindowsUpdate.log file.

Background

This can occur if there is a problem with the Winsock installation on the client system.

Solution

For the steps to fix the Winsock installation, see Knowledge Base article 811259 (https://go.microsoft.com/fwlink/?LinkId=86559).

Definition update date on client does not match distribution server

On managed computers, the date of definition updates listed in the Status area may not match the date listed for the update on the distribution server. The date of the definition update on managed computers may be earlier than the date listed in WSUS on the distribution server.

Background

This occurs due to the difference in the way the Client Security agent reads the date of a definition update and the way WSUS reads the date of an update. WSUS lists the Microsoft Update publication date, while the Client Security agent lists the creation date of the definition update.

Solution

To determine if a managed computer does have an out-of-date definition version, check the Version value for the update. The Version number for the update matches the Version number listed at the end of the update title in WSUS.

Agent definition updates out of date

In the Client Security user interface and in reports, managed computers may show out-of-date definition updates. This can occur if you change the default setting on the Client Security distribution server for automatic approval of definition updates.

Background

This occurs due to the interaction of three conditions:

  • The WSUS setting to Automatically approve update for installation is not enabled for Client Security definition updates.

  • The WSUS setting to Automatically approve the latest revision of the update is enabled.

  • The frequency that Client Security definition updates are published and expired.

Client Security uses a revision to the previous definition update to cause the older update to expire. When the new Client Security definition updates are not automatically approved for installation, but the revisions (that cause the older update to expire) are approved, the older definition updates expire without a newer definition update being approved. The result is that managed computers do not receive new definition updates.

Solution

To prevent this situation from occurring, you must do one of the following:

  • Reset the Client Security definition updates to be automatically approved. This is the default configuration.

Manually approve updates at least once a day.