Messages
Applies To: Forefront Client Security
This topic contains the following sections:
MOM agent properties cannot be modified
MOM scripts fail to execute or results are not passed to the MOM server
"Script Timed Out" alert received
Alert received that a full scan is required
Antimalware definitions cannot be updated
Uninstall prompts you to close other programs
Stopping a scheduled scan fails with error 0x80080017
Error when installing Client Security on Vista 64-bit
Opening the Client Security UI fails with error 0x80070005
For more information about errors or messages that occur in specific areas of Client Security, see the following sections:
Client Security area | Section |
---|---|
Installation and configuration |
|
Accessing reports |
|
Using the Client Security console |
|
Definitions |
After installing Client Security, you may notice that you are unable to successfully change any settings for the agent in the MOM Administrator console (under Global Settings/Agents). You receive the following error:
Error message |
---|
The agent heartbeat interval must be less than the management server heartbeat interval. Please enter a value less than the Management Server heartbeat interval and try again. |
To enable agent configuration changes
On the management server, open the MOM Administrator console.
In the tree, expand Administration and click Global Settings.
In the details pane, double-click Management Servers and click the Heartbeat Checking tab.
In the Interval to scan for agent heartbeats box, enter 602 and click OK.
On the MOM server, you may notice one of the following messages:
Error message |
---|
The response processor failed to execute a response. The response returned the error message: The object exporter specified was not found. |
The response processor was denied to execute a response. The action account the MOM Agent is using doesn't have enough privileges. Returned error message: Access is denied. |
These events can occur if the MOM agent on the client computers does not have the correct dependencies set. The MOM agent for Client Security is required to be dependent on winmgmt (Windows Management Instrumentation service), rpcss (Remote Procedure Call service), and eventlog (Event Log service).
To determine the MOM dependencies
In the Run dialog box, type cmd, and then click OK:
In the Command Prompt window, type the following command, and then press ENTER:
sc qc MOM
The dependencies listed should be the following:
winmgmt
rpcss
eventlog
If any of the previously listed dependencies for the MOM service are missing, do the following:
To reset the MOM dependencies
Type the following command in the Command Prompt window:
sc config mom depend= rpcSs/eventLog/winmgmt
Stop and then restart the MOM service.
Important
The space after the equal sign (=) is important and needs to be included in the command.
You may periodically see the "Script Timed Out" alert appear on the MOM Operator console. This alert is typically sent from agents on mobile computers or computers running Windows Vista.
This alert can occur when the computers in question have resumed from hibernation.
There is a hotfix for the hibernation problem included on the Client Security CD. The fix for the Client Security servers is in the Servers folder on the CD, and the client fix is in the Clients folder. Apply the mom2005-rtm-kb926665-x86-ia64.msi file found in these folders to both client systems experiencing the hibernation problem and the Client Security servers.
For more information about this fix, see Knowledge Base article 926665 (https://go.microsoft.com/fwlink/?LinkId=86599).
In the MOM Operator console, under Microsoft Forefront Client Security, you may see an alert with the name "Malware on Network - Failed Response (Alert Level 5)." The description of the alert states "To finish removing spyware and other potentially unwanted software, you need to run a full scan."
The malware has been mitigated, but to make certain the affected system is fully protected (and there are no other instances of that malware in other files), a full system scan is required. The user is not prompted in this case, and the administrator must intervene.
Using the Client Security console, start a scan targeting the affected agents.
You may receive the following message on the management server:
Error message |
---|
The antimalware definitions on this Client Security server cannot be updated. The definitions have not been updated since Client Security was installed. Because of this, the Client Security console and reports cannot display correct information about updated definitions and new threats. In addition, your Client Security server is not protected from those threats. You might receive this message immediately after installing Client Security, before the server has finished downloading the updates. In that case, wait a short while and see if the definitions are correctly updated. Otherwise, verify that this server is configured to download updated definitions from your distribution server (the WSUS server) or from Microsoft Update. For more information about configuring this setting, see the documentation at this address: https://go.microsoft.com/fwlink/?LinkId=82382 If the server is correctly configured, then verify that it is connected to your distribution server. Version of the definitions on this server Antispyware definition: v%1 Antivirus definition: v%2% |
This message indicates that the installation of the Client Security agent on the management server has not received updated definitions since the installation of the management server.
If you have just finished installing Client Security, wait a short time to see if the definitions will be downloaded. If it has been awhile since Client Security was installed, you need to determine if your definition update method is working.
To determine if your update method is working:
If you are configured to receive updates from a distribution server (WSUS server), verify that the server has fully synchronized with Microsoft Update. If not, or if the WSUS server is unable to sync with Microsoft Update, see Troubleshooting Windows Server Update Services (https://go.microsoft.com/fwlink/?LinkId=81613).
If you are configured to receive updates directly from Microsoft Update, verify that you have selected the option for Microsoft Update. For more information, see Configuring fallback for updates in the Client Security Administration Guide (https://go.microsoft.com/fwlink/?LinkID=86600).
When attempting to uninstall Client Security from a client computer, you might receive the following error message:
Error message |
---|
The following applications should be closed before continuing the installation: programnames |
This problem occurs with Microsoft Office 2003. For more information, see Knowledge Base article 841532 (https://go.microsoft.com/fwlink/?LinkId=82250).
On the client computer, exit all running programs, and then restart the uninstall procedure.
After upgrading to Windows Vista from Windows XP (with Client Security already installed), if you attempt to stop a scheduled scan, it might fail with the following error:
Error message |
---|
Microsoft Forefront Client Security failed with the following error: 0x80080017. This class is not configured to support Elevated activation. |
This error occurs because the registry information that allows elevation is not added when Client Security is installed on a computer running Windows XP.
First, disable Windows Defender as described in Client issues.
Then uninstall the Client Security agent and rerun the Client Security installation program clientsetup.exe, using the /NOMOM switch.
When installing the Client Security agent on a computer running the 64-bit edition of the Windows Vista operating system and User Account Control enabled, you receive the following error message: "Installation failed. Failed to initialize log file…Make sure that the log path and file and/or install path is valid and accessible." In this case, client setup fails.
To avoid this issue, you must run client setup from an elevated command prompt.
To open an elevated command prompt
On the Start menu, click All Programs, and then click Accessories.
Right-click Command Prompt, and then click Run as administrator.
In the User Account Control dialog box, click Continue.
When you attempt to open the Client Security UI on a computer running Windows 2000, you may get the following error message: "Application failed to initialize: 0x80070005."
On client computers running Windows 2000, only administrators can open the Client Security UI.
Log on as an administrator and try again.