Console issues
Applies To: Forefront Client Security
This topic contains the following sections:
Threat Override list empty
Starting the Client Security console produces an error
14 Day History report does not display in the Client Security console
Alerts report a malware infection twice for the same client computer
Incomplete list of threats in Client Security policy
Threat Override list empty
When editing a Client Security policy, you may notice that the Threat Override list is empty.
Background
This can occur for the following reasons:
Antimalware definitions not being updated For more information, see "'Antimalware definitions cannot be updated' message" in Messages.
No Service Principal Name (SPN) for the SQL Server computer in Active Directory Without an SPN in Active Directory, the Forefront Client Security Management Service cannot authenticate to the server and import definition information.
Solution
You must create the SPN for SQL Server in Active Directory. For information about creating SPNs dynamically, see Knowledge Base article 319723
(https://go.microsoft.com/fwlink/?LinkId=86553).
Incomplete list of threats in Client Security policy
After installing Client Security, you may notice only a small set of threats listed on the Overrides tab in the properties for a Client Security policy. Additionally, malware detected in your environment may be listed as a code number instead of a name.
Background
To keep the lists of threats up to date, the Client Security management server uses definition updates downloaded from either the distribution server or Microsoft Update. If the management server cannot download these updates, you will see incomplete lists of threats and code numbers for identified malware.
Solution
Ensure that the management server is correctly configured to point to a Client Security distribution server (WSUS) and that it is also opted-in to Microsoft Update.
Starting the Client Security console produces an error
Starting the Client Security console results in the following message:
| Error message |
|---|
An error occurred during view refreshing. Verify that you have successfully completed the Configuration wizard and have permission to access the management server. Further Details: Exception of type 'Microsoft.Forefront.ClientSecurity.Exceptions.DatabaseConnectionFailedExceptions' was thrown. Login failed for user username. |
Background
This error occurs if the user's logon account has not been granted proper permissions in the Client Security databases.
Solution
Grant the user account permissions as documented in Working with user roles in the Client Security Administration Guide (https://go.microsoft.com/fwlink/?LinkID=86555).
14 Day History report does not display in the Client Security console
When you open the Client Security console, you might notice the following message under 14 Day History report:
| Error message |
|---|
Microsoft Forefront Client Security cannot display this report. Confirm that the reporting server is available, the account name and password are correct, and the account has permissions to access the report. |
Background
There are two possible causes for this issue:
The user opening the Client Security console has not been granted Client Security Report Viewer permissions. For more information, see Working with user roles in the Client Security Administration Guide (https://go.microsoft.com/fwlink/?LinkID=86555).
The SQL Server Reporting Services site needs to be added to the list of trusted sites. To add the SQL Server Reporting Services site to the list of trusted sites, perform the following procedure.
Solution
To solve this issue, do the following.
To add the SQL Reporting Services site to the list of trusted sites
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Security tab, and then click the Local intranet zone.
Click the Sites button.
Note
If you have not disabled the Internet Explorer Enhanced Security Configuration in Windows Server 2003, go to step 5.
Click the Advanced button.
In the Add this website to the zone box, type the URL of the SQL Server Reporting Services site. For example, https://servername.
Click Add, click Close, and then click OK for all subsequent dialog boxes.
Refresh the Client Security console.
Alerts report a malware infection twice for the same client computer
Repeated alerts can occur when a malware alert is generated on a client computer.
Background
The alert is generated twice: first for the malware detection in the organization, and again for the malware detection on the individual computer. For any additional instances of this malware in the organization, the alerts are consolidated into the first alert. For any additional instances of this malware on this computer, the alerts are consolidated into the second alert.