Article ID: 2394433 - View products that this article applies to.
This article describes the Microsoft Forefront Client Security (FCS) anti-malware client issues that are fixed in this update package.
The malware landscape has evolved, requiring new techniques to fully remediate malware, including some rootkits.
This update contains changes to the Forefront Client Security service to improve remediation of malicious software. You must apply this hotfix to enable this new feature.
Computers running Client Security become unresponsive and require a hard reset.
This update corrects two issues in the mpfilter.sys kernel component used by Client Security that cause deadlocks.
During definition update, computers that utilize the Volume Shadow Copy service appear to hang for several minutes. This issue may occur on computers using backup software that leverages shadow copy volumes.
This update alters how real-time protection caches files it scans within shadow copy volumes. The change reduces the amount of time needed to purge the cache during definition update.
Computers running Windows Vista, Windows 2008 Server, Windows 7 or Windows 2008 R2 Server, encounter a stop error with bugcheck error code 0x00000050. This stop error may occur on Windows 7 computers during the installation of Windows 7 Service Pack 1.
This update corrects a stop error with the code 0x00000050 on computers running Windows Vista, Windows 2008 Server, Windows 7 or Windows 2008 R2 Server. If Client Security is installed on a computer, Windows 7 Service Pack 1 will check for the presence of this update or a supersending update before installing.
After a reboot on computers that normally have a highly utilized processor, the Client Security user interface (UI) appears hung. The condition corrects itself but may last several minutes.
This update increases the loading priority of the antimalware engine and definitions during antimalware service start. The priority change enables the antimalware service to handle requests sooner, mitigating the UI unresponsiveness. However, this change may slightly increase boot time on limited systems by consuming more processor resources during system start.
Files encrypted using Novell or Steading System Software are not properly scanned during real-time protection.
This update corrects an issue in real-time protection when volumes are encrypted using these technologies.
A supported hotfix is available from Microsoft.
Note This hotfix is available from Microsoft Update and from Windows Server Update Services. If you want to obtain the file for deployment by using a different method, follow these steps:
PrerequisitesThere are no prerequisites for installing this hotfix.
Restart requirementYou may be required restart the computer after you apply this hotfix.
Hotfix replacement informationThis hotfix replaces the anti-malware client that is deployed by using the Forefront Client Security deployment package (1.0.1725.0) on a computer.
976669This hotfix replaces the following hotfixes:
(http://support.microsoft.com/kb/976669/ )Forefront Client Security deployment package (1.0.1725.0): December 2009
(http://support.microsoft.com/kb/979536/ )Forefront Client Security anti-malware client update: April 2010
(http://support.microsoft.com/kb/976668/ )Forefront Client Security anti-malware client update: December 2009
(http://support.microsoft.com/kb/971026/ )A hotfix is available to resolve some problems with the Forefront Client Security anti-malware client
(http://support.microsoft.com/kb/952265/ )Data corruption may occur on a computer that has Forefront Client Security installed
(http://support.microsoft.com/kb/938054/ )A hotfix is available to resolve some problems with the Forefront Client Security client
(http://support.microsoft.com/kb/956280/ )The Forefront Client Security kernel-mode mini-filter unloads when you browse a network file share that contains many malicious files
File informationThe English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Forefront Client Security, x86-based versions
Collapse this tableExpand this table
Forefront Client Security, x64-based versions
Collapse this tableExpand this table
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
This update is included in a new slipstream installation package of the Forefront Client Security client software. For more information about the slipstream installation package, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/2394439/ )Forefront Client Security deployment package (1.0.xxxx.0): October 2010
Microsoft has identified an issue when this update is installed on Windows 2000 which prevents the kernel-mode mini-filter driver, mpfilter.sys, from properly loading. For more information on this issue see the following article:
(http://support.microsoft.com/kb/2459065/ )Problems on Windows 2000 after applying Forefront Client Security October 2010 update