本帖最后由 zdshsls 于 2011-3-11 06:03 编辑
Update 10 March 2011
We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it.
Symptom:
A computer attempts to use the install updates and shutdown Windows feature to update to the latest version of FCSv1. After restart, the computer does not have the Antimalware agent installed, but will still have the Security State Assessment(SSA) and Microsoft Operation Manager components installed.
The problem:
This issue only occurs on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It does not occur on Windows XP, Windows Server 2003 or Windows 2000. This issue was not introduced in the March Update. It is caused by a previously undetected problem in the October 2010 update. Rolling back to the earlier update will not resolve this issue. Please review the steps below for what options you should take.
For the bug to occur, the system must have either the policy setting changing the default shutdown behavior or the user clicks on “Apply updates at Shutdown”. If the update is deployed or manually installed in other ways, this bug does not occur.
Key facts:
- If you have already successfully installed the March update, you do NOT need to roll it back.
This bug doesn’t apply to either Microsoft Security Essentials or Forefront Endpoint Protection in anyway.
- It can only occur if the option for “Install Updates and Shutdown” is selected by the user or is set by policy.
- It in no way impacts the ability to get definition updates to stay secure.
What can I do to address this issue myself?
There are a number of workaround that can be used currently.
Avoiding the issue - WSUS administrators can decline or not approve for installation
- Avoid installing KB2508823 with “Install updates and shutdown”. This may be accomplished by
- a recommendation by administrators to user
- enforcement by Automatic Updates group policy: Computer Configuration/Administrative Templates/Windows Components/Windows Update- Do not display ‘Install Updates and shut down’ option in Shut Down Windows dialog box.
- installing the update KB2508823 through WSUS deadlines. That triggers to install immediately.
Issue correction
If you have computers which experience this issue and are now unprotected, there are a number of options - Download and install KB2508823 manually. There are steps to do this in the KB:http://support.microsoft.com/kb/2508823 in the Hotfix information section
- Approve in WSUS “Client Update for Microsoft Forefront Client Security (1.0.1728.0)” and decline both the March update(KB2508823) and the Client Update for Microsoft Forefront Client Security (1.0.1736.0) (2508824). This will redeploy the prior update
- Approve the “Client Update for Microsoft Forefront Client Security (1.0.1728.0)” slipstream update.
NOTE: We have seen that in some cases this will fail with 0x666 ERROR_PRODUCT_VERSION
If you are seeing ERROR_PRODUCT_VERSION failures installing the slipstream you can uninstall SSA and that should allow it to work.
What is Microsoft doing to address this?
We are doing the following:
- We have already throttled downloads of KB2508823 on Microsoft update so that users connecting directly Microsoft Update, will not have the package proactively delivered.
- We are changing the logic on Microsoft update to only allow the update to apply to Windows 2000, Windows XP, and Windows Server 2003 today. That will prevent further incidents from occurring. We are testing this change now, and will update the blog on when you can expect to see this change.
- We are authoring a patch update that will address this issue on Microsoft update. This patch will supersede the current patches for all platforms. We will provide more information soon on when you can expect to see that package.
Sincerely, the Microsoft Forefront Client Security Engineering team.
先Google翻译一下
更新2011年3月10号
我们已经收到了与我们的三月,Forefront客户端安全更新时,“安装更新并关机”选项用于安装问题的报告。 我们希望能够在这个问题上明确的,正是我们正在采取措施加以纠正。
症状:
一台计算机尝试使用安装更新和关闭Windows功能更新到最新版本的FCSv1。 重新启动后,电脑没有安装反恶意代-理,但仍然有安全状态评估(SSA)和微软操作管理器组件安装。
问题是:
此问题只发生在Windows Vista和Windows Server 2008时,Windows 7和Windows Server 2008 R2的。它不会发生在Windows XP中,Windows Server 2003或Windows 2000。 这个问题没有提出在三月更新。 这是由于在2010年10月更新其先前未被发现的问题。 回滚到以前的更新将不会解决这个问题。 请仔细阅读以下哪些选项你应该采取的步骤。
对于错误发生时,系统必须有策略设置更改默认的关机行为或“应用在关机时更新”的用户点击。 如果更新部署或以其他方式手动安装,这个错误不会发生。
主要事实:- 如果你已经成功安装了三月份更新,你不需要回滚。
此错误不适用到Microsoft安全基础或Forefront端点保护反正。
- 它只能发生如果为“安装更新并关机”选项是由用户选择或由策略集。
- 这丝毫没有影响的能力得到更新,以保持安全的定义。
我能做些什么来解决这个问题我自己吗?
有一些变通方法,可用于目前数量。
回避问题- WSUS管理员可以拒绝或不批准安装
- 避免安装的“安装更新和关闭”KB2508823。 这可能是完成的
- 由用户管理员的建议
- 政策执行的自动更新组: 计算机配置/管理模板/ Windows组件/ Windows更新,不显示'安装更新并关机'中的选项在关闭Windows对话框 。
- 通过限期安装WSUS的更新KB2508823。 安装立即触发。
问题更正如果你有电脑的经验,现在这个问题得不到保障,有多项选择- 手动下载并安装KB2508823。 有步骤做KB此在: http://support.microsoft.com/kb/2508823 在 修补程序信息 部分
- 在WSUS批准“ 客户端安全更新Microsoft Forefront客户端(1.0.1728.0)“ 和衰退都三月更新(KB2508823)和 客户端安全客户端更新微软的Forefront(1.0.1736.0) (2508824)。 这将重新部署前更新
- 批准“ 客户端更新Microsoft Forefront客户端安全(1.0.1728.0)“ 汇集更新。
注意: 我们已经看到,在某些情况下,这将0x666失败,ERROR_PRODUCT_VERSION
如果您看到ERROR_PRODUCT_VERSION汇集安装失败,你可以卸载福利金,并应允许它的工作。
什么是Microsoft都做了解决这一问题?
我们正在做以下几点:- 我们已经扼杀了KB2508823下载微软更新,以便用户直接连接微软的更新,将不会有积极的包交付。
- 我们正在改变对微软的逻辑更新,只允许更新适用于Windows 2000,Windows XP和Windows Server 2003的今天。 这将防止发生进一步的事件。 我们正在测试这一变化了,将更新的时候你可以期望看到这种变化的博客。
- 我们在创作一个补丁更新将解决此Microsoft更新的问题。 此修补程序将取代所有平台的最新补丁。 我们将提供更多的信息不久就当你可以期望看到那个包。
我们以客户的支持,我们非常重视。 如果您需要其他帮助,请联系您的支持专业人员或访问http://support.microsoft.com/ph/12632 。
真诚,微软的Forefront客户端安全的工程团队。 ======================================================================================================================== Today (8 March 2011), we released an update to FCSv1. Changes include:
- This update enables computers running Forefront Client Security to update definitions at the scheduled time while running on battery power.
- This update contains changes to allow computers running Forefront Client Security service to open files encrypted by Prim'X ZoneCentral that are located in a network shared folder.
- This update corrects issues in the mpfilter.sys kernel component used by Client Security that causes real-time protection errors on computers running Windows 2000.
For already installed FCS client installations, install the update for Microsoft Knowledge Base article 2508823 (http://support.microsoft.com/kb/2508823).
For new FCS Client installations, deploy the client components listed in Microsoft Knowledge Base article 2508824 (http://support.microsoft.com/kb/2508824).
For more information about the update, Microsoft Knowledge Base article 2508823(http://support.microsoft.com/kb/2508823) has the detail.
今天 (2011 年 3 月 8 日),我们发布的更新 FCSv1。 更改包括:- 此更新使计算机运行前列客户端安全更新定义在预定的时间,同时使用电池电源运行。
- 此更新包含允许计算机运行最前沿的客户端安全服务打开加密的 Prim'X ZoneCentral,位于一个网络共享文件夹中的文件的更改。
- 此更新程序纠正中使用实时保护错误导致运行 Windows 2000 的计算机的客户端安全的 mpfilter.sys 内核组件的问题。
Forefront Client Security, x86-based versions
File name | File version | File size | Date | Time | Amhelp.chm | Not Applicable | 65,216 | 19-Jul-2010 | 00:51 | Mpasbase.vhd | 1.0.0.0 | 572,720 | 19-Jul-2010 | 00:52 | Mpasdesc.dll | 1.5.1996.0 | 49,024 | 02-Feb-2011 | 16:42 | Mpasdlta.vhd | 1.0.0.0 | 9,008 | 19-Jul-2010 | 00:52 | Mpavbase.vhd | 1.0.0.0 | 204,624 | 19-Jul-2010 | 00:52 | Mpavdlta.vhd | 1.0.0.0 | 9,040 | 19-Jul-2010 | 00:52 | Mpavrtm.dll | 1.5.1996.0 | 128,384 | 02-Feb-2011 | 16:23 | Mpclient.dll | 1.5.1996.0 | 367,488 | 02-Feb-2011 | 16:23 | Mpcmdrun.exe | 1.5.1996.0 | 349,064 | 08-Jan-2011 | 22:06 | Mpengine.dll | 1.1.3520.0 | 3,308,624 | 19-Jul-2010 | 00:52 | Mpevmsg.dll | 1.5.1996.0 | 23,424 | 02-Feb-2011 | 16:42 | Mpfilter.sys | 1.5.1996.0 | 71,296 | 02-Feb-2011 | 16:14 | Mpoav.dll | 1.5.1996.0 | 92,032 | 02-Feb-2011 | 16:23 | Mprtmon.dll | 1.5.1996.0 | 731,008 | 02-Feb-2011 | 16:23 | Mpsigdwn.dll | 1.5.1996.0 | 129,920 | 02-Feb-2011 | 16:23 | Mpsoftex.dll | 1.5.1996.0 | 518,016 | 02-Feb-2011 | 16:23 | Mpsvc.dll | 1.5.1996.0 | 319,872 | 02-Feb-2011 | 16:23 | Mputil.dll | 1.5.1996.0 | 177,024 | 02-Feb-2011 | 16:23 | Msascui.exe | 1.5.1996.0 | 1,033,600 | 02-Feb-2011 | 16:23 | Msmpcom.dll | 1.5.1996.0 | 221,056 | 02-Feb-2011 | 16:23 | Msmpeng.exe | 1.5.1996.0 | 16,896 | 08-Jan-2011 | 22:06 | Msmplics.dll | 1.5.1996.0 | 9,088 | 02-Feb-2011 | 16:23 | Msmpres.dll | 1.5.1996.0 | 766,336 | 02-Feb-2011 | 16:42 |
| 
发表于 2011-3-9 06:34:27
发表于 2011-3-9 08:48:36
楼主
