Forefront client security keeps alerting me with detected win32/sality.an virus in the wsuscontent folder. I upload the infected files to virustotal.com which scans the file using 38 different engines, and no virus is found. When I try to clean the files using smartclean feature in forefront client security, the status turns green for a while, and then another file in wsuscontent folder is infected. It seems like the infection is moving, or maybe the files are not infected at all, could it be a bug or a definition file problem?<br>Only wsus updates are infected. A full scan of the server shows no other infections.<br><br>It also seems like Microsoft does not provide any support for forefront client security, except for premium contracts or pay per incident support.<br><br>My question is, how do I find out if the server is really infected or not, and how do I fix it?© 2009 Microsoft Corporation. All rights reserved.Thu, 15 Jan 2009 09:21:20 Z2c76b107-d618-46c5-91db-c6d9346b46b3http://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/2c76b107-d618-46c5-91db-c6d9346b46b3#2c76b107-d618-46c5-91db-c6d9346b46b3http://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/2c76b107-d618-46c5-91db-c6d9346b46b3#2c76b107-d618-46c5-91db-c6d9346b46b3Magnar Johnsenhttp://social.technet.microsoft.com/Profile/en-US/?user=Magnar%20Johnsen Forefront client security keeps alerting me with detected win32/sality.an virus in the wsuscontent folder. I upload the infected files to virustotal.com which scans the file using 38 different engines, and no virus is found. When I try to clean the files using smartclean feature in forefront client security, the status turns green for a while, and then another file in wsuscontent folder is infected. It seems like the infection is moving, or maybe the files are not infected at all, could it be a bug or a definition file problem?<br>Only wsus updates are infected. A full scan of the server shows no other infections.<br><br>It also seems like Microsoft does not provide any support for forefront client security, except for premium contracts or pay per incident support.<br><br>My question is, how do I find out if the server is really infected or not, and how do I fix it?Mon, 12 Jan 2009 14:58:10 Z2009-01-12T14:58:10Zhttp://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/2c76b107-d618-46c5-91db-c6d9346b46b3#4a1f26fb-02bf-4690-86d9-8471dfac54bahttp://social.technet.microsoft.com/Forums/en-US/ForefrontclientMTR/thread/2c76b107-d618-46c5-91db-c6d9346b46b3#4a1f26fb-02bf-4690-86d9-8471dfac54baMonty Jain [MSFT]http://social.technet.microsoft.com/Profile/en-US/?user=Monty%20Jain%20%5bMSFT%5d hey Magnar<br><br>To check whether the files in the folder wsuscontent are malwares or not can you submit(upload) the infected file. Below is link to the portal where you can submit<br><br>1. <span style="font-size:12pt;font-family:calibri">Can you go to <a href="https://www.microsoft.com/security/portal/submit.aspx">https://www.microsoft.com/security/portal/submit.aspx</a></span><span style="font-size:10pt;color:black;font-family:'MS Shell Dlg 2'"> and submit the infected file.<br></span> <p style="font-size:10pt;margin:0in;font-family:'MS Shell Dlg 2'"><span style="color:black">2. It contains the information how to submit the files<br>2. After submitting sample it wil generate the submissionID. Can you email me that so that I can follow up with our researchers. You can mail me at </span><a href="mailto:montyj@microsoft.com">montyj@microsoft.com</a></p> <p style="font-size:10pt;margin:0in;color:black;font-family:'MS Shell Dlg 2'">Please let me know if you face any problem and I will be more than happy to help you out.</p> <p style="font-size:10pt;margin:0in;font-family:Arial"> </p> <p style="font-size:10pt;margin:0in;font-family:'MS Shell Dlg 2'"><span style="color:black">Monty Jain[MSFT] </span><a href="mailto:montyj@microsoft.com">montyj@microsoft.com</a></p><hr class="sig">Monty JainThu, 15 Jan 2009 09:21:18 Z2009-01-15T09:21:18Z