Sign in
 
HomeLibraryLearnDownloadsSupportForums
Forefront Client Security TechCenter > Forefront Client Security Forums > Forefront Client Security - General > Forefront Client Security engine crashing
Ask a questionAsk a question
Search Forums:
 

QuestionForefront Client Security engine crashing

  • Thursday, May 01, 2008 3:07 PMjoanbennett Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Over the past few days, we've had a handful of Forefront client crashes. MOM alerts by sending Error Alert - Scanning Failed (Alert Level 3). Had both a server (Windows 2003 SP2)  and a handful of clients (XP SP2) crash. Has anyone else seen had recent behavior changes like this?

     

All Replies

  • Thursday, May 01, 2008 5:06 PMJBark Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Yup, we're getting a lot of reports of this happening when it tries to run the policy defined scan (2:00am)

     

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7031
    Date:  5/1/2008
    Time:  8:02:53 AM
    User:  N/A
    Computer: HNS277798
    Description:
    The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: FCSAM
    Event Category: None
    Event ID: 5008
    Date:  5/1/2008
    Time:  2:02:38 AM
    User:  N/A
    Computer: HNS277798
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
      Failure Type: Crash
      Exception code: 0xc0000005
      Resource: file:C:\Documents and Settings\boogername\Cookies\boogername@serving-sys[1].txt

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

     
  • Friday, May 30, 2008 7:48 PMKurt FaldeMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    If you can reproduce this easily please call in and open a case with CSS Security as we would definitely like to figure out if there is an issue here that needs to be fixed. Thanks.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response)
     
  • Sunday, June 07, 2009 6:43 AMErikGraber Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I am having the same problem too with about three of my servers.

     Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
    Failure Type: Crash
    Exception code: 0xc0000005
    Resource: file:C:\Documents and Settings\Administrator.PGC\Local Settings\Temporary Internet Files\Content.IE5\WPM3U5KJ\survey[2].js 

    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
    Failure Type: Crash
    Exception code: 0xc0000005
    Resource: file:C:\Documents and Settings\Administrator.PGC\Local Settings\Temporary Internet Files\Content.IE5\KPUR096V\survey[1].js Domain: PGC
    Computer: PGC03DC02
    Time: 6/7/2009 2:24:41 AM
    Type: Error
    Provider Name: Script-generated Data
    Event Number: 5008
    Provider Type: Generic Provider
    Source: FCSAM
    Category: 
    Raises Alert: True
    Consolidated: 
    From: 
    To: 
    Event Id: bb63911f-dcec-4e8c-836b-ea1bc4377ff9
     
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
    Failure Type: Crash
    Exception code: 0xc0000005
    Resource: file:C:\Documents and Settings\Administrator.PGC\Local Settings\Temporary Internet Files\Content.IE5\KPUR096V\survey[1].js Domain: PGC
    Computer: PGC03DC02
    Time: 6/7/2009 2:24:41 AM
    Type: Error
    Provider Name: Script-generated Data
    Event Number: 5008
    Provider Type: Generic Provider
    Source: FCSAM
    Category: 
    Raises Alert: True
    Consolidated: 
    From: 
    To: 
    Event Id: bb63911f-dcec-4e8c-836b-ea1bc4377ff9
     
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
    Failure Type: Crash
    Exception code: 0xc0000005
    Resource: file:C:\Documents and Settings\administrator.PGC\Local Settings\Temporary Internet Files\Content.IE5\01GD6JYH\survey[1].js Domain: PGC
    Computer: PGC03FPS01
    Time: 6/7/2009 2:24:47 AM
    Type: Error
    Provider Name: Script-generated Data
    Event Number: 5008
    Provider Type: Generic Provider
    Source: FCSAM
    Category: 
    Raises Alert: True
    Consolidated: 
    From: 
    To: 
    Event Id: eede7c4a-065d-4fde-84ae-b1a1437df836
     
     
  • Thursday, June 11, 2009 3:17 PMKurt FaldeMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Erik if you could see if you can find those .js files in those profiles and email them to me.  kfalde is my email alias. Even if you can't find them send me an email this is 2nd case were seeing now with crashing on some .js files and trying to figure out what is going on. Thanks
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
     
  • Monday, June 15, 2009 6:01 PMKurt FaldeMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Apparently this is probably due to a faulty signature that was in a definition release as we had another case like this.  Current signatures shouldn't have the problem let me know if you do experience it again though.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
     
  • Thursday, September 03, 2009 9:47 PMFeren Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Hi Kurt,

    I'm having the same problem as Erik was back in June - but with a different file.  THe most recent issue appears to be cropping up with MSDOS.SYS, as seen in these pulls from my Event Viewer:

    Event Type: Error
    Event Source: FCSAM
    Event Category: None
    Event ID: 5008
    Date:  8/30/2009
    Time:  4:08:07 PM
    User:  N/A
    Computer: CATSLAVE
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
      Failure Type: Crash
      Exception code: 0xc0000005
      Resource: file:C:\MSDOS.SYS

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: FCSAM
    Event Category: None
    Event ID: 5008
    Date:  8/30/2009
    Time:  5:35:00 PM
    User:  N/A
    Computer: CATSLAVE
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
      Failure Type: Crash
      Exception code: 0xc0000005
      Resource: file:C:\MSDOS.SYS

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: FCSAM
    Event Category: None
    Event ID: 5008
    Date:  8/31/2009
    Time:  9:44:02 PM
    User:  N/A
    Computer: CATSLAVE
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
      Failure Type: Crash
      Exception code: 0xc0000005
      Resource: file:C:\MSDOS.SYS

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: FCSAM
    Event Category: None
    Event ID: 5008
    Date:  9/3/2009
    Time:  4:17:27 PM
    User:  N/A
    Computer: CATSLAVE
    Description:
    Microsoft Forefront Client Security engine has been terminated due to an unexpected error.
      Failure Type: Crash
      Exception code: 0xc0000005
      Resource: file:C:\MSDOS.SYS

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    System is Windows XP Pro SP3, all OS and Forefront updates applied
    Forefront is client version 1.5.1972.0  
    Forefront engine 1.1.5005.0
    Antivirus definition 1.65.330.0
    ANtispyware definition 1.65.330.0

    This has been going on since 8/28, though 8/28 through 8/30 Forefront was crashing on a different file than MSDOS.SYS