I have Forefront for SharePoint version 10.2.0945.0 SP3 installed on Web Front End servers (clustered). This setup is duplicated in two domains: Live & Development.
In the Development environment, Forefront is doing as it should, and the only AV Scan Engines that are shown are the current 5 that are supported by Forefront.
In the Live environment, however, I have some strange stuff going on:
- <SETTINGS> <Antivirus> - AhnLab AV Scan Engine is UNCHECKED in the list of Files Scanners
- <SETTINGS> <Antivirus> - Sophos AV Scan Engine is not shown in the list of File Scanners
- <SETTINGS> <Scanner Updates> - AhnLan Antivirus Scan Engine is DISABLED
- <SETTINGS> <Scanner Updates> - Sophos Antivirus Scan Engine not shown in the list
- In the server's Application Log I have errors regard AhnLab and Sophos, stating that the Scan Engine Update failed for Sophos & AhnLab with an error code of 0x80004005.
I don't want Sophos or AhnLab to be checking for updates, thats why they have been unchecked and disabled in the above locations where possible. I'm especially confused by Sophos trying to update when it doesn't appear in the Forefront Administrator screens. See below for an example of the Application Log information:
Log Name: Application
Date: 21/09/2010 07:43:00
Event ID: 6014
Task Category: Engine Error
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Sophos
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Sophos
Proxy Settings: Disabled
Error Code: 0x80004005
Description: An error occurred while checking if an update was available.
<Provider Name="GetEngineFiles" />
<TimeCreated SystemTime="2010-09-21T06:43:00.000Z" />
<Data>Proxy Settings: Disabled</Data>
<Data>Description: An error occurred while checking if an update was available.</Data>
How can I stop Forefront trying to update engines that I have already set to Disabled in the scheduler or don't even appear in the Forefront software, so as to stop getting errors in the Application Log?
Thanks in advance.
Tuesday, September 21, 2010 10:48 AM
- Edited by Yabusame Tuesday, September 21, 2010 10:52 AM Additional info about Development domain
Thank you for the post.
Please go to the scheduled tasks and see if the tasks for these engine updates are still alive. If yes, go ahead and disable or delete those and monitor.
Nick Gu - MSFT
Wednesday, September 22, 2010 7:50 AMModerator
- Marked as answer by Yabusame Wednesday, September 22, 2010 8:46 AM