Kaspersky Engine is not updating successfully on Forefront/Antigen installations on both Exchange and Sharepoint

All Replies

• Thursday, January 10, 2008 2:05 PM

   

   
  

  0

  As an update to this issue:

   

  It is not that the increased EngineDownloadTimeOut value resolved the issue.  The fact is that Kaspersky has changed an aspect of their updates within the past few days that was root of the issue regarding both Forefront and Antigen for Sharepoint installations.  This correction has allowed Kaspersky updates to complete successfully.

   

  During the window of time that the issue was occurring you may have accumulated some stale directories under the Kaspersky folder structure while the updates were failing.  These directories will be under the "Package" directory under "Engines" in the Forefront/Antigen program location.  These directories are named for the update version, ex: 08011000002.  You will want to delete all of these directories manually.  Once that is done you should be able to successfully update Kaspersky and subsequent updates should succeed as well.  If these directories are not manually deleted it is possible that the auto update may timeout while attempting to delete the directories as part of the update process.

   

  We strongly recommend that you apply the fix that will be available for this type of issue should it occur again with Kaspersky or any of the other engine vendors.  These fixes will be made available very soon.

   

  Thank you,

   

  Ryan McGrath

   

  • Marked As Answer by Jim MoliniMicrosoft Employee Saturday, September 27, 2008 6:48 PM
  •  
   
• Friday, October 03, 2008 5:14 PM

   

   
  

  0
  I am having issues with the Kaspersky scan engine updates with Forefront Security for SharePoint.  CPU utilization increases quite substantially during each occurance of this issue.  The error messages are not the same as what is described in this thread or in KB 947187.  I get these every hour:
  
  Event Log
  
  Event Type:    Error
  Event Source:    GetEngineFiles
  Event Category:    Engine Error
  Event ID:    6014
  Date:        10/2/2008
  Time:        1:40:10 PM
  User:        N/A
  Computer:    ----
  Description:
  Microsoft Forefront Server Security encountered an error while performing a scan engine update.
     Scan Engine: Kaspersky5
     Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5
     Proxy Settings: Disabled
     Error Code: 0xC0001F58
     Description: The operation timed out.
  
  ----------
  
  Event Type:    Information
  Event Source:    GetEngineFiles
  Event Category:    General
  Event ID:    2017
  Date:        10/2/2008
  Time:        1:40:14 PM
  User:        N/A
  Computer:    ----
  Description:
  Forefront Server Security has rolled back a scan engine.
     Scan Engine: Kaspersky5
  
  ProgramLog.txt
  
  Thu Oct 02 15:35:00 2008 ( 4756- 5452), "INFORMATION: Attempting to download the Kaspersky5 scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5."
  Thu Oct 02 15:38:06 2008 ( 4756- 5452), "INFORMATION: The Kaspersky5 scan engine has been downloaded"
  Thu Oct 02 15:40:04 2008 ( 4756- 5452), "INFORMATION: The Kaspersky5 scan engine has been staged."
  Thu Oct 02 15:40:04 2008 ( 5728- 4216), "INFORMATION: Testing the Kaspersky5 scan engine."
  Thu Oct 02 15:40:10 2008 ( 4756- 3032), "ERROR: The Kaspersky5 scan engine update timed out while loading scanner"
  Thu Oct 02 15:40:10 2008 ( 4756- 5452), "ERROR: The scan engine update thread has been stopped due to a timeout condition while rolling back the scanner update."
  Thu Oct 02 15:40:14 2008 ( 4756- 3032), "INFORMATION: The Kaspersky5 scan engine has been rolled back."
  
  Would the existing KB 947187 HOTFIX resolve this?
  
  

  • Edited by Frederick Lin Friday, October 03, 2008 5:16 PM
  •  
   
• Thursday, November 13, 2008 9:31 AM

   

   
  

  0
  Hi
  
  Just to report I also had this problem with Kaspersky upgrades on Forefront.
  
  Following various threads I
  
  a) Deleted the Kaspersky folders - C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\Data\Engines\x86\Kaspersky5. Ran the upgrade which still failed
  
  b) Applied KB947187 Hotfix.  Still no joy
  
  c) Increased the Forefront timeout by creating registry key as per http://www.expta.com/2008/02/fix-for-forefront-update-timeout-errors.html
  
  Eureka!  Forefront is now happy.
  
  Steve
  
  

  • Proposed As Answer by Grand Wazoo Thursday, November 13, 2008 9:31 AM
  •  
   
• Thursday, November 20, 2008 8:52 PM

   

   
  

  0

  I have installed Forefront for Sharepoint with SP2. All the virus defination are updating via Forefront Server Security Management Console. Defination are updating but still i am getting error in the event viewer of my Forefront Sharepoint Server.
  
  Event Type:    Error
  Event Source:    GetEngineFiles
  Event Category:    Engine Error
  Event ID:    6014
  Date:        10/2/2008
  Time:        1:40:10 PM
  User:        N/A
  Computer:    ABCDEF
  Description:
  Microsoft Forefront Server Security encountered an error while performing a scan engine update.
     Scan Engine: Kaspersky5
     Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5
     Proxy Settings: Disabled
     Error Code: 0xC0001F58
     Description: The operation timed out.
  
  
  Any one have any idea how to remove this error. The Forefront for Sharepoint is not allowed to go to internet via proxy.

  ---

  ZNM
   
• Friday, November 21, 2008 12:50 AM

   

   
  

  1

  Hello Zakaria Muhammad:
  
  - Your issue looks to be a timeout issue with the Forefront definitions
  - Within Support - I started to notice that the Kaspersky engine takes more longer than the rest of the other scan engine definitions
  - Please increase the "EngineDownloadTimeout" value from the registry from the following KB below:
  
  http://support.microsoft.com/kb/939411/en-us
  
  
  

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then right-click the following registry subkey, as appropriate for your version of Forefront Security.
     Back to the top

     Microsoft Forefront Security for Exchange

     • For AMD64-based computers:
       HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
     Back to the top

     Microsoft Forefront Security for SharePoint

     • For x86-based computers:
       HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Server Security\Sharepoint
     • For AMD64-based computers:
       HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Sharepoint
  3. Click New, and then click DWORD Value.
  4. Type EngineDownloadTimeout, and then press ENTER.
  5. Right-click EngineDownloadTimeout, and then click Modify.
  6. Type 600 in the Value data box, and then click OK. This setting causes the scan engine download process to time out after 600 seconds (10 minutes).
  7. Exit Registry Editor.

  ****  IF the problem continues, Continue to increase the regkey to a higher value   ******

  Note You do not have to restart Forefront Server services or Exchange Server services after you change this registry entry.

  ---

  John

  • Edited by John Castillo - MSFT Friday, November 21, 2008 12:58 AM edit
  • Proposed As Answer by Calin Ionescu Thursday, May 21, 2009 11:20 AM
  •  
   
• Thursday, December 04, 2008 7:20 PM

   

   
  

  0
  Hi John
  
  Thanks for your reply. Actually i solved the probelm. since the DAT's are updated by Forefront Server Security Management Console so for this we have to disable the update feature from Forefront for Sharepoint and Exchange Admin Console. this will not populate the error in your FSSMC alert reports.
  
  As far as Kaspershy5 update is concern i do not have any issue in updateing DAT's on my Sharepoint Server.
  
  Thanks
  
  Zak

  ---

  ZNM