none
MS Filtering Engine Update -Unsuccessful

    General discussion

  • Hi all

    Its me again.

    I am trying to update the inbuilt malware definitions according to the instructions in article.

    http://technet.microsoft.com/en-us/library/jj657471.aspx

    & $env:ExchangeInstallPath\Scripts\Update-MalwareFilteringServer.ps1 -Identity <FQDN of server>

    I am getting the following two events  see below on all the mailbox servers. I obviously cannot go into production Exchange 2013 RTM on Windows 2012 Servers and Domaincontrollers.

    Log Name:      Application
    Source:        Microsoft-Filtering-FIPFS
    Date:          1/29/2013 2:50:45 PM
    Event ID:      6027
    Task Category: None
    Level:         Error
    Keywords:     
    User:          NETWORK SERVICE
    Computer:    Removed To Protect The Innocent 
    Description:
    MS Filtering Engine Update process was unsuccessful in contacting the Primary Update Path. Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
        <EventID>6027</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-01-29T12:50:45.262896300Z" />
        <EventRecordID>120660</EventRecordID>
        <Correlation />
        <Execution ProcessID="2584" ThreadID="3752" />
        <Channel>Application</Channel>
        <Computer>Removed To Protect The Innocent
        <Security UserID="S-1-5-20" />
      </System>
      <EventData>
        <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
      </EventData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Filtering-FIPFS
    Date:          1/29/2013 2:53:25 PM
    Event ID:      6024
    Task Category: None
    Level:         Information
    Keywords:     
    User:          NETWORK SERVICE
    Computer:     Removed To Protect The Innocent
    Description:
    MS Filtering Engine Update process is checking for new engine updates.
     Scan Engine: Microsoft
     Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
        <EventID>6024</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-01-29T12:53:25.654390000Z" />
        <EventRecordID>120667</EventRecordID>
        <Correlation />
        <Execution ProcessID="2584" ThreadID="3752" />
        <Channel>Application</Channel>
        <Computer> Removed To Protect The Innocent
        <Security UserID="S-1-5-20" />
      </System>
      <EventData>
        <Data Name="EngineName">Microsoft</Data>
        <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
      </EventData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Filtering-FIPFS
    Date:          1/29/2013 2:56:07 PM
    Event ID:      6030
    Task Category: None
    Level:         Information
    Keywords:     
    User:          NETWORK SERVICE
    Computer:   Removed To Protect The Innocent  
    Description:
    MS Filtering Engine Update process is attempting to download a scan engine update.
     Scan Engine: Microsoft
     Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
        <EventID>6030</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-01-29T12:56:07.715314800Z" />
        <EventRecordID>120668</EventRecordID>
        <Correlation />
        <Execution ProcessID="2584" ThreadID="3748" />
        <Channel>Application</Channel>
        <Computer> Removed To Protect The Innocent
        <Security UserID="S-1-5-20" />
      </System>
      <EventData>
        <Data Name="EngineName">Microsoft</Data>
        <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
      </EventData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Filtering-FIPFS
    Date:          1/29/2013 3:48:03 PM
    Event ID:      7003
    Task Category: None
    Level:         Information
    Keywords:     
    User:          NETWORK SERVICE
    Computer:    Removed To Protect The Innocent 
    Description:
    MS Filtering Engine Update process has successfully scheduled all update jobs.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
        <EventID>7003</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-01-29T13:48:03.321784200Z" />
        <EventRecordID>120776</EventRecordID>
        <Correlation />
        <Execution ProcessID="2584" ThreadID="21120" />
        <Channel>Application</Channel>
        <Computer>Removed To Protect The Innocent</Computer>
        <Security UserID="S-1-5-20" />
      </System>
      <EventData>
      </EventData>
    </Event>

    Regards

    Bright

    Wednesday, January 30, 2013 9:45 AM

All replies

  • I'm experiencing exactly the same issue. Both scheduled and manually initiated updates result in the same Event Log error.

    I tried disabling/re-enabling the malware scanning component.  Upon re-enabling, the script tries to initiate an update which seems to hang and then is retried several times before ultimately failing.  The output of Enable-AntimalwareScanning.ps1 is below:

    Checking for engines updated after 21/02/2013 09:58:59.
    Updating Microsoft. Last updated : 01/01/1900 00:00:00
    ...
    
    <the above repeats upwards of 20 times over 30 mins>
    
    Update-AntimalwareEngines : Engines could not be updated. Please investigate.
    At M:\Exchange\V15\Scripts\Enable-AntimalwareScanning.ps1:113 char:1
    + Update-AntimalwareEngines
    + ~~~~~~~~~~~~~~~~~~~~~~~~~    
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException    
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Update-AntimalwareEngines

    Would be great to get this component working.

    Thursday, February 28, 2013 10:40 AM
  • I too am having the same problem. Is there a fix?

    MarkU

    Wednesday, May 01, 2013 3:57 PM
  • We installed CU1 for Exchange 2013 and this fixed the engine update problem. However, it introduced an issue where users are no longer able to download attachments in OWA (despite logging in as 'private' and the file access settings being allowed), so you might want to hold off upgrading to CU1.

    MarkU

    Wednesday, May 15, 2013 4:43 PM
  • Our servers were installed with CU1 and we are experiencing the same failures in the updates. Is there any resolution?
    Tuesday, June 25, 2013 5:25 PM
  • I found the answer or workaround if you wish -  http://support.microsoft.com/kb/929074/pl

    I've described today procedure on my blog, you can use translator - blog is in polish - http://pepugmaster.blogspot.com/2013/08/problem-z-aktualizacja-antimalware-w.html


    Regards, Konrad Sagala, MCT, MCSE+M, MCITP: Exchange 2007/2010, Lync 2010, Office365, Windows 2008, Virtualization

    Wednesday, August 21, 2013 2:03 PM