none
Not all of the antimalware engines enabled for updates successfully updated at the last attempt - Forefront for exchange 2010 SP1

    Question

  • Hello All,

    I do have an issue on our Exchange 2010 SP1 nodes (2) installed with Forefront for Exchange v 11.0.677.0.  In the dashboard it always shows warning events > (''not all of the antimalware engines enabled for updates successfully updated at the last attempt / At least one of the antimalwares engines enabled for updates has not been updated for the last five days '' ).

    In one of the similar threads (seemingly) http://social.technet.microsoft.com/Forums/en-AU/FSENext/thread/d665631b-dabe-42f9-a941-87a47740400d?prof=required ,    I found a solution but has slight differance from what I have

    ===

    In those paths

    • C:\Documents and Settings\All Users\Application Data\Kaspersky SDK\
    • C:\ProgramData\Kaspersky SDK\

    I see files respectively,

    • storage623F191573B94cc49445DF4C23FB6506_kavsdk5.dat
    • storage623F191573B94cc49445DF4C23FB6506_kavsdk5.dat

    ===

    Could someone suggest any actions on them like the one which solved issues for the asker?  Please suggest further tips...

    Insaf





    Sunday, February 19, 2012 1:03 PM

Answers

  • Hi,

    first of all check the eventlog which engine fails to update. You can also see the information in the module summary.

    If it is the Kaspersky engine I would rename those files and try a manual update.

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Monday, February 20, 2012 11:49 AM
  •  

    Hi,

    Thank you for the post.

    Like Christian said, we need know which engine fails to update. And is your updating through a proxy server?  If so make sure that the proxy server information is entered in FPE.

    Regarding Cloudmark, make sure your firewall is allowing the Cloudmark engine access to the Cloudmark.com sites to retrieve microupdates.  The Cloudmark engine is updated from forefrontdl.microsoft.com, where all the AV engines are updated from, but the actual Cloudmark definitions (microupdates) are updated from Cloudmark.com sites.

    If antispam is enabled, the server requires Internet connectivity in order to obtain and download the definition updates for the Cloudmark antispam engine directly from the Cloudmark Web sites. Also, ensure that proxy information has been entered, if required. The following URLs (and any subdomains under them) and the use of http and https must be allowed through the firewall:

      • cdn-microupdates.cloudmark.com
      • lvc.cloudmark.com
      • tracks.cloudmark.com
      • pki.cloudmark.com

    Regards,


    Nick Gu - MSFT

    Tuesday, February 21, 2012 3:39 AM
    Moderator

All replies

  • Hi,

    first of all check the eventlog which engine fails to update. You can also see the information in the module summary.

    If it is the Kaspersky engine I would rename those files and try a manual update.

    Greetings

    Christian


    Christian Groebner MVP Forefront

    Monday, February 20, 2012 11:49 AM
  •  

    Hi,

    Thank you for the post.

    Like Christian said, we need know which engine fails to update. And is your updating through a proxy server?  If so make sure that the proxy server information is entered in FPE.

    Regarding Cloudmark, make sure your firewall is allowing the Cloudmark engine access to the Cloudmark.com sites to retrieve microupdates.  The Cloudmark engine is updated from forefrontdl.microsoft.com, where all the AV engines are updated from, but the actual Cloudmark definitions (microupdates) are updated from Cloudmark.com sites.

    If antispam is enabled, the server requires Internet connectivity in order to obtain and download the definition updates for the Cloudmark antispam engine directly from the Cloudmark Web sites. Also, ensure that proxy information has been entered, if required. The following URLs (and any subdomains under them) and the use of http and https must be allowed through the firewall:

      • cdn-microupdates.cloudmark.com
      • lvc.cloudmark.com
      • tracks.cloudmark.com
      • pki.cloudmark.com

    Regards,


    Nick Gu - MSFT

    Tuesday, February 21, 2012 3:39 AM
    Moderator