Masuk
 
AwalPerpustakaanWikiPelajariUnduhDukunganKomunitasForum
Resources for IT Professionals >
FCS flagging its own Process

Jawab FCS flagging its own Process

  • 19 Desember 2011 15:12
     
     
    Masuk untuk Memilih
    0

    Hello-

     

    I received this alert in the Event Log.

    Basically, FCS is flagging its own Scheduled Task as "Unclassified Software":

    Forefront Client Security:

     

    Microsoft Forefront Client Security Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Microsoft Forefront Client Security can't undo changes that you allow.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409
    Scan ID: {370609DF-7A5D-448B-AF3D-68E58F9FD610}
    Agent: Application Registration
    User: XXX\YYY
    Name: Unknown
    ID:
    Severity: Not Yet Classified
    Category: Not Yet Classified
    Path Found: file:C:\WINDOWS\tasks\MP Scheduled Scan.job;file:C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe;taskscheduler:C:\WINDOWS\tasks\MP Scheduled Scan.job
    Alert Type: Unclassified software
    Process Name:
    Detection Type:
    Status:

     

    This has happened a few times already.  

    Anyone know why FCS would flag itself?  or is there a way to get rid of this alert?

     

    Thanks

     

    Andrew

     


     

Semua Balasan

  • 20 Desember 2011 2:05
    Moderator
     
     
    Masuk untuk Memilih
    0

    Hi Andrew,
     
    Thank you for your post.

    I'd like to collect more information about your issue:
    1.Update to the latest definition and post FCS/definition version to us
    2.The issue occurred on all FCS clients or just several client, which OS version?
    3.Try to manual run the schedule scan task, check the task log if exist any errors
    4.Check the FCS/DB server if disk space full or exist any event log errors

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,

    Rick Tan

    TechNet Community Support

     
  • 20 Desember 2011 13:45
     
     
    Masuk untuk Memilih
    0

     

    Thanks.

     

    1. Client is updated properly:
     

    Virus Definitions Version
    1.117.1378.0 (Virus Definitions built on 12/19/2011 10:29:04 AM)
    Spyware Definitions Version
    1.117.1378.0 (Spyware Definitions built on 12/19/2011 10:29:05 AM)
    Antimalware Engine Version
    1.1.7903.0
    SSA Engine Version
    1.0.1703.0
    SSA Definitions Version
    1.0.1710.103
    Antimalware Service Version
    1.5.1937.0
    SSA Service Version
    1.0.1703.0

     

    2. So far, just this client

    3. No errors in the Schedlgu.txt file.

    4. FCS-Db has plenty of disk space.  No errors in the Event Log.

     

    My last resort would be to uninstall\reinstall FCS.  I'm just not sure if that'll resolve the issue.



     
  • 21 Desember 2011 4:53
    Moderator
     
     Jawab
    Masuk untuk Memilih
    0

    Hi Andrew,
     
    Well, just one client is affected. It's ok to uninstall\reinstall FCS.

    Regards,

    Rick Tan

    TechNet Community Support