locked
Issues installing Forefront RRS feed

  • Question

  • I had some malware infect a machine.  I noticed Forefront was not running properly already.

    Removed malware and spyware.  Tried to uninstall and reinstall forefront.  Now I'm not able to intall Forefront.  Unable to install Antimalware for forefront.

    MSI (s) (40:A0) [12:28:45:618]: Note: 1: 1708

    MSI (s) (40:A0) [12:28:45:618]: Product: Microsoft Forefront Client Security Antimalware Service -- Installation failed.

     

    MSI (s) (40:A0) [12:28:45:618]: Windows Installer installed the product. Product Name: Microsoft Forefront Client Security Antimalware Service. Product Version: 1.5.1937.3. Product Language: 1033. Installation success or error status: 1603.

     

    MSI (s) (40:A0) [12:28:45:618]: Cleaning up uninstalled install packages, if any exist

    MSI (s) (40:A0) [12:28:45:618]: MainEngineThread is returning 1603

    MSI (s) (40:2C) [12:28:45:734]: No System Restore sequence number for this installation.

    === Logging stopped: 10/09/07  12:28:45 ===

    MSI (s) (40:2C) [12:28:45:734]: User policy value 'DisableRollback' is 0

    MSI (s) (40:2C) [12:28:45:734]: Machine policy value 'DisableRollback' is 0

    MSI (s) (40:2C) [12:28:45:734]: Incrementing counter to disable shutdown. Counter after increment: 0

    MSI (s) (40:2C) [12:28:45:734]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

    MSI (s) (40:2C) [12:28:45:734]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

    MSI (s) (40:2C) [12:28:45:734]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1

    MSI (s) (40:2C) [12:28:45:734]: Restoring environment variables

    MSI (c) (54:A4) [12:28:45:734]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1

    MSI (c) (54:A4) [12:28:45:734]: MainEngineThread is returning 1603

    === Verbose logging stopped: 10/09/07  12:28:45 ===

    Anyone help?

    Wednesday, September 8, 2010 2:34 PM

Answers

  • Hi,

     

    Thank you for the post.

     

    How do you deploy the FCS client? Group Policy or manually installed? What is the OS version that installed FCS?

     

    To manually remove Client Security from the client computer

    1. On the client computer, make sure that the Client Security agent is closed.
    2. In Control Panel, double-click Add/Remove Programs.
    3. In the Add/Remove Programs dialog box, remove the following programs:
      • Microsoft Forefront Client Security Antimalware Service
      • Microsoft Forefront Client Security State Assessment Service
      • Microsoft Operations Manager 2005 Agent
    4. Restart the client computer.

     

    After that, please reinstall FCS and see if it works.

     

    Regards,

    Thursday, September 9, 2010 9:33 AM
    Moderator

All replies

  • Hi,

     

    Thank you for the post.

     

    How do you deploy the FCS client? Group Policy or manually installed? What is the OS version that installed FCS?

     

    To manually remove Client Security from the client computer

    1. On the client computer, make sure that the Client Security agent is closed.
    2. In Control Panel, double-click Add/Remove Programs.
    3. In the Add/Remove Programs dialog box, remove the following programs:
      • Microsoft Forefront Client Security Antimalware Service
      • Microsoft Forefront Client Security State Assessment Service
      • Microsoft Operations Manager 2005 Agent
    4. Restart the client computer.

     

    After that, please reinstall FCS and see if it works.

     

    Regards,

    Thursday, September 9, 2010 9:33 AM
    Moderator
  • My friends,

    I'm having the same problem

    How do you deploy the FCS client? Manualy
    Group Policy or manually installed?  Yes
    What is the OS version that installed FCS? Windows 2003 ENU X86

    follows gift my server log.

    2010-10-14 17:03:38  Microsoft Forefront Client Security (1.0.1703.0) -- Installation started
    2010-10-14 17:03:38  Hardware requirement check passed.
    2010-10-14 17:03:38  OS requirement check passed.
    2010-10-14 17:03:38  Software requirement check passed.
    2010-10-14 17:04:13  MOM Installation Completed Successfully.
    2010-10-14 17:04:42  SSA Installation Completed Successfully.
    2010-10-14 17:04:45  AM Installation Failed.  See FCSAM.log for details.
    2010-10-14 17:04:45  Microsoft Forefront Client Security -- Installation failed.
    -----------------------------------------------------------------------------------------------------------------------------

    === Verbose logging started: 14/10/2010  17:04:42  Build type: SHIP UNICODE 3.01.4000.4042  Calling process: C:\Documents and Settings\Administrador\Desktop\ShareX86\CLIENTSETUP.EXE ===
    MSI (c) (70:74) [17:04:42:968]: Resetting cached policy values
    MSI (c) (70:74) [17:04:42:968]: Machine policy value 'Debug' is 0
    MSI (c) (70:74) [17:04:42:968]: ******* RunEngine:
               ******* Product: C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi
               ******* Action:
               ******* CommandLine: **********
    MSI (c) (70:74) [17:04:42:968]: Client-side and UI is none or basic: Running entire install on the server.
    MSI (c) (70:74) [17:04:42:968]: Grabbed execution mutex.
    MSI (c) (70:74) [17:04:42:984]: Cloaking enabled.
    MSI (c) (70:74) [17:04:42:984]: Attempting to enable all disabled priveleges before calling Install on Server
    MSI (c) (70:74) [17:04:42:984]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (F4:94) [17:04:42:984]: Grabbed execution mutex.
    MSI (s) (F4:80) [17:04:42:984]: Resetting cached policy values
    MSI (s) (F4:80) [17:04:42:984]: Machine policy value 'Debug' is 0
    MSI (s) (F4:80) [17:04:42:984]: ******* RunEngine:
               ******* Product: C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi
               ******* Action:
               ******* CommandLine: **********
    MSI (s) (F4:80) [17:04:42:984]: Machine policy value 'DisableUserInstalls' is 0
    MSI (s) (F4:80) [17:04:43:000]: File will have security applied from OpCode.
    MSI (s) (F4:80) [17:04:43:015]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi' against software restriction policy
    MSI (s) (F4:80) [17:04:43:015]: SOFTWARE RESTRICTION POLICY: C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi has a digital signature
    MSI (s) (F4:80) [17:04:44:843]: SOFTWARE RESTRICTION POLICY: C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi is permitted to run at the 'unrestricted' authorization level.
    MSI (s) (F4:80) [17:04:44:843]: End dialog not enabled
    MSI (s) (F4:80) [17:04:44:843]: Original package ==> C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi
    MSI (s) (F4:80) [17:04:44:843]: Package we're running from ==> C:\WINDOWS\Installer\1f2001.msi
    MSI (s) (F4:80) [17:04:44:843]: APPCOMPAT: looking for appcompat database entry with ProductCode '{436028CD-6476-4224-9274-8F0320F30FD1}'.
    MSI (s) (F4:80) [17:04:44:843]: APPCOMPAT: no matching ProductCode found in database.
    MSI (s) (F4:80) [17:04:44:843]: MSCOREE not loaded loading copy from system32
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'TransformsSecure' is 1
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'DisablePatch' is 0
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'AllowLockdownPatch' is 0
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'DisableLUAPatching' is 0
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'DisableFlyWeightPatching' is 0
    MSI (s) (F4:80) [17:04:44:843]: APPCOMPAT: looking for appcompat database entry with ProductCode '{436028CD-6476-4224-9274-8F0320F30FD1}'.
    MSI (s) (F4:80) [17:04:44:843]: APPCOMPAT: no matching ProductCode found in database.
    MSI (s) (F4:80) [17:04:44:843]: Transforms are not secure.
    MSI (s) (F4:80) [17:04:44:843]: Note: 1: 2205 2:  3: Control
    MSI (s) (F4:80) [17:04:44:843]: Command Line: REBOOT=ReallySuppress INSTALLDIR=C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware CURRENTDIRECTORY=C:\Documents and Settings\Administrador\Desktop\ShareX86 CLIENTUILEVEL=3 CLIENTPROCESSID=5488
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{5B8AF6DD-2FA2-41AB-89F0-591F35A3A665}'.
    MSI (s) (F4:80) [17:04:44:843]: Product Code passed to Engine.Initialize:           ''
    MSI (s) (F4:80) [17:04:44:843]: Product Code from property table before transforms: '{436028CD-6476-4224-9274-8F0320F30FD1}'
    MSI (s) (F4:80) [17:04:44:843]: Product Code from property table after transforms:  '{436028CD-6476-4224-9274-8F0320F30FD1}'
    MSI (s) (F4:80) [17:04:44:843]: Product not registered: beginning first-time install
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
    MSI (s) (F4:80) [17:04:44:843]: Entering CMsiConfigurationManager::SetLastUsedSource.
    MSI (s) (F4:80) [17:04:44:843]: User policy value 'SearchOrder' is 'nmu'
    MSI (s) (F4:80) [17:04:44:843]: Adding new sources is allowed.
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
    MSI (s) (F4:80) [17:04:44:843]: Package name extracted from package path: 'mp_ambits.msi'
    MSI (s) (F4:80) [17:04:44:843]: Package to be registered: 'MP_AMBITS.MSI'
    MSI (s) (F4:80) [17:04:44:843]: Note: 1: 2729
    MSI (s) (F4:80) [17:04:44:843]: Note: 1: 2729
    MSI (s) (F4:80) [17:04:44:843]: Note: 1: 2262 2: AdminProperties 3: -2147287038
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'DisableMsi' is 1
    MSI (s) (F4:80) [17:04:44:843]: Machine policy value 'AlwaysInstallElevated' is 0
    MSI (s) (F4:80) [17:04:44:843]: User policy value 'AlwaysInstallElevated' is 0
    MSI (s) (F4:80) [17:04:44:843]: Product installation will be elevated because user is admin and product is being installed per-machine.
    MSI (s) (F4:80) [17:04:44:843]: Running product '{436028CD-6476-4224-9274-8F0320F30FD1}' with elevated privileges: Product is assigned.
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding INSTALLDIR property. Its value is 'C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware'.
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'C:\Documents and Settings\Administrador\Desktop\ShareX86'.
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '5488'.
    MSI (s) (F4:80) [17:04:44:843]: TRANSFORMS property is now:
    MSI (s) (F4:80) [17:04:44:843]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Application Data
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Favorites
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\NetHood
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\My Documents
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\PrintHood
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Recent
    MSI (s) (F4:80) [17:04:44:859]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\SendTo
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Templates
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Local Settings\Application Data
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\My Documents\My Pictures
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
    MSI (s) (F4:80) [17:04:44:875]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Start Menu\Programs
    MSI (s) (F4:80) [17:04:44:890]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Start Menu
    MSI (s) (F4:80) [17:04:44:890]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Administrator\Desktop
    MSI (s) (F4:80) [17:04:44:890]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
    MSI (s) (F4:80) [17:04:44:890]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
    MSI (s) (F4:80) [17:04:44:890]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
    MSI (s) (F4:80) [17:04:44:890]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Greiner'.
    MSI (s) (F4:80) [17:04:44:890]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding COMPANYNAME property. Its value is 'Greiner Bio-One Brasil'.
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'C:\WINDOWS\Installer\1f2001.msi'.
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'C:\Documents and Settings\Administrador\Desktop\ShareX86\mp_ambits.msi'.
    MSI (s) (F4:80) [17:04:44:890]: Note: 1: 2205 2:  3: PatchPackage
    MSI (s) (F4:80) [17:04:44:890]: Machine policy value 'DisableRollback' is 0
    MSI (s) (F4:80) [17:04:44:890]: User policy value 'DisableRollback' is 0
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
    === Logging started: 14/10/2010  17:04:44 ===
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
    MSI (s) (F4:80) [17:04:44:890]: Doing action: INSTALL
    MSI (s) (F4:80) [17:04:44:890]: Running ExecuteSequence
    MSI (s) (F4:80) [17:04:44:890]: Doing action: AppSearch
    Action start 17:04:44: INSTALL.
    Action start 17:04:44: AppSearch.
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding MSI_INSTALLED property. Its value is 'C:\WINDOWS\system32\msi.dll'.
    MSI (s) (F4:80) [17:04:44:890]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB914811 3: 2
    MSI (s) (F4:80) [17:04:44:890]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB914882 3: 2
    MSI (s) (F4:80) [17:04:44:890]: PROPERTY CHANGE: Adding DRWATSON20PATH property. Its value is '**********'.
    MSI (s) (F4:80) [17:04:44:890]: Doing action: FindRelatedProducts
    Action ended 17:04:44: AppSearch. Return value 1.
    Action start 17:04:44: FindRelatedProducts.
    MSI (s) (F4:80) [17:04:44:906]: PROPERTY CHANGE: Adding NEWERFOUND property. Its value is '{DDCD95B5-7230-462F-9889-7EBBEE74123C}'.
    MSI (s) (F4:80) [17:04:44:906]: Doing action: LaunchConditions
    Action ended 17:04:44: FindRelatedProducts. Return value 1.
    Action start 17:04:44: LaunchConditions.
    MSI (s) (F4:80) [17:04:44:906]: Product: Microsoft Forefront Client Security Antimalware Service -- A newer version of the product is already installed on this system.

    Action ended 17:04:44: LaunchConditions. Return value 3.
    Action ended 17:04:44: INSTALL. Return value 3.
    MSI (s) (F4:80) [17:04:44:906]: Note: 1: 1708
    MSI (s) (F4:80) [17:04:44:906]: Product: Microsoft Forefront Client Security Antimalware Service -- Installation failed.

    MSI (s) (F4:80) [17:04:44:906]: Cleaning up uninstalled install packages, if any exist
    MSI (s) (F4:80) [17:04:44:906]: MainEngineThread is returning 1603
    === Logging stopped: 14/10/2010  17:04:44 ===
    MSI (c) (70:74) [17:04:45:015]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
    MSI (c) (70:74) [17:04:45:015]: MainEngineThread is returning 1603
    === Verbose logging stopped: 14/10/2010  17:04:45 ===

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Can you help me.

    Best Regards

    Markio Beletatti


    Beletatti
    Thursday, October 14, 2010 8:25 PM