Forefront removed after update RRS feed

  • Question

  • We have Forefront deployed by Group Policy, last week a Windows Update removed our Microsoft Forefront Security anti-virus without any obvious warning. Many PCs were left unprotected for a day until we noticed. In my Windows Event Log there was a message which reads …


    Log Name:      Application

    Source:        SecurityCenter

    Date:          09/03/2011 16:08:55

    Event ID:      11

    Task Category: None

    Level:         Information

    Keywords:      Classic

    User:          N/A

    Computer:      garry7.DomainSystems.local


    Program C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe with instanceID={043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} was removed from the Security Center reporting database because the program was either uninstalled, changed, or could not be verified.

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">


        <Provider Name="SecurityCenter" />

        <EventID Qualifiers="16384">11</EventID>




        <TimeCreated SystemTime="2011-03-09T16:08:55.000000000Z" />




        <Security />



        <Data>C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe</Data>





    FCS is running on Windows Server 2003, the affected clients are Windows 7

    I have reinstalled the original on those affected PCs, but am worried that the same will happen the next update.


    Monday, March 14, 2011 8:13 PM