locked
Forefront removed after update RRS feed

  • Question

  • We have Forefront deployed by Group Policy, last week a Windows Update removed our Microsoft Forefront Security anti-virus without any obvious warning. Many PCs were left unprotected for a day until we noticed. In my Windows Event Log there was a message which reads …

     

    Log Name:      Application

    Source:        SecurityCenter

    Date:          09/03/2011 16:08:55

    Event ID:      11

    Task Category: None

    Level:         Information

    Keywords:      Classic

    User:          N/A

    Computer:      garry7.DomainSystems.local

    Description:

    Program C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe with instanceID={043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB} was removed from the Security Center reporting database because the program was either uninstalled, changed, or could not be verified.

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

      <System>

        <Provider Name="SecurityCenter" />

        <EventID Qualifiers="16384">11</EventID>

        <Level>4</Level>

        <Task>0</Task>

        <Keywords>0x80000000000000</Keywords>

        <TimeCreated SystemTime="2011-03-09T16:08:55.000000000Z" />

        <EventRecordID>20872</EventRecordID>

        <Channel>Application</Channel>

        <Computer>garry7.DomainSystems.local</Computer>

        <Security />

      </System>

      <EventData>

        <Data>C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe</Data>

        <Data>{043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}</Data>

      </EventData>

    </Event>

     

    FCS is running on Windows Server 2003, the affected clients are Windows 7

    I have reinstalled the original on those affected PCs, but am worried that the same will happen the next update.

     

    Monday, March 14, 2011 8:13 PM

Answers