Forefront keeps sending alert even though it did not find virus RRS feed

  • Question

  • We had a virus on a machine that forefront removed it then cam back again and was removed again and we closed the share that was infected. Now we keep getting the following alert "Client Security has detected that the computer has been infected several times by the following threat" when I check the client history on the machine that is throwing this error there is nothing listed. Then when I go into thr forfront logs same thing it says that there is not virus/mailware on this machine. I then clear the alert and several hours later it is back again but again everything comes back clean??? it feels mom is looking at an old log but I can't find the logs it is looking at .
    • Moved by Miles Zhang Monday, October 25, 2010 8:51 AM FCS (From:Forefront Client Security Alerting and Monitoring)
    Friday, October 22, 2010 1:35 PM


  • Hi,

    Thanks for the post.

    Please let me know the exact name of this FCS threat.

    If we disconnect this infected computer from the network, will this issue occur after clearing the alert and removing the virus?

    Here is the locations of MOM tracing and log files




    Note: After receiving a lot of feedbacks from the community, it was decided to conduct the Forefront Products and Technologies Forums consolidation to improve forum discoverability and reduce customer efforts. This forum will be locked down at the end of Oct. For continued information about Forefront Client Security Alerting and Monitoring, please post to Forefront Client Security General forum at: http://social.technet.microsoft.com/Forums/en-US/Forefrontclientgeneral/threads. On Oct 25th, forum engineers will move any new threads to the Forefront Client Security General forum.

    Please post a reply to the announcement if you have any feedback on this decision or the process. Thank you for your understanding.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Tuesday, October 26, 2010 6:50 AM
    Monday, October 25, 2010 8:50 AM