locked
FCS flagging its own Process RRS feed

  • Question

  • Hello-

     

    I received this alert in the Event Log.

    Basically, FCS is flagging its own Scheduled Task as "Unclassified Software":

    Forefront Client Security:

     

    Microsoft Forefront Client Security Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Microsoft Forefront Client Security can't undo changes that you allow.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?linkid=74409
    Scan ID: {370609DF-7A5D-448B-AF3D-68E58F9FD610}
    Agent: Application Registration
    User: XXX\YYY
    Name: Unknown
    ID:
    Severity: Not Yet Classified
    Category: Not Yet Classified
    Path Found: file:C:\WINDOWS\tasks\MP Scheduled Scan.job;file:C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe;taskscheduler:C:\WINDOWS\tasks\MP Scheduled Scan.job
    Alert Type: Unclassified software
    Process Name:
    Detection Type:
    Status:

     

    This has happened a few times already.  

    Anyone know why FCS would flag itself?  or is there a way to get rid of this alert?

     

    Thanks

     

    Andrew

     


    • Edited by Andrewm1972 Tuesday, December 20, 2011 1:38 PM
    Monday, December 19, 2011 3:12 PM

Answers

  • Hi Andrew,
     
    Well, just one client is affected. It's ok to uninstall\reinstall FCS.

    Regards,


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Monday, December 26, 2011 3:04 AM
    Wednesday, December 21, 2011 4:53 AM

All replies

  • Hi Andrew,
     
    Thank you for your post.

    I'd like to collect more information about your issue:
    1.Update to the latest definition and post FCS/definition version to us
    2.The issue occurred on all FCS clients or just several client, which OS version?
    3.Try to manual run the schedule scan task, check the task log if exist any errors
    4.Check the FCS/DB server if disk space full or exist any event log errors

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,


    Rick Tan

    TechNet Community Support

    Tuesday, December 20, 2011 2:05 AM
  •  

    Thanks.

     

    1. Client is updated properly:
     

    Virus Definitions Version
    1.117.1378.0 (Virus Definitions built on 12/19/2011 10:29:04 AM)
    Spyware Definitions Version
    1.117.1378.0 (Spyware Definitions built on 12/19/2011 10:29:05 AM)
    Antimalware Engine Version
    1.1.7903.0
    SSA Engine Version
    1.0.1703.0
    SSA Definitions Version
    1.0.1710.103
    Antimalware Service Version
    1.5.1937.0
    SSA Service Version
    1.0.1703.0

     

    2. So far, just this client

    3. No errors in the Schedlgu.txt file.

    4. FCS-Db has plenty of disk space.  No errors in the Event Log.

     

    My last resort would be to uninstall\reinstall FCS.  I'm just not sure if that'll resolve the issue.



    • Edited by Andrewm1972 Tuesday, December 20, 2011 2:10 PM
    Tuesday, December 20, 2011 1:45 PM
  • Hi Andrew,
     
    Well, just one client is affected. It's ok to uninstall\reinstall FCS.

    Regards,


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Monday, December 26, 2011 3:04 AM
    Wednesday, December 21, 2011 4:53 AM