Archive for the 'Forefront Client Security' Category

Uninstalling Forefront from Server Core

The best way to uninstall any program from Server Core, is to go into the registry to HKLM\software\Microsoft\Windows\CurrentVersion\Uninstall .  In there, you will see GUID for the various programs that are installed.  If you select the GUID and look at the right had side you will see some good information:

 

image

One of the REG_EXPAND_SZ values on the right is the UninstallString.  If you copy that value and paste it into the command line, it will politely ask:  Are you sure you want to uninstall this product?  If you are sure you want to uninstall it, go ahead and hit Ok.

If you want to get rid of both pieces of Forefront ( the Security State Assessment Service, and the Client Security Antimalware Service) you will need to find both registry keys and run both uninstalls.  There is a catch though…  the Client Security Antimalware Service has a value that looks like this: MsiExec.exe /I{436028CD-6476-4224-9274-8F0320F30FD1}.  To get it to uninstall, you need to change the /I to /X like this MsiExec.exe /X{436028CD-6476-4224-9274-8F0320F30FD1}.

Error installing update for Microsoft Forefront

I have a server that is Server 2008 x64.  It has the client for Microsoft Forefront Client Security installed.  It has been showing that it needed to update the client, but every time I told it to run, it would fail.

I found this in the Application log:

Application ‘C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe’ (pid 3304) cannot be restarted – Application SID does not match Conductor SID..

 

And this in the update history:

Update for Microsoft Forefront Client Security (KB956280)
Installation date: ‎3/‎25/‎2009 2:23 PM
Installation status: Failed
Error details: Code 643
Update type: Important
This patch  updates the Microsoft Forefront Client Security Anti-Malware Agent.

 

I started to do a little bit of searching on the “Application SID does not match Conductor SID..” and saw that it comes from the restart manager.  With that nugget of info, I went and stopped all the Forefront services, and ran the update again:

Update for Microsoft Forefront Client Security (KB956280)
Installation date: ‎3/‎25/‎2009 2:33 PM
Installation status: Successful
Update type: Important
This patch  updates the Microsoft Forefront Client Security Anti-Malware Agent.

Extend a Volume – Not enough space?

I was going to extend a volume on one of my Server 2008 Core machines, and it told me “there is not enough space to perform this action”…

There was however enough space, but for some reason Microsoft Forefront decided that I shouldn’t be allowed to extend a volume remotely.   So I disabled the services and did it anyway.