antimalware updates

I seem to have a problem with anti malware definition updates on Exchange 2013.

As far as I can see, starting 15-1 not one (1) anti malware engine update succeeded.

get-malwarefilteringserver |list results:

RunspaceId                   : e48a8fb6-0117-43e4-9ed3-4d1659c1321e
ForceRescan                  : False
BypassFiltering              : False
PrimaryUpdatePath            : http://forefrontdl.microsoft.com/server/scanengineupdate
SecondaryUpdatePath          :
DeferWaitTime                : 5
DeferAttempts                : 3
UpdateFrequency              : 60
UpdateTimeout                : 150
ScanTimeout                  : 300
ScanErrorAction              : Block
MinimumSuccessfulEngineScans : 1
IsValid                      : True
ExchangeVersion              : 0.1 (8.0.535.0)
Guid                         : a81e67cd-6059-47bd-bf11-f5529cd27c99
WhenChanged                  : 21-1-2013 23:10:41
WhenCreated                  : 15-1-2013 01:29:17
WhenChangedUTC               : 21-1-2013 22:10:41
WhenCreatedUTC               : 15-1-2013 00:29:17
OrganizationId               :
ObjectState                  : Unchanged

identity information removed from above.

The hourly updates and any forced updates from shell, all lead to eventid

MS Filtering Engine Update process was unsuccessful in contacting the Primary Update Path. Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate

I can hit the URL from the server but get an access denied.

  • Edited by sjaak327 Tuesday, January 22, 2013 9:14 PM
January 23rd, 2013 12:10am

Hi Frank,

I've got the same Problem, it never worked. Here is the full error message:

Log Name:      Application
Source:        Microsoft-Filtering-FIPFS
Date:          1/24/2013 4:01:26 PM
Event ID:      6029
Task Category: None
Level:         Error
Keywords:     
User:          NETWORK SERVICE
Computer:     xxxxxxx
Description:
MS Filtering Engine Update process was unsuccessful in contacting a Custom Update Path. Update Path: http//forefrontdl.microsoft.com/server/scanengineupdate
Event Xml:
<Event xmlns=http://schemas.microsoft.com/win/2004/08/events/event>
  <System>
    <Provider Name="Microsoft-Filtering-FIPFS" Guid="{1BE3A000-EA09-4AB8-B0A0-30BBB6793D80}" />
    <EventID>6029</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-24T15:01:26.840624300Z" />
    <EventRecordID>440991</EventRecordID>
    <Correlation />
    <Execution ProcessID="2032" ThreadID="8036" />
    <Channel>Application</Channel>
    <Computer>xxxxxxxxxx</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>
  </EventData>
</Event>


  • Edited by discholz Thursday, January 24, 2013 3:38 PM
Free Windows Admin Tool Kit Click here and download it now
January 24th, 2013 6:16pm

It never worked on my side either. the event log is the same on my side. I
actually tried the command to update it manually before with the exact same
result and again the same event ID.

However...

I did try to manually setup the anti malware subsystem (which supposedly
should be done during setup, as I have not choosen to disable anti malware
during setup).

 

I ran \scripts\Enable-AntimalwareScanning.ps1, it ran for ages at the
"updating stage", I left it running and disconnected the RDP session, anyway the
next day it actually managed to update the definition files, and since running
this command the procedure seems to be working 100% correct, it has gotten a few
updates or it sends an event that no update was needed.

Edit: I have two live id's, I am the same person that started the thread :)
  • Edited by Jvangent100 Thursday, January 24, 2013 9:39 PM
January 25th, 2013 12:38am

Good morning ,

I just started Enable-AntimalewareScanning, it loops in updating stage with "Checking for engine updates after 1/18/2013 9:15 AM. Updating Microsoft. Last updated : 1/1/1900 1:00:00 AM."

Hopefully this works for me as well ...

Update: After a few minutes the script came back with error:

Update-AntimalwareEngines : Engines could not be updated. Please investigate.

At ... Scripts\Enable-AntimalewareScanning.ps1:113 char:1

.. CategoryInfo : NotSpedified: (:) [Write-Error], WriteErrorException
FullyQualifiedErrorId: Microsoft.PowerShell.Commands.WriteErrorException, Update-AntimalwareEngines

Any other ideas?

  • Edited by discholz Friday, January 25, 2013 9:28 AM
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2013 11:45am

Hi Chris, I installed CU1 and that did the trick. However the malware scanner seems not very good imho. It does stop some malware, but I've also seen it let through easy to spot PDF malware only to have it flagged by the client AV. Regards, Ola
  • Proposed as answer by Ola P Thursday, May 09, 2013 2:05 PM
May 9th, 2013 5:05pm

How do we apply CU1 to a server installed AS CU1 in the first place?
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2013 4:13pm

Could you please explain about where to put the files exactly. There is a subfolder in C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft\bin where these files are stored. And there is only a manifest.cab in C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft\bin. Should one replace the manifest.cab with the one from step 2 and should the files from step 4 be put in a subfolder? With the name of the engine number?
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2014 5:29pm

I just copied the downloaded Manifest.cab on top of the existing manifest.cab (after i backed it up) and let it overwrite it.  It worked after this step.  All updates are now working.
July 2nd, 2014 11:25pm

Dear
Is it possible to configure one exchange server to get his download from the default internet URL and all other exchange servers to get their updates from this server?
Thanks for the feedback.
Regards.
Peter

Free Windows Admin Tool Kit Click here and download it now
July 25th, 2014 5:12pm

I found how to configure this, however, how do I set the share on the distribution server? What Directory shall I share?

This is how I configured the distribution server:

Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell

Enable-TransportAgent-Identity:"Malware Agent"

Set-AntivirusScanSettings-Enabled$true

Set-ConfigurationValue-XPath"/fs-conf:Configuration/fs-sys:System/fs-sys:AntiMalwareSettings/fs-sys:Enabled"-Value"true"

set-EngineUpdateCommonSettings-RedistributionServer$true-EnableUpdates$true

Start-EngineUpdate


July 25th, 2014 6:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics