FCS: 64-Bit Clients do not report the antimalware version in the Computer Details report in the Forefront Client Security management console

An issue has been identified in Forefront Client Security (FCS) where when viewing the computer details report from the Forefront Client Security management console, the antimalware client version on 64-bit clients is not reported accurately. This is because of an error in the way the Operations Manger 2005 Management Pack collects this information.

During Forefront Client Security installation, the antimalware package creates several registry keys and creates files in several different directories. During the antimalware installation on 64-bit computers, the following key is created under [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Microsoft Forefront\Client Security\1.0\AM]

"InstallLocation=C:\\Program Files (x86)\\Microsoft Forefront\\Client Security\\Client\\Antimalware\\"

The antimalware version is not reported because the MOM agent is 32-bit and on 64-bit computers runs under Windows on windows subsystem. Because of this the MOM agent queries the WOW6432 node of HKEY_LOCAL_MACHINE. When the MOM script queries for the installation path and gets a value of “C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Antimalware,” it then attempts to discover the file version for MsMpEng.exe, which is not located in this directory. On 64-bit computers MsMpEng.exe is located in “c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware. When this query fails, the AM version property is set to “N/A”.

If you are experiencing this issue, we suggest you open a support case with using one of the methods documented here: https://support.microsoft.com/select/Default.aspx?target=assistance

Thanks,

Chris Norman, Senior Escalation Engineer