Forefront Obsolete Notifications


After upgrading your Antigen or Forefront for Exchange to the SP2, you might start seeing notifications relating to obsolete engines, even though you've disable the engines in the management tool.

The Ahnlab Virus Detection Engine scan engine is now obsolete and no longer supported. Updates are no longer available for this engine, and therefore the update check for this engine has been disabled.  Please review the scan engines chosen for your scan jobs and make another selection to ensure up-to-date protection. For more information, see http://go.microsoft.com/fwlink/?LinkId=152864

My suggestion would be to start by reading http://blogs.technet.com/fss/archive/2009/11/16/how-do-i-disable-these-engine-end-of-life-notifications-i-am-receiving-from-antigen-and-forefront.aspx

If that does fix your issue, know that a solution from Microsoft should be out in the coming weeks.  However if you need a solution today, then take a look at the EngineList registry key on your server located at HKLM/Software/Wow6432Node/Microsoft/Forefront Server Security/Exchange server.

Then use the information below to determine if that key has an old engine enabled.  If you find that an old engine is enabled, here are the steps that you can use to reset them.

   NOTE: There is a risk that other settings will be impacted (like file filter lists).  Document and/or backup the configuration so that you can restore values if needed prior to proceeding.
    1.  Stop the FSCcontroller services
    2.  Modify the EngineList key to a proper value (ex: 0x00008243)
    3.  Rename the Scanjobs.fdb and templates.fdb 
    4.  Start the services. 

New Scanjobs and templates should be recreated.  This change enables the COMMAND engine so be sure that you’ve configured the engine to pull updates.

MORE INFORMATION

These are the bit values for the obsolete engines:
  SOPHOS          (0x00000008)
  CA_VET           (0x00000020)
  AHNLAB           (0x00000080)
  SPAMCURE      (0x00001000)

These are the bit values for the current active engines:
  NORMAN          (0x00000001)
  MICROSOFT     (0x00000002)
  COMMAND       (0x00000040)
  SYBARILIST     (0x00000100)
  VBUSTER         (0x00000200)
  KASPERSKY5   (0x00008000) 

If you take the value from the EngineList key, you can determine which engines are currently enabled.
Example 1: Current value is 0x0000820b.  Engines enabled = SOPHOS, NORMAN, MICROSOFT, VBUSTER, & KASPERSKY5
Example 2: Current value is 0x00008223.  Engines enabled = CA_VET, NORMAN, MICROSOFT, VBUSTER, & KASPERSKY5
Example 3: Current value is 0x000080e2.  Engines enabled = KASPERSKY5, MICROSOFT, COMMAND, AHNLAB, & CA_VET

Example Proper Value 1: 0x00008342   Engines enabled = KASPERSKY5, VBUSTER, SYBARILIST, COMMAND, MICROSOFT
Example Proper Value 2: 0x00008243   Engines enabled = NORMAN, MICROSOFT, COMMAND, VBUSTER, & KASPERSKY5

Doug


Comments (0)

Skip to main content