After install of KB971026 for FCS, the full Client package for FCS is re-offered from WSUS

Yesterday Microsoft released KB971026 which is an update to the FCS Antimalware engine. This update installs successfully without issues. However, after this update is applied, the initial FCS Client package called "Client Update for Microsoft Forefront Client Security (1.0.1703.0)" on the WSUS server would then be offered to the system. If the Client Update for Microsoft Forefront Client Security (1.0.1703.0) package attempted to install, it would fail as there is already a later version of the FCS Antimalware engine on the system. The Client Update for Microsoft Forefront Client Security (1.0.1703.0) package would then be continually offered and continually fail to install.

This issue has been resolved with an update to the metadata for the Client Update for Microsoft Forefront Client Security (1.0.1703.0) package. There was never an issue with KB971026, it did however expose an issue with the Client Update for Microsoft Forefront Client Security (1.0.1703.0) package.

In order to apply this fix. Please perform the following -

1. Customers will need to sync their WSUS servers to get the updated metadata.

2. The affected systems will need to have a detection cycle run on the clients in order for the package to stop continually being offered. Please note that the detection cycle will happen automatically within 24 hours or less depending on the automatic updates settings for detection frequency that are set via the policy.

If you have any questions, please feel free to post them.

Thanks,

Shain Wray

Security Technical Lead