Forefront Endpoint Protection failing on manual update
So I tought posting a blog for everyone that’s frustrated like me and looking for a solution for something that might be considered logical. WHY ON EARTH IS FOREFRONT NOT UPDATING!!!!
My freshly installed Windows Server 2012 installation with Forefront Endpoint Protection (FEP) installed just wouldn’t update. Googling the error message gave me a lot of ‘you’re infected’ posts. And in the end (again) it’s just a stupid button you have to click. So first the error (screenshot and text (so ppl can actually find it ;-))) (Scroll down for Server Core instructions)
Microsoft Forefront Endpoint Protection
Virus and spyware definitions update failed
Forefront Endpoint Protection could not check for virus and spyware definition updates due to an Internet or network connectivity issue.
Error code: 0x80070490
Error description: Forefront Endpoint Protection couldn’t install the definition updates. Please try again later.
In the eventlog you will see the following nothing saying message:
Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.143.1680.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.9103.0
Error code: 0x80248014
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
The Windows Update Log will say the following:
>>– RESUMED — COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
– Updates found = 0
– WARNING: Exit code = 0x00000000, Result code = 0x80248014
— END — COMAPI: Search [ClientId = Microsoft Forefront Endpoint Protection (1F383481-F70E-4E7A-8B69-C4B4A23928E3)]
WARNING: Operation failed due to earlier error, hr=80248014
FATAL: Unable to complete asynchronous search. (hr=80248014)
And you’re thinking…… what……..?!? 😯
Well it’s just Microsoft disabling updates for all other Microsoft products except Windows by default. What you need to to solve it: Open up your windows update screen. You will see directely what your causes your error. Updates are enabled for Windows only.
Click find out more In the browser that opens check I agree and click Install
Now Windows Update will download updates for ‘other Microsoft Products’ as well. And there you have it. FEP will update like a charm
How to fix this on Windows 2008/2008R2/2012/2012R2 Server Core
Update: I’m playing around with Server Core a little at the moment. Ran into the same problem. Easy to fix, hard to find on the internet.
First run a little powershell command:
$ServiceManager = New-Object -ComObject "Microsoft.Update.ServiceManager"; $ServiceManager.ClientApplicationID = "My App"; $ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")
Next update your FEP signatures
PS C:\Program Files\Microsoft Security Client\Antimalware> .\MpCmdRun.exe signatureupdate
Signature update started . . .
Signature update finished.
It should run nicely after configuring WU through powershell