Microsoft Forefront codename Stirling Release Notes

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

This document contains critical information that is required to successfully install and use Microsoft® Forefront™ codename Stirling. It is important that you review the information contained in this document before you install Stirling.

This prerelease version of Stirling is beta software.  Stirling Beta 2 is supported only in a lab environment. Installing server components and client components of Stirling Beta 2 in a production environment is not supported.

Before installing Stirling

Before you install Stirling or any of the software prerequisites, it is highly recommended that you read the Stirling Deployment guide, including Verifying your system requirements. The deployment guide steps through the hardware and operating system requirements, installation of the software prerequisites, and installation and deployment of Stirling.

ASM is not supported

Using Authorized Software Management (ASM) in Stirling is not supported. When you create a new policy in Stirling, you must turn off the ASM policy unit. Failure to do so causes all client computers that receive the policy to run ASM software inventory and submit the inventory results to the Stirling server, which can adversely affect the performance of the server. Ensure that you disable ASM in new Stirling policies.

NIS is not supported

Using Network Inspection System (NIS) in Stirling is not supported. Ensure you do not enable NIS in Stirling policies.

Known issues with installing and deploying Stirling

Please review these known issues before installing and deploying Stirling.

Assets might not be discovered

On rare occasions, you may find that a small percentage of assets that should be discovered by Stirling discovery are not actually discovered.

To resolve this issue

  • Wait for a change in the affected assets, which causes an incremental synchronization in order to detect the change and updates the Stirling database with the asset information.

Stirling policy might not deploy correctly

In some cases, Stirling policy might not deploy correctly to a client computer.

To resolve this issue

  1. Restart Microsoft Forefront Client Security on the client computer, and then wait a few minutes.

  2. If the Stirling policy is deployed, the issue is resolved.

    If the Stirling policy is not deployed, restart the client computer.

For information on determining whether a policy is applied to a computer, see Viewing resultant policy settings.

Client computers may be incorrectly quarantined

When a client computer first receives a Stirling policy with Network Access Protection (NAP) enabled, it is possible that the client computer will be marked as noncompliant and placed in quarantine, even though the computer is compliant. There are three ways to resolve this issue.

To resolve this issue

  • Do one of the following:

    • Wait for Stirling to scan the client computer, which should take place within one hour.
    • Using a task, run a full security state assessment (SSA) scan on the client computer. For more information, see Managing manual tasks.
    • Using the Windows PowerShell™ snap-in, create a session to the Stirling server and use the Send-FSysTask cmdlet to launch a task of type FSys.SSA.FullScan. For more information about using the Stirling cmdlets, see Stirling and Windows PowerShell and the Stirling Technical Reference.

    In all cases, the scan will provide an updated status on the client computer and move compliant computers out of quarantine.

Microsoft Forefront Client Security icon may not immediately appear in the notification area

When the Client Security component of Stirling is deployed to a client computer through Windows Server® Update Services, the Client Security icon may not immediately appear in the notification area on the client computer.

To resolve this issue

  • On the client computer, click Start, click All Programs, click Microsoft Forefront, and then click Microsoft Forefront Client Security.

Known issues when working with Stirling

Please review these known issues before working with Stirling.

Client computers may incorrectly report firewall as disabled

In some cases, Microsoft Forefront Client Security will report that the firewall on a client computer running the Windows® XP operating system is disabled when it is actually enabled.

To resolve this issue

  1. On the client computer, in Client Security, click Configure Windows Firewall.

  2. On the Windows Firewall dialog box, on the General tab, click Off (not recommended), and then click OK.

  3. Click Configure Windows Firewall again, then click On (recommended), and then click OK.

A computer may restart if malware is accessed on a network or mapped drive

Deploying Client Security to a computer running Windows XP Service Pack 2 can cause the computer to crash if malware is accessed on a network or mapped drive.

To resolve this issue

  • Install Windows XP Service Pack 3.

On a German version of Stirling, Antimalware real time protection control does not display data

On a German version of the Stirling, the Antimalware real time protection coverage - Last 24 Hours control does not display data.

To retrieve this data

  • Using the Windows PowerShell snap-in, create a session to the Stirling server, and then type the following cmdlet to retrieve the protection status data:

    Get-FSysDataSet -Id FSys.AM.ProtectionStatus.1.0 -StartIndex 1 -Count 1 | format-table

For more information about using the Stirling cmdlets, see the Stirling and Windows PowerShell reference and the Stirling TechnicalReference_CHM.

Settings in the Antimalware for NAP section may not be editable

When editing the Default Client Protection policy, you might not be able to change the following settings in the Antimalware Malware for NAP section: Antimalware updates are not older than and An antimalware scan has occurred within. You can make changes to these settings, but those changes will not be saved and will not be applied. If you want to change these settings for a group of assets, you must create a new policy, update the settings, and apply that policy to the appropriate group.

Malware Protection Coverage control does not show protected computers

In Antimalware Details, the Malware Protection Coverage control does not show a distribution of the protected computers. Instead, it shows the number of infected computers.

Stirling server may be unresponsive

When the Stirling server and the computer running the DAC server role are started, they require a connection to a database. If the database connection is not working and the database is remote, the server may be unresponsive for several minutes. For example, users will not be able use Remote Desktop to connect to the server. After several minutes, the network connection should resume working.

When the connection resumes, you must restart the Security Assessment Sharing (SAS) agent.

To restart the SAS agent

  1. Click Start, click Run, type services.msc, and then click OK.

  2. In the Services window, right-click Microsoft Forefront codename Stirling SAS Agent, and then click Start.

During policy editing, listed items may not be saved correctly

When creating or editing a policy, if you add, edit, or remove items from a list without saving after each action, the settings may not be saved correctly.

To prevent this issue

  • After each addition, change, or removal of an item in a list, click Save to save the policy.


For information about the types of information collected or used by Stirling, see the Microsoft Forefront codename Stirling Beta Privacy Statement (

Additional resources

To review release notes for other Forefront products, see the following: