Yesterday’s definition update for Forefront Endpoint Protection and Security Essentials apparently wasn’t tested by Microsoft as the engines flagged a temp file in the update as Adware:Win32/Hotbar. I experienced this as well, but just removed after some investigation, I just let FEP remove the file and all was fine.  It was a temp file anyway and the definition was already installed and fine as is.

Before going to bed I checked, and sure enough at 9:30pm CDT, the updated definition files were installed by Windows Update.  I could see where this could be a problem for large FEP environments though.  I would think though that you can use SCCM to suppress the warnings for the user and then just deal with the reports and alerts from there.

This was posted on the Microsoft Malware Protection Center:

On Jul 21, 2011 05:35 AM UTC, an update caused a temporary file related to the next Microsoft definition update to be incorrectly detected as Adware:Win32/Hotbar. At 08:51 PM UTC, Microsoft released a new signature to address the issue. Signature versions 1.109.92.0 and higher include this fix.

I’m hearing a lot of upset customers screaming at Microsoft for this.   Really?  No sense in getting wound up over a simple mistake.  It wasn’t even a virus, but just a typo in signature file that was caught.  Things happen, people make mistakes.  Exchange volumes were not formatted twice over because of it… move on.