Jump to content

Search the Community

Showing results for tags 'Endpoint'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL



Found 13 results

  1. Where can I find the report/log for the results of a system initiated Full Scan of the client. Is it stored on the client...where? Or can I bring up a report with the scan from System Center? I'm currently using SCCM 2012.
  2. dear all, we wanted to test scep instead of mcafee on our clients. Everything looks good but in sc configuration manager the system status of the endpoint protection role status button is critical red. When we look into the log files it states ______________________________________________ Key "SOFTWARE\Microsoft\Microsoft Antimalware" not found, trying key "SOFTWARE\Microsoft\Windows Defender" $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> RegOpenKeyEx failed with 0X80070002 $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> GetAMInstallLocation failed with 0X80070002 $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Failed to load common client library (0x80070002) $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Failed to initialize AMMetadataUpdater (0x80070002) $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.550-120><thread=11964 (0x2EBC)> Checking threat definitions in 900 seconds... $$<SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER><06-28-2018 08:05:34.597-120><thread=11964 (0x2EBC)> ____________________________________________ i think the system wants to install scep on the server also. The problem is that the sccm servers are managed by another team and they insist on keeping mcafee on the server. Is there any option to bypass this install so the status of the endpoint protection point in site status becomes green without having to install scep on the server thank you all
  3. I'm having an issue resolving endpoint protection - some people update, but the majority do not update. we have to update manually. On several of the machine, we are getting Failed to send request to <host>, error 0x2ee7, which i have looked up and shows the DNS could be set incorrectly, which it is not. Any suggestion on what to look for? i've looked it all logs. Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7 FSPStateMessage 4/5/2015 1:53:36 AM 4844 (0x12EC) [CCMHTTP] ERROR: URL=HTTP://SCCM01.XXX.YYYYY/SMS_FSP/.sms_fsp, Port=80, Options=224, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED FSPStateMessage 4/5/2015 1:53:36 AM 4844 (0x12EC)
  4. Hi, I recently noticed that in my infrastructure, the End Time for the SCEP Last Scan is not showing anywhere (either in a device collection or in a report..). The Endpoint Protection Last Scan Start Time is showing correctly, for both the Quick and Full scans, but the The Endpoint Protection Last Scan End Time, only for about 2% of devices (and those are 1 year old..). Any ideeas ? In device collection : In reports: Thank you. Regards, Andrei
  5. Hi guys, I wondered if someone here can provide clarity regarding update sources for the SCEP client as I've hit a brick wall this side of the wire! We have implemented the EPP role, configured AMW policies and deployed, setup ADR and tested and up until recently had no issues with SCEP or AMW update functionality. The SCEP clients are now failing to update their definitions. The updates sources, and order, are: 1. SCCM 2. Microsoft Update Clients fail to update and provide the following error: CODE: 0x8024402c MESSAGE: System Center Endpoint Protection couldn't install the definition updates because the proxy server or target server names can't be resolved. Having removed Microsoft Update from the Update Sources (as I believe there's no route to it), clients update their policies and now receive their updated definitions. When I examine the MPxxxxxx.log in ProgramData\Microsoft\Microsoft Antimalware\Support, it shows that the definitions were updated via MMPC. This causes a quandary because it isn't in the sources list. I think my question is relatively straight forward... Are the definitions being updated from SCCM but incorrectly reported as MMPC or is there a default position within SCEP 2012 whereby it checks the MMPC regardless of what the configuration is set at? Thanks, Ian.
  6. I am working on helpdesk remediation strategies for virus notifications. I have setup alerts and find that most viruses get cleaned so the machine does not show up in the at risk collection. I want to setup a collection where a machine is infected so my helpdesk can deploy a cleaning package if the machine cannot be replaced right away. I have setup a device collection with the following criteria however I wanted to make sure this is correct. Usint he GUI it is set to Criteria Antimalware Infection Status.ComputerStatus is equal to 2 sql view looks like this select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_AntimalwareInfectionStatus on SMS_G_System_AntimalwareInfectionStatus.ResourceId = SMS_R_System.ResourceId where SMS_G_System_AntimalwareInfectionStatus.ComputerStatus = 2 Jus want to confirm if this looks correct. Running the query shows 1 machine I know to be cleaned but recently infected, however it does not list a second machine listed in the infected computers report, however the report is looking at a week long data.
  7. Hi, I've been using SCCM 2012 R2 for some time know, but there are still some mysteries to me. I have been asked to start deploying software updates through it rather than WSUS or Windows Updates itself. Before i came along, people got their updates the old fashion way-Windows Updates. So after the grueling task of figuring that out, i've got it working-ish! My main concern with this method (and also Endpoint) is that the majority of our users are NOT on the domain/network at all times. We do have several hub offices whose machines are on the network, but our line of work is mostly remote. Meaning these users are on home, hotel or data card wifi--not the network. They also rarely get on VPN. So my question is: are these people going to receive updates or endpoint definitions while being "offline?" I have a bunch of machines listed as inactive in Devices since they are never on our network. Is there a call home feature I'm unaware about with the sccm client? Keep in mind, when the machines are sent out, they are all sent out the same and with the client installed and working properly. Is this a bad setup in our environment? Any help or advice would be greatly appreciated!
  8. We pushed Endpoint out to our campus clients within the last month and all has been good. The SCEP client is being pushed through Client Settings. We recently re-imaged a couple machines using OS deployment and would expect that SCCM would see them as a not having the SCEP client and go ahead and install it again. However, we are getting the following messages in the EnpointProtectionAgent.log file and they repeat every 25 minutes or so: Service startup notification received EndpointProtectionAgent 7/28/2014 1:25:33 PM 2572 (0x0A0C) Endpoint is triggered by CCMTask Execute. EndpointProtectionAgent 7/28/2014 1:25:33 PM 2456 (0x0998) Deployment WMI is NOT ready. EndpointProtectionAgent 7/28/2014 1:25:33 PM 2456 (0x0998) From what I can gather SCCM still thinks the SCEP client is managed since it shows managed in the ConifgMan console, so this is causing it not to push the client again. Something is cached somewhere and is not letting the install to proceed. Any thoughts?
  9. I've been noticing an odd occurrence on my system lately. I have an ADR setup to deploy Forefront Updates, set to install outside of MW and not prompt the user for anything. All has been well. For whatever reason, we now have a version mismatch between the clients and SCCM. The ADR still seems to be pushing updates, even though they don't install, but is also notifying users of updates constantly. I checked my endpoint log, and see this: EP is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Check and enforce EP Deployment state. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Sending message to external event agent to test and enable notification EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) EP Policy Antimalware Policy is already applied. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Firewall provider is installed. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Installed firewall provider meet the requirements. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Skip sending state message due to same state message already exists. EndpointProtectionAgent 6/27/2013 7:23:00 AM 7816 (0x1E88) Endpoint is triggered by message. EndpointProtectionAgent 6/27/2013 10:39:00 AM 6356 (0x18D4) File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0. EndpointProtectionAgent 6/27/2013 10:39:00 AM 6356 (0x18D4) If I install the EP client off of my distribution point, the version is correct. One of the windows updates pushed out by SCCM is a newer version of the EP client, as I see it in the installed updates. Since it pushed this new version out, I get constant mismatches. There are now constant notifications that updates are available on user machines, and they're always for Forefront, even though my ADR says to hide all notifications. How should I go about correcting this? I haven't had much luck finding others with the issue yet, and most places I've posted at looking for some insight yield no responses.
  10. Is this behavior normal to see FEP Updates clients required for update = 0, other updates show Required machines but ForeFront does not show this. Update Settings:
  11. I am trying to find a way to add a known executable to endpoint, as a threat. For example... app.exe... is it possible to add that name, path, etc to a list of unwanted programs to SCEP? I can see how to do threat overrides, however I was hoping to do the opposite against a list of executable names, paths, hashes, or whatever is available.
  12. I want to deploy Endpoint Protection onto my Servers (Exchange, SQL, DC, Sharepoint, etc...) and was looking at what it takes to add the exclusions manually into the software. http://technet.micro...y/bb332342.aspx Does SCCM 2012 have any templates that I can implement for a servers type?
  13. Ran across this today, see attached. Any ideas? How can you manually install the Endpoint Protection Client if needed? The reason I ask is during mass imaging (we have over 5000 to image) how long should it take to get the Endpoint client on it? Some have been getting it fairly fast and now it seems it's taking 20 min or so.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.