Jump to content


Sign in to follow this  
Hotzenwalder

[SCCM2012R2] Endpoint Protection Manual Update with Windows Update disabled?

Recommended Posts

In our environment (Windows 7 32 bit) we use System Center Endpoint Protection. The client is working and gets settings from System Center 2012 R2. Scans are working, updates are working etc. The updates come from the System Center Server.

 

There is an option in Endpoint Protection to manually update the virus and spyware definitions, but when we try this option we get an error (0x8024002e)

 

2vmhx0h.png

 

Unfortunately the message is in dutch, but 'Bijwerken' means 'Updating' and as you can see it doesn't work.

 

We've tracked the issue to Windows Update being disabled on the client. We don't want the clients to have the option to get updates from the Microsoft Update website. With Windows Update enabled clients can bypass our policies and download updates that are not approved by us, for instance Internet Explorer 11. That is why updates are managed through System Center and all access to Windows Update is disabled.

 

Does anyone have the same issue?

 

Can someone explain if it is normal for System Center that clients can bypass the settings we defined for updates? I expected that once we enabled software updates on clients through SCCM that users would not be able to bypass those settings by going to the Microsoft Update website to look for updates. Did we do something wrong in the configuration? Does SCCM need extra policy settings to manage updates? These are our update settings.

 

10rmmg5.png

 

As I said before... Endpoint Protection receives it's definitions, so that is OK, but there is a rather annoying error when trying to manually update the definitions. Any help is appreciated since Google gives no clues for this error other than enabling Windows Update. That would be ok if we could deny users access to the Windows Update site, but we have not found that option yet.

Share this post


Link to post
Share on other sites


post-10753-0-31102800-1403793846_thumb.jpg

 

Make sure that you define the correct update sources in the antimalware policies of your SCCM client. Also make sure that Windows update service "wuauserv" can conect to the internet via TCP 80/443 (Firewall rule for non domain profiles).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...