Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 6. Adding the Endpoint Protection role, configure Alerts and custom Antimalware Policies.

Recommended Posts

For instance if I set up an ADR for SCEP Definitions, and I set the evaluation to run at 12am, then set the Software Available time at 4 hours, does that effectively give me a 4 hour window in which all of my selected DP's will download the Deployment Package at randomly set intervals?

 

yup that's about right, see my words on the subject from above

 

For software available select 2 hours to allow sufficient time for the Deployment to reach all Distribution Points and select As soon as possible for the installation Deadline.

 

Note: Software update deadlines are randomized over a 2-hour period to prevent all clients from requesting an update at the same time.

Share this post


Link to post
Share on other sites

Thanks for sharing your knowledge!

 

I understand in step 6 you advised to create an Automatic Deployment Rule for each collection we want to target but do you have any advice on simplifying this process to apply to the default “All Systems” or a collection containing “All Active Devices”? Also, will this cause any known issues?

 

-ian

Share this post


Link to post
Share on other sites

it's best practise to target the ADRs and antimalware policies and custom client settings to specific collections that are created to target the correct machines,

 

if you target the All Systems collection with these ADRs, custom client settings and custom antimalware policies then you are targeting everything and then you'll realise that making custom antimalware polcies (for servers for instance) just won't work in your scenario.

Share this post


Link to post
Share on other sites

Dear All,

I followed this great article to deply Endpoint Protection in my environment. Now my management have decided to remove it. But it is again automatically being installed on all of the computers.

How to get it done now. I want to permanently stop this auto installation.

Please Help

Thanks & Regards

Share this post


Link to post
Share on other sites

check your custom client settings that's what is most likely 'installing' the SCEP client,

if you followed my guide, if you didn't follow it totally then you may have edited the default client settings which would apply to ALL computers in your hierarchy

Share this post


Link to post
Share on other sites

you really need to provide more information and logs to explain what your problem is, are you saying that SCEP is installing on your computers ? have you reviewed all your custom and default client settings yet ? are you sure it's SCEP and not something else ?

 

how about including a screenshot ?

Share this post


Link to post
Share on other sites

I already tried to include screen shots but that didnt work here on this page - I am adding the logs for you to review and advice the solution.

 

<![LOG[sending EvaluateAssignments Trigger to Updates Deployment Agent]LOG]!><time="14:43:15.031-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="1300" file="epagentutil.cpp:553">

<![LOG[Register a timer here to check whether definition get updated in 30 minutes.]LOG]!><time="14:43:20.546-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="1300" file="epagentimpl.cpp:1006">

<![LOG[Firewall provider is installed.]LOG]!><time="14:43:23.158-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="1300" file="epagentutil.cpp:774">

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="14:43:23.158-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="1300" file="epagentutil.cpp:795">

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 2.2.903.0.]LOG]!><time="14:43:23.168-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="7876" file="epagentutil.cpp:499">

<![LOG[EP version 2.2.903.0 is already installed.]LOG]!><time="14:43:23.168-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="7876" file="epagentutil.cpp:200">

<![LOG[Expected Version 2.2.903.0 is exactly same with installed version 2.2.903.0.]LOG]!><time="14:43:23.168-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="7876" file="epagentutil.cpp:218">

<![LOG[AM Policy XML is ready.]LOG]!><time="14:43:23.169-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="7876" file="epagentutil.cpp:314">

<![LOG[Renew the wmi notification hookup as new EP installation is deteced.]LOG]!><time="14:43:24.335-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="7876" file="epagentimpl.cpp:921">

<![LOG[EP Policy Default Client Antimalware Policy is already applied.]LOG]!><time="14:43:24.338-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="7876" file="epagentutil.cpp:520">

<![LOG[Endpoint is triggered by Timer.]LOG]!><time="15:13:20.384-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="4820" file="fepsettingendpoint.cpp:263">

<![LOG[Definition is not installed or it's too old. Need to explicitly trigger SCEP client to download latest definition.]LOG]!><time="15:13:20.405-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="4820" file="epagentimpl.cpp:1029">

<![LOG[Create Process Command line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -SignatureUpdate.]LOG]!><time="15:13:20.405-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="4820" file="epagentutil.cpp:602">

<![LOG[Trigger the application C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe starting successfully.]LOG]!><time="15:13:20.622-300" date="12-07-2012" component="EndpointProtectionAgent" context="" type="1" thread="4820" file="epagentimpl.cpp:592">

<![LOG[service startup notification received]LOG]!><time="09:20:24.032-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="fepsettingendpoint.cpp:234">

<![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="09:20:24.767-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="fepsettingendpoint.cpp:208">

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 2.2.903.0.]LOG]!><time="09:20:25.264-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="epagentutil.cpp:499">

<![LOG[unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed.]LOG]!><time="09:20:25.264-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="epagentutil.cpp:149">

<![LOG[start to send state message.]LOG]!><time="09:20:25.265-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="epagentimpl.cpp:159">

<![LOG[send State Message with topic type = 2001, state id = 2, and error code = 0x00000000]LOG]!><time="09:20:25.287-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="epagentimpl.cpp:166">

<![LOG[save new state 2 to registry SOFTWARE\Microsoft\CCM\EPAgent\State]LOG]!><time="09:20:25.287-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="epagentimpl.cpp:190">

<![LOG[AM Policy XML is ready.]LOG]!><time="09:20:25.343-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6120" file="epagentutil.cpp:314">

<![LOG[Endpoint is triggered by message.]LOG]!><time="10:47:30.059-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="fepsettingendpoint.cpp:55">

<![LOG[Endpoint is triggered by message.]LOG]!><time="10:47:30.059-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="fepsettingendpoint.cpp:55">

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 2.2.903.0.]LOG]!><time="10:47:30.264-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:499">

<![LOG[unable to query registry key (SOFTWARE\Microsoft\Microsoft Security Client), return (0x80070002) means EP client is NOT installed.]LOG]!><time="10:47:30.264-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:149">

<![LOG[AM Policy XML is ready.]LOG]!><time="10:47:30.264-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:314">

<![LOG[Handle AM Policy.]LOG]!><time="10:47:30.264-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:844">

<![LOG[Disable Startup Signature Update equals to true.]LOG]!><time="10:47:30.396-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:347">

<![LOG[Add the Disable Startup Signature Update settings to policy xml successfully.]LOG]!><time="10:47:30.426-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:356">

<![LOG[Create Process Command line: "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /NoSigsUpdateAtInitialExp /policy "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="10:47:30.426-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:602">

<![LOG[Detail error message is : [EppSetupResult]

HRESULT=0x00000000

Description=The operation completed successfully.

]LOG]!><time="10:49:15.969-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:406">

<![LOG[installed EP client successfully.]LOG]!><time="10:49:15.969-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:418">

<![LOG[start to send state message.]LOG]!><time="10:49:15.970-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:159">

<![LOG[send State Message with topic type = 2001, state id = 3, and error code = 0x00000000]LOG]!><time="10:49:18.825-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:166">

<![LOG[save new state 3 to registry SOFTWARE\Microsoft\CCM\EPAgent\State]LOG]!><time="10:49:18.826-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:190">

<![LOG[EP Policy Default Client Antimalware Policy is already applied.]LOG]!><time="10:49:19.025-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:520">

<![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Default Client Antimalware Policy is NOT changed, SKip sending State Message.]LOG]!><time="10:49:19.106-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:237">

<![LOG[sending EvaluateAssignments Trigger to Updates Deployment Agent]LOG]!><time="10:49:19.152-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:553">

<![LOG[Register a timer here to check whether definition get updated in 30 minutes.]LOG]!><time="10:49:20.806-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentimpl.cpp:1006">

<![LOG[Firewall provider is installed.]LOG]!><time="10:49:21.032-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:774">

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="10:49:21.033-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="4132" file="epagentutil.cpp:795">

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 2.2.903.0.]LOG]!><time="10:49:21.038-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:499">

<![LOG[EP version 2.2.903.0 is already installed.]LOG]!><time="10:49:21.038-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:200">

<![LOG[Expected Version 2.2.903.0 is exactly same with installed version 2.2.903.0.]LOG]!><time="10:49:21.038-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:218">

<![LOG[AM Policy XML is ready.]LOG]!><time="10:49:21.038-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:314">

<![LOG[Handle EP Deployment Policy.]LOG]!><time="10:49:21.038-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentimpl.cpp:780">

<![LOG[EP Policy Default Client Antimalware Policy is already applied.]LOG]!><time="10:49:21.069-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:520">

<![LOG[EP Client is already installed, will NOT trigger reinstall for now.]LOG]!><time="10:49:21.069-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentimpl.cpp:823">

<![LOG[Firewall provider is installed.]LOG]!><time="10:49:21.071-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:774">

<![LOG[installed firewall provider meet the requirements.]LOG]!><time="10:49:21.071-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="1204" file="epagentutil.cpp:795">

<![LOG[Endpoint is triggered by WMI notification.]LOG]!><time="10:49:49.288-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="fepsettingendpoint.cpp:125">

<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 2.2.903.0.]LOG]!><time="10:49:49.292-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="epagentutil.cpp:499">

<![LOG[EP version 2.2.903.0 is already installed.]LOG]!><time="10:49:49.293-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="epagentutil.cpp:200">

<![LOG[Expected Version 2.2.903.0 is exactly same with installed version 2.2.903.0.]LOG]!><time="10:49:49.293-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="epagentutil.cpp:218">

<![LOG[AM Policy XML is ready.]LOG]!><time="10:49:49.293-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="epagentutil.cpp:314">

<![LOG[Renew the wmi notification hookup as new EP installation is deteced.]LOG]!><time="10:49:49.388-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="epagentimpl.cpp:921">

<![LOG[EP Policy Default Client Antimalware Policy is already applied.]LOG]!><time="10:49:49.391-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="6420" file="epagentutil.cpp:520">

<![LOG[Endpoint is triggered by Timer.]LOG]!><time="11:19:20.866-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="7532" file="fepsettingendpoint.cpp:263">

<![LOG[Definition is not installed or it's too old. Need to explicitly trigger SCEP client to download latest definition.]LOG]!><time="11:19:20.896-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="7532" file="epagentimpl.cpp:1029">

<![LOG[Create Process Command line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -SignatureUpdate.]LOG]!><time="11:19:20.896-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="7532" file="epagentutil.cpp:602">

<![LOG[Trigger the application C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe starting successfully.]LOG]!><time="11:19:21.274-300" date="12-10-2012" component="EndpointProtectionAgent" context="" type="1" thread="7532" file="epagentimpl.cpp:592">

Share this post


Link to post
Share on other sites

can you answer this >

 

you really need to provide more information and logs to explain what your problem is, are you saying that SCEP is installing on your computers ? have you reviewed all your custom and default client settings yet ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.