Temporarily disable Endpoint Protection

[mhammett]

As an administrator, how can I temporarily disable Endpoint Protection on a single client? I would like to not allow users the ability, but to do it instantaneously from the server on a single client.

[Rocket Man]

How about a run command line TS or a batch file with the following:

 

net stop MsMpSvc

 

To start it back up:

 

net start MsMpSvc

 

To get it to instantaneously happen have you looked at the right click tools, there is running processes functionality with them which will allow you to stop the service immediately, I have them installed and it allows me to kill IE and other processes. Very handy tool to have!!

[GiantGuineaPig]

You can't stop the service as it's locked down. It appears to be designed to never be stopped:

 

http://blogs.technet.com/b/mspfe/archive/2013/02/19/anti-tampering-for-the-antimalware-service-in-system-center-endpoint-protection-2012-sp1.aspx

[sanja]

O.o

 

so there is no way I can temporarily disable Endpoint Protection on a single client??

[anyweb]

I'm curious why you want to temporarily disable it, can you share the reason ?

 

you could uninstall it using

scepinstall.exe /u /s

then reinstall it when needed.

[sanja]

e.g I wan't to install <snipped> which endpoint blocks

Edited June 3, 2014 by anyweb

[amelius]

How about because I'm migrating VMs via DoubleTake to a HV host and SCEP detects that as malicious goofing the migration files completely. Exceptions didn't seem to help either. I disabled the service for the duration.

[Djackson]

can use this method

 

https://social.technet.microsoft.com/Forums/forefront/en-US/f4347d13-5c9a-4395-b070-9aa53d613f68/is-there-a-way-to-restart-the-microsoft-antimalware-service?forum=FCSNext