Jump to content


Search the Community

Showing results for tags 'SCEP'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
    • Windows 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Official Forum Supporters
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Windows Server General
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

Found 20 results

  1. I had a client that was unable to download the Endpoint Protection Policy. I browsed to the Windows\System32\GroupPolicy\Machine folder and delete the file: Registry.pol then rebooted. It seems to be fixed, but it won't report back to the SCCM server. His EnpointProtectionAgent.log states <![LOG[Endpoint is triggered by message.]LOG]!><time="13:28:00.005+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:58"> <![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:519"> <![LOG[EP version 4.1.522.0 is already installed.]LOG]!><time="13:28:00.243+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:232"> <![LOG[Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:251"> <![LOG[Re-apply EP AM policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="fepsettingendpoint.cpp:107"> <![LOG[Apply AM Policy.]LOG]!><time="13:28:00.244+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:1192"> <![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="13:28:00.542+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:607"> <![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="13:28:02.786+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:659"> <![LOG[save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="13:28:02.870+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:267"> <![LOG[state 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash 22278829C8D241E822FD474BA669DF7F1BF12767 is NOT changed.]LOG]!><time="13:28:02.871+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentimpl.cpp:339"> <![LOG[skip sending state message due to same state message already exists.]LOG]!><time="13:28:03.014+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:1239"> <![LOG[Firewall provider is installed.]LOG]!><time="13:28:03.022+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:779"> <![LOG[installed firewall provider meet the requirements.]LOG]!><time="13:28:03.074+360" date="02-12-2014" component="EndpointProtectionAgent" context="" type="1" thread="7052" file="epagentutil.cpp:800"> It seems that the issue is that it won't send a state message because it already exists. How do I force it to send the message?
  2. Hi, we are seeing issues some Clients are not reporting antivirus definitions to SCCM . CM Client is working fine and SCEP Client is up to date definitions. Antimalware Client Version: 4.10.209.0 CM Client Version 5.00.8239 Did following steps : Uninstall and reinstall CM Client and SCEP Client. Thank you,
  3. Gents, I have a quetion regarding SCEP : Why some machines have a version lke 4.8.204.0 whereas some other machines can already be at version : 4.9.218.0 . I used the client push method to install SCEP, so all my machines should have SCEP at the same version right ?
  4. Is there a way to generate a custom alert when the System Center Endpoint Protection Status -> Operational status of clients reaches a given number of systems? for example when the number of clients that has the definitions up to 3 days old reaches reaches the number of 1000 clients. Would it be possible to check the threshold with every summarization on the report? Regards Pawel
  5. I am running SCCM 2012 R2 5.0.7958.1203 I discovered that the SCEP installation on some clients is not upgrading. I see the following entry in ccmsetup.log file. File 'C:\windows\ccmsetup\SCEPInstall.exe' with hash '8B76E87A25DFAE06CC36245FCDC269D94A99CE2F1374C105A1F41B3470C2CFD7' from manifest doesn't match with the file hash 'FDDB17A148D8358B5BFBF63BBB3CDE902DCE807366081FE16B8E6042DCB47C71' Web searches point to articles that mention a specific hot fix that has created a mismatch of the hash values for scepinstall.exe and in ep_defaultpolicy.xml version in the \\<server name>\SMS_LM1\Client folder. The hotfix does not appear to apply to me though I believe this condition was caused by an update of some sort. I understand what the basic issue is. I don't understand how to correct it. Is there someone who may be able to shed some light on the solution? Thanks! Dan Mahler Grand Rapids, MI
  6. th3n0rk

    Report SCEP

    Hi ! ! ! There any way to configure or force the report of the definition antivirus client machines to the server? When I do the report , the captured information is Tardive . Example: - Report - The Script select SMS_R_System.NetbiosName, SMS_R_System.SystemOUName, SMS_G_System_AntimalwareHealthStatus.AntivirusSignatureUpdateDateTime, SMS_G_System_AntimalwareHealthStatus.AntivirusSignatureVersion from SMS_R_System inner join SMS_G_System_AntimalwareHealthStatus on SMS_G_System_AntimalwareHealthStatus.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = "Microsoft Windows NT Workstation 6.1" - My PC - My SCEP
  7. Hi, Obviously a beginner here with this question, so apologies in advance if there is a simple answer to this. I have mistakenly deployed an Antimalware Policy to an incorrect device collection, which now has 3 policies deployed to it and applied to SCEP clients (Default and two custom). I cannot find a way to retract or remove the mistakenly applied policy. Is this possible and if so, can someone point me in the right direction? The mistakenly applied policy is being used by other collections so I'm hesitant to delete it, recreate and redeploy to the correct collections, but if this is the only way then so be it. Thanks and I appreciate any guidance or advice.
  8. Hello all, I was wondering if anyone knew a way to automatically sync the SCEP definition to SCCM without needing to reboot. For instance, the SCCM console shows me that my server has the endpoint definition of 1.215.422.0 but after checking locally I have 1.215.565.0. This inaccurate result is throwing off my reports. If I reboot the server in question then SCCM shows the correct version. Is there another way to get this to sync without a reboot?
  9. I am using SCEP and already have alerting setup. Most of the alerts that I receive require no further action since SCEP deleted it. On rare occasion, there will be something detected that SCEP fails to handle automatically. Is there a way to create a custom alert that will only be triggered when this condition occurs?
  10. Hello All, I am trying to sync my WSUS Version: 3.2.7600.226 with SCCM 2012 R2 Version 5.0.7958.1000 but I am getting sync failures and I am not sure how to resolve these failures. BTW the WSUS server was installed in the environment long before the SCCM server and they are on separate servers. wsyncmgr.log Found 1 SUPs $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.483+240><thread=4424 (0x1148)> Found active SUP computer.abc.local from SCF File.~ $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.488+240><thread=4424 (0x1148)> DB Server not detected for SUP computer.abc.local from SCF File. skipping.~ $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.493+240><thread=4424 (0x1148)> Sync failed: WSUS update source not found on site XXX. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.498+240><thread=4424 (0x1148)> STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS= computer.abc.local SITE=XXX PID=2092 TID=4424 GMTDATE=Sat Oct 10 23:00:00.502 2015 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on site XXX. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.504+240><thread=4424 (0x1148)> Sync failed. Will retry in 60 minutes $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.511+240><thread=4424 (0x1148)> Setting sync alert to active state on site XXX $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.516+240><thread=4424 (0x1148)> Sync time: 0d00h00m00s $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:00:00.525+240><thread=4424 (0x1148)> Wakeup by SCF change $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:11:55.891+240><thread=4424 (0x1148)> Next scheduled sync is a regular sync at 10/10/2015 8:00:00 PM $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:12:01.015+240><thread=4424 (0x1148)> Wakeup by SCF change $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:12:10.988+240><thread=4424 (0x1148)> Next scheduled sync is a regular sync at 10/10/2015 8:00:00 PM $$<SMS_WSUS_SYNC_MANAGER><10-10-2015 19:12:16.024+240><thread=4424 (0x1148)> WCM.log 19:12:01.015+240><thread=4420 (0x1144)> Updating active SUP groups...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.024+240><thread=4420 (0x1144)> Updating Group Info for WSUS.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.035+240><thread=4420 (0x1144)> Set UseParentWSUS property in SCF to 1 on this site forcomputer.abc.local.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.051+240><thread=4420 (0x1144)> user(NT AUTHORITY\SYSTEM) runing application(SMS_WSUS_CONFIGURATION_MANAGER) from machine (computer.abc.local) is submitting SDK changes from site(XXX) $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.060+240><thread=4420 (0x1144)> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.105+240><thread=4420 (0x1144)> Checking runtime v2.0.50727...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.115+240><thread=4420 (0x1144)> Did not find supported version of assembly Microsoft.UpdateServices.Administration.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.126+240><thread=4420 (0x1144)> Checking runtime v4.0.30319...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.137+240><thread=4420 (0x1144)> Did not find supported version of assembly Microsoft.UpdateServices.Administration.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.147+240><thread=4420 (0x1144)> Supported WSUS version not found~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.156+240><thread=4420 (0x1144)> STATMSG: ID=6607 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=computer.abc.local SITE=XXX PID=2092 TID=4420 GMTDATE=Sat Oct 10 23:12:01.165 2015 ISTR0="computer.abc.local" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.369+240><thread=4420 (0x1144)> Remote configuration failed on WSUS Server.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><10-10-2015 19:12:01.382+240><thread=4420 (0x1144)> My questions are: Do I need to install WSUS on the server that SCCM is on even though I will not be using it? WSUS is using port 80 do I need to change that port to get sync working? Why am I getting a "Support version not found when the minimum supported is 3.0 and I am at 3.2? regards Thanks in advance for your help
  11. Quick question, do I need to have the client settings for Software Updates enabled in order to use an ADR to apply Forefront Client DAT (SCEP) updates to clients, we have an issue with the WUA agent on our clients and I want to disable software updates scans until Microsoft resolve the issue but I don't want to stop our DAT files going out to our clients. Thanks
  12. Hi guys, I wondered if someone here can provide clarity regarding update sources for the SCEP client as I've hit a brick wall this side of the wire! We have implemented the EPP role, configured AMW policies and deployed, setup ADR and tested and up until recently had no issues with SCEP or AMW update functionality. The SCEP clients are now failing to update their definitions. The updates sources, and order, are: 1. SCCM 2. Microsoft Update Clients fail to update and provide the following error: CODE: 0x8024402c MESSAGE: System Center Endpoint Protection couldn't install the definition updates because the proxy server or target server names can't be resolved. Having removed Microsoft Update from the Update Sources (as I believe there's no route to it), clients update their policies and now receive their updated definitions. When I examine the MPxxxxxx.log in ProgramData\Microsoft\Microsoft Antimalware\Support, it shows that the definitions were updated via MMPC. This causes a quandary because it isn't in the sources list. I think my question is relatively straight forward... Are the definitions being updated from SCCM but incorrectly reported as MMPC or is there a default position within SCEP 2012 whereby it checks the MMPC regardless of what the configuration is set at? Thanks, Ian.
  13. We pushed Endpoint out to our campus clients within the last month and all has been good. The SCEP client is being pushed through Client Settings. We recently re-imaged a couple machines using OS deployment and would expect that SCCM would see them as a not having the SCEP client and go ahead and install it again. However, we are getting the following messages in the EnpointProtectionAgent.log file and they repeat every 25 minutes or so: Service startup notification received EndpointProtectionAgent 7/28/2014 1:25:33 PM 2572 (0x0A0C) Endpoint is triggered by CCMTask Execute. EndpointProtectionAgent 7/28/2014 1:25:33 PM 2456 (0x0998) Deployment WMI is NOT ready. EndpointProtectionAgent 7/28/2014 1:25:33 PM 2456 (0x0998) From what I can gather SCCM still thinks the SCEP client is managed since it shows managed in the ConifgMan console, so this is causing it not to push the client again. Something is cached somewhere and is not letting the install to proceed. Any thoughts?
  14. Hi, does anyone know a way of using WOL to wake clients for a scheduled scan? The only way I can think of getting it to run would be to create a dummy deployment task with WOL enabled for a short period before I want the scan to start - this seems a clunky way of having to do it though. I'm using SCCM 2012 R2. cheers, Tom
  15. Hello, I currently have Microsoft endpoint protection on computers across a campus. I would like to deploy SCEP across my campus so that we can monitor and maintain it all from the server. This will require deploying the SCEP client over the network. My problem is: It creates pop ups for the current user logged in saying that windows defender is out dated and scep is out dated. Is there any way to install SCEP silently without the user being notified? I can deploy SCEP updates almost immediately afterwards to get rid of the "at risk" notification in the task bar, but it still gives users security warning popups, which i cannot have when i deploy all across campus.Thanks
  16. Hello All, I got a quick question on the behaviour of Software Update Groups. By folloiwing the Part 6. Deploying Endpoint Protection Role... I have created the following: 1. The servershare for SCEP updates - \\servername\source\windowsupdates\EndpointProtection 2. An ADR Template which created the new package and put it in above unc path (not enabled) 3. Several ADR's for below items with the setting "Add to existing Software Update Group" - Managed Clients - Managed DHCP - Managed DNS - Managed ADDS - And so on. Now when I look in the Software Update Groups on the ones that now have been created, they all have a Total Asset Count of all the clients running SCEP where the ADR's have been deployd. I.e. 400 clients, 35 servers (with different roles) So when the ADR ADR - SCEP - Managed Servers - DHCP is highlighted and I check the Summary of it it shows a total asset count of 435, while there are only 2 DHCP servers in the environment and I have targeted the ADR towards the DHCP Device Collection. Is this per design or have I missed something really basic? SCCM 2012 is running SP1 CU2. If there are any withstanding questions on this, don't hesitate to reply!
  17. I have a client that wouldn't install SCEP so I installed it using SCEPInstall.exe Now, it's an unmanaged Endpoint client How can I make it managed? The EndpointprotectionAgent.log shows: Endpoint is triggered by WMI notification. EndpointProtectionAgent 9/4/2013 8:51:02 AM 708 (0x02C4) Deployment WMI is NOT ready. EndpointProtectionAgent 9/4/2013 8:51:02 AM 708 (0x02C4)
  18. EP 4.2.223.1 is installed, version is higher than expected installer version 4.1.522.0 Has anyone see that in the EndpointProtectionAgent.log on a system they have been trying to push the SCCM client to before? We have a number of servers that haven't reported back to SCCM that their Endpoint Protection is being managed. Looking at the log noted above has that error. A snipped from the log: A few of these systems were previously manged under a dev SCCM 2012 SP1 install, and some under FEP 2010. Now we are deploying from a new SCCM site that we have setup to these servers. Does this indicate that we need to update the EP install that we are pushing out?
  19. Hello, I have been installing Config manager clients on servers I want to manage. These servers already had Forefront 2010 installed and being managed by the FEP server. When I log into a server I see that FEP 2010 is still listed under programs as well as the ConfigManger stuff. Is the FEP 2010 supposed to be manually removed or is this supposed to be automatically overwritten / uninstalled when I elect to use SCEP? Please let me know if you need more information.
  20. How to block SCCM 2012 not to installed Endpoint Protection on specific collection
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.