Search the Community

Hi, I've recently had an issue were my Windows 10 1803 clients don't get signature updates although the definition updates seem to apply ok. Looking through the logs nothing really stuck out except that the machine didn't have a antimalware policy. I check SCCM and the policy is deployed and apperently installed ok (going from the console). Any ideas would really be great!

Hi, Obviously a beginner here with this question, so apologies in advance if there is a simple answer to this. I have mistakenly deployed an Antimalware Policy to an incorrect device collection, which now has 3 policies deployed to it and applied to SCEP clients (Default and two custom). I cannot find a way to retract or remove the mistakenly applied policy. Is this possible and if so, can someone point me in the right direction? The mistakenly applied policy is being used by other collections so I'm hesitant to delete it, recreate and redeploy to the correct collections, but if this is the only way then so be it. Thanks and I appreciate any guidance or advice.

Hi guys, I wondered if someone here can provide clarity regarding update sources for the SCEP client as I've hit a brick wall this side of the wire! We have implemented the EPP role, configured AMW policies and deployed, setup ADR and tested and up until recently had no issues with SCEP or AMW update functionality. The SCEP clients are now failing to update their definitions. The updates sources, and order, are: 1. SCCM 2. Microsoft Update Clients fail to update and provide the following error: CODE: 0x8024402c MESSAGE: System Center Endpoint Protection couldn't install the definition updates because the proxy server or target server names can't be resolved. Having removed Microsoft Update from the Update Sources (as I believe there's no route to it), clients update their policies and now receive their updated definitions. When I examine the MPxxxxxx.log in ProgramData\Microsoft\Microsoft Antimalware\Support, it shows that the definitions were updated via MMPC. This causes a quandary because it isn't in the sources list. I think my question is relatively straight forward... Are the definitions being updated from SCCM but incorrectly reported as MMPC or is there a default position within SCEP 2012 whereby it checks the MMPC regardless of what the configuration is set at? Thanks, Ian.

I am trying to find a way to add a known executable to endpoint, as a threat. For example... app.exe... is it possible to add that name, path, etc to a list of unwanted programs to SCEP? I can see how to do threat overrides, however I was hoping to do the opposite against a list of executable names, paths, hashes, or whatever is available.

When trying to browse a threat, for adding Threat Overrides, I get an error stating "The specified threat could not be found in the definitions. Verify you typed in correct name and the Endpoint Protection has the most up-to-date definition." Appreciate any help on what to do next, as far as I can tell my definitions are up to date, but if somebody could assist in giving me a list of things to check I would appreciate it. Or if there is something else I could check, please let me know.