Endpoints not reporting virus definitions

[Brocky]

I have just recently built a new sccm 2012 instance , with new site code and moved all the clients across , Clients are all appearing with the correct site code and are successfully getting the correct antimalware policies applied from the new server on the SCEP instance that was installed from the previous sccm server.

The problem is the new server is showing the clients as no endpoint protection enabled.

Basically the clients are not reporting there endpoint status to the new server, however are reporting there client status.

I was able to resolve the issue easily enough by uninstalling endpoint and reinstalling it again, but as there are over 700 devices this is not ideal,

I have also tried deleting registry.pol..no luck here

[GarthMJ]

Have you reviewed the logs?

Why can't you use CM12 to uninstall SCEP and re-install it?

[Brocky]

Hi Garth,

Thankyou for taking the time to respond , What logs would I be looking at apart from EndpointProtectionAgent.log

which shows

Sending message to external event agent to test and enable notification EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
EP Policy All Staff Antimalware Policy
Default Client Antimalware Policy is already applied. EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
Firewall provider is installed. EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
Installed firewall provider meet the requirements. EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 7/09/2015 11:55:58 AM 3152 (0x0C50)
Endpoint is triggered by message. EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
File C:\windows\ccmsetup\SCEPInstall.exe version is 4.7.213.0. EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
EP version 4.8.204.0 is already installed. EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
EP 4.8.204.0 is installed, version is higher than expected installer version 4.7.213.0. EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
Re-apply EP AM policy. EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
Apply AM Policy. EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent 7/09/2015 11:59:08 AM 5256 (0x1488)
Applied the C:\windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully. EndpointProtectionAgent 7/09/2015 11:59:10 AM 5256 (0x1488)
Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState EndpointProtectionAgent 7/09/2015 11:59:10 AM 5256 (0x1488)
State 1 and ErrorCode 0 and ErrorMsg and PolicyName All Staff Antimalware Policy
Default Client Antimalware Policy and GroupResolveResultHash B1E7B6571D102579E21C6CCA396A457B507899FE is NOT changed. EndpointProtectionAgent 7/09/2015 11:59:10 AM 5256 (0x1488)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 7/09/2015 11:59:10 AM 5256 (0x1488)

 

Also you say to use cm12 to uninstall/ install I know how to reinstall the client , but how would I achieve reinstalling endpoint with sccm2012 ?

Paul

[GarthMJ]

In a nutshell, you would do it the same way you manually uninstalled the SCEP client. There are lot of different ways to do this but this is one of the simplest.

 

• Create a Program with the Uninstall for SCEP client
• Create a Program with the Install for SCEP client
• Deploy the Uninstall for SCEP with a time of 11:00am
• Deploy the Install for SCEP with a time of 11:02

 

You can you task sequences to make this one "step" or you can use dependences too.

 

In any case you will need to test this.