Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 6. Adding the Endpoint Protection role, configure Alerts and custom Antimalware Policies.

Recommended Posts

Hi and firstly thankyou for your great guides they are very much appreciated.

 

I have installed config manager 2012 r2 as a primary site and successfully install the client and endpoint protectiion to client machines. I have created the sup and update endpoint def files ok. I have created the adr for deploying def updates as per your guides.

 

The issue i am having is with Endpoint clients receiving updates from configuration manager. Updating from Windows updates works fine.

 

Here is the info from mpcmdrun.log

 

MpCmdRun: Command Line: "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -ManagedUpdate
Start Time: ‎Fri ‎Nov ‎08 ‎2013 14:35:34
Start: Signatures Update Service
Update Started
Update failed with hr: 0x80070490
Update completed with hr: 0x80070490
End: Signatures Update Service
MpCmdRun: End Time: ‎Fri ‎Nov ‎08 ‎2013 14:35:35
Any help greatly appreciated
Thanks

Share this post


Link to post
Share on other sites

Using SCCM 2012 R2, the After running the ADR once, retire it by right clicking on the rule and select Disable (or delete) and create a new ADR except this time point the deployment package to the package which is now created called Endpoint Protection Definition Updates. part isn't necessary anymore as MS added a "Deployment Package" tab to the ADR properties window!

Share this post


Link to post
Share on other sites

Using SCCM 2012 R2, the After running the ADR once, retire it by right clicking on the rule and select Disable (or delete) and create a new ADR except this time point the deployment package to the package which is now created called Endpoint Protection Definition Updates. part isn't necessary anymore as MS added a "Deployment Package" tab to the ADR properties window!

 

 

when the guide was written (RTM) there was no such option. But I will amend it for everyones benefit.

Share this post


Link to post
Share on other sites

Can you clarify the relationship between an ADR and a custom malware policy, specifically the "defintion Updates" section of the custom policy. For example if the the ADR only runs once a day and a PC is not turned on during that time when does it download the latest signatures? Is it when it is turned on and the SMS service starts up or is it based on the "Check for Endpoint Protection Defintions" settings in the custom policy?

Share this post


Link to post
Share on other sites

The ADR has nothing to do with when the client scans for available updates. Those are two separate things. When the client scans, depends on the (custom) policy settings.

 

So if you deploy signatures via an ADR and the PC isn't on at that time does it use the configured schedule for the "Software Updates Deployment Evaluation Cycle" action to go looking for updates or does it use the Custom Malware policy settings? Or does it use both?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.