Does Forefront Endpoint Protection 2010 block powershell scripts from running?

Similar Messages

• Steps to install Forefront Endpoint Protection 2010?

  I've been searching on how to install Forefront Endpoint Protection 2010 on a Windows Server 2012 R2 Server.  I can't seem to find anything about this.  Can someone tell me the steps I need to take.  I installed SQL 2012, then SCCM
  2012, but when I launch the Forefront 2010 installer its saying it can't find SCCM 2007.  I take it its not supported in Forefront 2010? Anyways, if there are instructions on how to install the Endpoint Protection and Exchange Online protection I'd appreciate
  it.  
  Fernando

  Hi,
  In SCCM 2012 Endpoint Protection 2012 is integrated so you cannot install FEP 2010 in it. Add the Site System role called "Endpoint Protection" on your Primary site server, CAS if you use a CAS and then you are good to go.
  the steps are described here:
  http://blogs.technet.com/b/anilm/archive/2012/02/19/how-to-enable-configuration-manager-2012-endpoint-protection.aspx
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Is Forefront Endpoint Protection 2010 detecting and removing CryptoLocker?

  Is Forefront Endpoint Protection 2010 detecting and removing CryptoLocker?

  Hi,
  For antimalware and antispyware, the latest definitions are
  1.187.361.0. You can install the latest updates:
  Updating your Microsoft antimalware and antispyware software
  If that threat cannot be detected or removed, you can feedback or submit a malware file in the Malware Protection Center.
  Best regards,
  Susie

• Forefront Endpoint Protection 2010 - Exclude files and locations == Exclude processes??

  Hi,
  I have a server with Forefront Endpoint Protection 2010 installed.
  This server is running Backup Exec. I have created an files and folder exclusion pointing to:
  C:\Program Files\Symantec
  There are various references online like this one
  http://www.symantec.com/business/support/index?page=content&id=TECH74529
  Which highlight excluding the processes rather than what I have done...
  If the process is inside the Symantec folder is there any technical difference between using the files and folder exclusion as opposed to the process exclusion?

  Yes, the difference is that excluding the folder location will only exclude the folder and the child items of that specific location from scanning activity whereas excluding a process will exclude any activity by the process regardless of location. So,
  with a process exclusion, if that process under C:\Program Files\Symantec produces activity in C:\Windows, the activity will be excluded from scanning, but if you just have the C:\Program Files\Symantec folder excluded, the activity in C:\Windows will not
  be excluded.

• Forefront Endpoint Protection 2010 Antimalware Activity and Antimalware Protection Summary Reports aren't rendering properly.

  The Antimalware Activity and Antimalware Protection Summary Reports aren't rendering properly.  When I export them to PDF, they look normal but when I run either one of these reports through they don't display properly.  In the Antimalware
  Protection Summary report, the Latest Antimalware Protection Summary title bar has been extended and the Status legend is coved by white space and Latest Antimalware Definitions Summary title bar has been extended and Period legend
  are covered by white space.  On the same page the Antimalware Protection History-Week has been flushed to the right to where it only dispays Antimalw and the Antimalware Definitions History-Week has been flushed to the right to where it only dispays
  Antimalw.  On the Antimalware Activity the Actions legend has been flushed to the left.

  This is an old question but you may try it using the latest version of Forefront Endpoint Protection or System Center Endpoint Protection and let us know if you are able to reproduce the problem. There are many improvements in latest release of SCEP and
  FEP.

• Hotfix 2919357 on Forefront Endpoint Protection 2010 for Exchange 11.0.727.0

  I currently have FF for Exhange 2010 version 11.0.727.0, but I have event ID errors 5314, 7009 and 7011. the question is, the version of files content in zip file  of hotfix have the same versions of files on my productive environment on my exchange
  servers,  Do I must install this hotfix in same versions of files to try to solve these errors?
  Donato

  Hi,
  The article KB2919357 indicated that this fix is ONLY viable on the latest FPE build which is 11.0.0727.0.
  If you want to fix the issue and have the exactly same errors in the article, you need to install this hotfix.
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Forefront Endpoint Protection 2010 updates are not listed as expired

  Hello, so I am working on getting the right update groups setup within SCCM2012.
  I ran into a bunch of updates for FEP2010 that should be expired, but they are not, how do I expire them?
  To be more specific, these are listed as good updates but should be expired in my opinion -
  KB2461484 (Definition 1.123.832)
  KB2461484 (Definition 1.145.1695)
  KB2461484 (Definition 1.155.997)
  KB2461484 (Definition 1.175.1328)
  The latest definitions update as of today is KB2461484 (Definition 1.191.3456) which is in green which is normal.

  Perhaps, somehow, I have no idea how, they were missed is your catalog update process.
  See the answer from Lawrence Garvin in this thread:
  Windows 8
  Defender Showing Hundreds of Needed Definitions After Most Recent Definition Installed
  "This is a known issue. It's caused by the limited number of *superseded* updates that can be listed
  on the newest update."
  Rolf Lidvall, Swedish Radio (Ltd)

• Forefront Endpoint Protection Monitoring Service

  Hello,
  I just saw that the Forefront Endpoint Protection Monitoring Service is stoppable. I had a virus a few weeks ago on my machine at home that has security essential installed. The virus continually disabled the service. Does it make sense to control the service
  via gpo to not make it stoppable even by the system and admin user?
  Cheers
  Sebastian
  Sebastian Bammer

  This is old discussion, but let me explain some improvements in Microsoft Anti-Malware Engine. When a program tried to disable any service, process or anything related to Windows Security or Microsoft Anti-Malware Engine , Firewall, etc. It will be detected
  as a suspicious behavior and it will be blocked (no matter whether it is known malware or unknown program). In case of unknown program, you might be asked to send more details or submit it to Microsoft Malware Protection Center.
  In addition, in Windows Vista and later version of Windows such as Windows 7, Windows 8.x when you have User Account Control (UAC), all programs run as an standard user unless you grand them permission as administrator. So by default, if a program tried
  to disable any Security related service in Windows is unable to that because it won't run as administrator and is unable to perform something which runs as administer unless, if you are in administrator account and UAC is off or you grand administrator privilege
  to the program (e.g. right click and run as administrator).
  However, if you still face any programs which might try to disable services and it won't block by FEP , Microsoft Security Essentials or other Microsoft Anti-Malware products, you could submit it sample to Microsoft Malware Protection Center for more analysis.

• SCCM and ForeFront Endpoint Protection point site system role

  Thanks for looking at this......I am working with SCCM 2012, and ForeFront Endpoint Protection has been set up as an Endpoint Protection point site system role.  Up to now we just haven't had to mess with it much, it just has worked.  I
  have been busy packaging applications for the eager public. I have one pc that has had the Endpoint client self destruct.  Had to remove it via the control panel.  I next did a machine policy retrieval and evaluation cycle (among others) and sccm
  shows that it is aware that this particular machine needs FEP. It lists it as "To Be Installed".  How long will this take?  I have things set for "as soon as possible".   Am I at the mercy of Sccm?  Also, is there
  a way to force the install?  Thanks for any light you can shed on this!

  This will depend on your SCCM client policy settings to allow SCEP installation outside of maintenance windows (if you have any).
  It will also depend if you are using 2 hour deployment "randomizer" option in your SCCM client policy.
  Lastly, you can install it with BITS that have already been downloaded with SCCM client install.
  c:\windows\ccmsetup\scepintall.exe

• SCOM 2007 R2 Forefront Endpoint Protection Management Pack

  Hi All,
  Question about Forefront Endpoint Protection Management Pack Alert configuration.
  We are receiving “Malware Outbreak” Monitor alert with below Alert Description:
  Protected Endpoints Watcher Forefront Endpoint Protection has detected active malware on more than 5% of your computers.
  Our customer is asking, How to find out the name of the 5% of computers with affected malware information. Kindly assist me on this. I could find only Watcher node.
  Thanks & Regards,
  Mohamed Sybulla

  Malware outbreak alert show Number of computers with the same malware detected
  To Generate report of computer names and version, see
  Viewing and printing reports.
  To resolve this alert, you can refer below links
  http://technet.microsoft.com/en-us/library/bb418869.aspx
  http://technet.microsoft.com/en-us/library/ff823761.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• SCCM 2012 R2: Forefront Endpoint protection via automatic updates only work when manually triggering automatic updat rule

  Hi,
  I followed this manual to configure forefront endpoint protection on clients: http://www.windows-noob.com/forums/index.php?/topic/6106-using-system-center-2012-configuration-manager-part-6-adding-the-endpoint-protection-role-configure-alerts-and-custom-antimalware-policies/
  Now in short: everything works fine ... as long as I trigger the audomatic deployment rules.
  Current situation:
  1. ADR ran fine (3:30 this night)
  2.Software update group is NOT ok
  3.I run ADR manually (right click on ADR, run)
  4.software update group is ok (green icon)
  Then virusupdates are succesfull. This means that clients only update their virus definitions when I manually run the ADR-rule.
  I'm missing something here.
  Please advise.
  J.
  Jan Hoedt

  Probably this issue: http://social.technet.microsoft.com/Forums/en-US/c6109678-785b-4c6d-9cb4-c9dfc1e34b2e/sccm-2012-automatic-deployment-rule-not-executing-updates-for-scep?forum=configmanagerapps
  Iow: wsus updates were scheduled at 3, automatic update rules at 3:15, probably sync wasn't done yet so it doesn't find updates. "The day after" updates are marked as expired.
  Jan Hoedt

• Run PowerShell script from C# writing to input pipe

  Hello,
  I am trying to run a PowerShell script from C# (I have no control over what's in the script). The script may have a prompt like "Press enter to continue". So my goal is:
  1. Get text output from the script (easy, many examples available)
  3. If output contains "Press enter to continue", write a blank line to the running script's pipe to make it finish its job and quit
  4. If output does contain that prompt, just let it exit by itself without sending any input
  Note that commands in this PS script also try to get at script's file path, so I can't read script from file and pass it as text. It has to be executed as a script so it knows where it's located.
  I have done this with .exes and batch files before. All you do in that case is process.StandardInput.WriteLine() which "types" enter into the input stream of script you are trying to control. But this does not work with Power Shell. How do I do this?
  I have tried using PS object model like so:
  using (Pipeline pipeline = runspace.CreatePipeline())
  Command command = new Command(scriptPS, true, true);
     pipeline.Commands.Add(command);
     pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
     pipeline.Input.Write("\n");
     Collection<PSObject> psresults = pipeline.Invoke();   //...
  But I get an error because the script prompts:
  "A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related
  commands from command types that do not support user interaction, such as Windows PowerShell workflows."
  I also tried using Process, and running PowerShell with -File switch to execute the script, then write to StandardInput with C#. I get no errors then, but the input is ignored and doesn't make it to PowerShell.
  Please help!

  No man, what kind of answer is that? You should have left it unanswered rather than waste people's time like this. I already seen those links before I posted my question. They address the issue of specifying script parameters, but not
  writing to the input pipe.
  Fortunately I did figure this out by writing a custom script host for PowerShell. Anyone interested can read about this in detail on MSDN (fortunately simple material with samples you can copy paste as I did, so this solution takes little time to implement).
  Implement PSHost interface. Nothing special here, just paste directly from MSDN sample and modify their SetShouldExit function definition to contain just a "return;". Here's the relevant link:
  http://msdn.microsoft.com/en-us/library/windows/desktop/ee706559(v=vs.85).aspx
  Implement PSHostUserInterface interface. This is the ticket to solving this problem
  (see below). Here's the MSDN link:
  http://msdn.microsoft.com/en-us/library/windows/desktop/ee706584(v=vs.85).aspx
  Implement PSHostRawUserInterface. This may not be required (not sure) but I did anyway. Nearly a direct paste from MSDN:
  http://msdn.microsoft.com/en-us/library/windows/desktop/ee706601(v=vs.85).aspx
  So, there are two PSHostUserInterface function implementations that are of particular interest. First is Prompt (read header comment to see why):
  /// <summary>
  /// When script attempts to get user input, we override it and give it input programmatically,
  /// by looking up within promptInput's dictionary<string,string> or lineInput array.
  /// PromptInput dictionary is mapped by input prompt (for example, return "" in response to "Press ENTER to continue")
  /// LineInput is a regular array, and each time the script wants to prompt for input we return the next line in that array;
  /// this works much like piping inputs from a regular text file in DOS command line.
  /// </summary>
  /// <param name="caption">The caption or title of the prompt.</param>
  /// <param name="message">The text of the prompt.</param>
  /// <param name="descriptions">A collection of FieldDescription objects that
  /// describe each field of the prompt.</param>
  /// <returns>Throws a NotImplementedException exception.</returns>
  public override Dictionary<string, PSObject> Prompt(string caption, string message, System.Collections.ObjectModel.Collection<FieldDescription> descriptions)
  Dictionary<string, PSObject> ret = new Dictionary<string, PSObject>();
  foreach (FieldDescription desc in descriptions)
  if (this.promptInput.Count != 0)
  ret[desc.Name] = new PSObject(this.promptInput[desc.Name] + "\r\n");
  else if (this.lineInput != null && this.currentLineInput >= 0 && this.currentLineInput < this.lineInput.Length)
  ret[desc.Name] = new PSObject(this.lineInput[this.currentLineInput++] + "\r\n");
  else
  if (desc.DefaultValue == null)
  ret[desc.Name] = new PSObject("\r\n");
  else
  ret[desc.Name] = new PSObject(desc.DefaultValue);
  return ret;
  Next is PromptForChoice. Here I opted to always return the default choice, but you could rewrite it to read from somewhere to "simulate" reading from input pipe just like the function above:
  public override int PromptForChoice(string caption, string message, System.Collections.ObjectModel.Collection<ChoiceDescription> choices, int defaultChoice)
          return defaultChoice;
  Last but not least, here's a ReadLine implementation (again read header comment):
  /// <summary>
  /// If the LineInput is set, "read" the next line from line input string array, incrementing line pointer/// </summary>
  /// <returns>The characters that are entered by the user.</returns>
  public override string ReadLine()
  if (this.lineInput != null && this.currentLineInput >= 0 && this.currentLineInput < this.lineInput.Length)
  return this.lineInput[this.currentLineInput++];
  else
  return Console.ReadLine();
  Both are exposed as properties:
  /// <summary>
  /// Gets or sets the input pipe override
  /// </summary>
  public string Input
  get
  return string.Join("\n", this.lineInput);
  set
  if (value != null)
  this.lineInput = value.Split('\n');
  this.currentLineInput = 0;
  else
  this.lineInput = null;
  /// <summary>
  /// Gets or sets input pipe override for named prompts
  /// </summary>
  public Dictionary<string, string> PromptInput
  get
  return this.promptInput;
  set
  this.promptInput = value;
  And finally, here's how the whole shebang is used:
  /// <summary>
  /// Runs a powershell script, with input pipe arguments
  /// </summary>
  /// <param name="script">Path of the script to execute, or script text</param>
  /// <param name="inline">Whether or not to execute script text directly, or execute script from path</param>
  /// <param name="unrestricted">Whether or not to set unrestricted execution policy</param>
  /// <param name="parameters">Parameters to pass to the script command line</param>
  /// <param name="inputOverride">Input to pass into the script's input pipe</param>
  /// <param name="inputOverrideName">Input to pass into the script's input pipe, to each prompt by label</param>
  /// <returns>Output lines</returns>
  public static string PowerShell(string script, bool inline, bool unrestricted = false, Dictionary<string, string> parameters = null, string inputOverride = null, Dictionary<string, string> inputOverrideByName = null)
  string output = null;
  ScriptHost host = new ScriptHost();
  (host.UI as ScriptHostUserInterface).Input = inputOverride;
  (host.UI as ScriptHostUserInterface).PromptInput = inputOverrideByName;
  using (Runspace runspace = RunspaceFactory.CreateRunspace(host))
  runspace.Open();
  if (unrestricted)
  RunspaceInvoke runSpaceInvoker = new RunspaceInvoke(runspace);
  runSpaceInvoker.Invoke("Set-ExecutionPolicy Unrestricted");
  using (Pipeline pipeline = runspace.CreatePipeline())
  if (inline)
  pipeline.Commands.AddScript(script);
  else
  Command command = new Command(script, true, true);
  foreach (KeyValuePair<string, string> param in parameters)
  command.Parameters.Add(param.Key, param.Value);
  pipeline.Commands.Add(command);
  pipeline.Commands.Add("Out-String");
  pipeline.Commands[0].MergeMyResults(PipelineResultTypes.Error, PipelineResultTypes.Output);
  Collection<PSObject> psresults = pipeline.Invoke();
  var sb = new StringBuilder();
  foreach (PSObject obj in psresults)
  sb.AppendLine(obj.ToString());
  output = sb.ToString();
  pipeline.Dispose();
  runspace.Close();
  return (host.UI as ScriptHostUserInterface).Output + "\r\n" + output;
  As you can see, I also did some magic with the .Output property. That just accumulates lines of text output by the script in every WriteXXX function implemented in your custom PSHostUserInterface. The end result of all this, is that if you have a script
  that has prompts, choices or reads from standard input, you can execute the script within the context of your custom script host written as above, to control precisely what strings are passed to it in response to prompts.
   

• Can we execute a Powershell script from the Javascript?

  Hi,
  I have a certain requirement to add a Custom ribbon button in document library and there was a powershell script to be run for the selected item in the library.
  I have struck with executing a Powershell script from the javascript function.
  Can anyone please suggest me if this was achievable
  Thanks, Swaroop Vuppala

  Hi Swaroop,
  To execute server side code in a custom ribbon button script, using application page is a common way to do this, besides, you can also use a page dialog, which is similar with application page but display as model dialog, another way is javascript
  _dopostback and delegate control, the following article contains detailed information about this, please refer to it for more information:
  Invoke server side code on SharePoint ribbon click:
  http://sharepointnadeem.blogspot.in/2012/07/invoke-server-side-code-on-sharepoint.html
  Thanks,
  Qiao Wei
  TechNet Community Support

• Execute powershell script from ssis?

  Hi,
  I was trying to use the execute process task to kick off a powershell script.  However, nothing happens when I run in debug (the component turns yellow and stays yellow).  Any idea if what I am trying to do is possible and the proper way to configure
  it?
  btw, I am using powershell for the remoting capabilites.  I need to execute a bat file on a remote server which runs a process in a legacy program. 
  Update:  When I name the ps1 script file in the executable window, it opens it in notepad.  This would be like the default if you double clicked the file.
  Mark

  To run a PowerShell Script from SSIS package. Add a "Execute Process Task" in SSIS and use the following command text.
  This works just great, plus the "-ExecutionPolicy ByPass" switch will take care of any server script policies.
  C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe
  -ExecutionPolicy ByPass -command ". 'L:\Powershell_Script\Script1.ps1' 'param1' 'param2'"
  Regards
  Deepak

• Execute a powershell script from a windows store apps

  Hello Everybody !
  I'd like to launch a powershell script from a windows store apps.
  In fact the purpose is install a windows store apps from an other windows store apps.
  Any ideas?
  Thanks

  If it's a sideloaded LOB application, you can do this using a brokered component:
  http://blogs.msdn.com/b/wsdevsol/archive/2014/04/14/cheat-sheet-for-using-brokered-windows-runtime-components-for-side-loaded-windows-store-apps.aspx
  Matt Small - Microsoft Escalation Engineer - Forum Moderator
  If my reply answers your question, please mark this post as answered.
  NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined
  objects and unknown namespaces.