Endpoint Protection Client not running run scheduled scan

Similar Messages

• Forefront Endpoint Protection Client filling OS drive with scan and definition files.

  I have installed FEP on our client servers, one of server filling C: drive space with scan files (.bin.xx) and with definitions. Why its not clearing like other servers? Please suggest!
  We haven't using it through SCCM, we have only FEP client which download updates directly from Internet. 
  Thanks in advance. 

  Hi,
  Please check the logs below to see if there is any error.
  %allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
  %allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
  %windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
  %windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
  %windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
  %windir%\temp\MpSigStub.log – Update progress for signature and Engine updates
  Reference:http://kickthatcomputer.wordpress.com/2014/03/04/endpoint-protection-log-locations/
  Note: Microsoft provides third-party contact
  information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  Best Regards,
  Joyce

• Endpoint Protection Client Activity Log

  Hello
  I'd like to know how long SCCM 2012 keep the Endpoint protection client activity logs (logs of scan,detection, quarantine..etc) and if i can change it?
  thanx 

  HI,
  Endpoint Protection history data is deleted after 365 days, it can be controlled in the Site Maintenance task "Endpoint Protection is Delete Aged Endpoint Protection Health Status History Data"
  There is also a setting for "Delete Aged Threat Data" which is set to 30 days. It depends on which level of details you are after but it sounds like you should increase the "Delete Aged Threat Data"
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Best practice to run Microsoft Endpoint Protection client in VDI environment

  We are using Citrix XenDesktop VDI environment. Symantec Endpoint Protection client (VDI performance optimised) has been installed on the “streamed to the clients” virtual machine image. Basically, all the files (in golden image) have been “tattooed” with
  Symantec signature. Now, when the new VM starts, Symantec scan engine simply ignores “tattooed” files and also randomise scan times. This is a rough explanations but I hope you’ve got the idea.
  We are switching from Symantec to Microsoft Endpoint Protection and I’m looking for any information and documentation in regards best practice for running Microsoft Endpoint Protection clients in VDI environment.
   Thanks in advance.

  I see this post is a bt old but the organization I'm with has a very large VDI deployment using VMware. We also are using SCEP 2012 for the AV.
  Did you find out what you were looking for or did you elect to take a different direction?
  We install SCEP 2012 into the base image and manage the settings using GPO and the updates for defs are through the normal route.
  Our biggest challenge is getting alert message from the client.
  Thanks

• Upgraded SCCM 2012 SP1 to CU5 - Problem updating Endpoint Protection Client (to V4.5.216.0)

  We upgraded SCCM SP1 to CU5. We got one primary site, on which we had no problems with running the CU setup. After the upgrade we pushed the new administrator console and client.
  SP1 CU5 - console update -> Updated on all administrator users (50 computers)
  SP1 CU5- x64 and x86 client update -> Updated on pilot group (50 computers)
  No problems so far.
  We are having troubles updating the Endpoint Protection Client version. This was V4.1.522.0 before the upgrade. When we enroll a new computer, it receives the new V4.5.216.0, which is the last version.
  But we can't update our older clients. We try to deploy the software update (Update for Forefront Endpoint Protection 2010 Client - 4.5.216.0 (KB2952678)) but it doesn't install. After 20 minutes, if I look in the Deployment logs, it says the installation
  was successfull; but it isn't, it's still the old version.
  Strange thing is, we can upgrade to an inbetween version (Update for Forefront Endpoint Protection 2010 Client - 4.3.215.0 (KB2864366)). Which installs on a test client.
  If I look to the cache files of the new EP Client update, and use the UpdateInstall.exe manually, the update does install. Then I see in the logfile EndpointProtectionAgent.log it still refers to the version 4.1.522.0.
  EP 4.5.216.0 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Re-apply EP AM policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Apply AM Policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  State 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash D277339FA77A9017801399D96266BAD42DE74F38 is NOT changed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Skip sending state message due to same state message already exists. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Firewall provider is installed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Installed firewall provider meet the requirements. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  This is the WindowsUpdate.log when I try to push the new EP client.
  2015-01-14 11:24:13:651 7416 1c44 Handler :::::::::
  2015-01-14 11:24:13:651 7416 1c44 Handler : Updates to install = 1
  2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Command line install completed. Return code = 0x8004ff25, Result = Failed, Reboot required = false
  2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Exit code = 0x8024200B
  2015-01-14 11:24:21:716 7416 1c44 Handler :::::::::
  2015-01-14 11:24:21:716 7416 1c44 Handler :: END :: Handler: Command Line Install
  2015-01-14 11:24:21:732 7416 1c44 Handler :::::::::::::
  2015-01-14 11:24:21:794 1096 c18 Agent *********
  2015-01-14 11:24:21:794 1096 edc AU Can not perform non-interactive scan if AU is interactive-only
  2015-01-14 11:24:21:794 1096 c18 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
  2015-01-14 11:24:21:794 1096 c18 Agent *************
  2015-01-14 11:24:21:794 2296 fac COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
  2015-01-14 11:24:21:794 2296 fac COMAPI - Install call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
  2015-01-14 11:24:21:794 2296 fac COMAPI - Reboot required = No
  2015-01-14 11:24:21:794 2296 fac COMAPI - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
  2015-01-14 11:24:21:794 2296 fac COMAPI ---------
  2015-01-14 11:24:21:794 2296 fac COMAPI -- END -- COMAPI: Install [ClientId = CcmExec]
  2015-01-14 11:24:21:794 2296 fac COMAPI -------------
  2015-01-14 11:24:21:794 1096 1620 AU Can not perform non-interactive scan if AU is interactive-only
  2015-01-14 11:24:26:739 1096 1424 Report REPORT EVENT: {ED287668-4BEF-46FD-BB57-CA17680E5D3B} 2015-01-14 11:24:21:732+0100 1 182 101 {A90C3005-7B59-4268-8B11-12D9BE5C8EA0} 201 80070643 CcmExec Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Update for System Center Endpoint Protection 2012 Client - 4.5.216.0 (KB2952678).
  2015-01-14 11:24:27:207 1096 1424 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2015-01-14 11:24:27:207 1096 1424 Report WER Report sent: 7.5.7601.17514 0x80070643 A90C3005-7B59-4268-8B11-12D9BE5C8EA0 Install 101 Managed
  2015-01-14 11:24:27:207 1096 1424 Report CWERReporter finishing event handling. (00000000)
  Thanks in advance!

  Hello,
  According to
  kb2952678:
  To apply this update, you must have one of the following installed:
  System Center 2012 R2 Configuration Manager Cumulative Update 4 for System Center 2012
  Configuration Manager Service Pack
  Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for
  Forefront Endpoint Protection 2010
  Do you have Update Rollup 1 for Forefront Endpoint Protection 2010?
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Endpoint Protection Client - definitions couldn't be updated

  Am on SCCM 2012 SP2 and have EndPoint protection client deployed to computers during the Task Sequence, and they get the update.
  The next day I will try an update from the client's GUI and will get the error "Virus and spyware definitions couldn't be updated". 
  In the antimalway policy applied to the collection the device is a member of, I indeed have its definition update source set to "Updates from UNC file shares", then in the server path for the UNC, it is set to "\\server.domain.com\D$\sources\Packages\Apps\Microsoft\EP_Definitions\Updates\x86"
  which is where the "mpam-fe.exe" and "nis_full/exe" files are. 
  I have no maintenance windows set on the device collection that this antimalware policy is applied to. 

  Hi, I just wanted to clarify, I only have the "UNC" path as the option for the source of updates. 
  I have also verified that in the registry in hklm policies Microsoft AntiMalware that the UNC path is indeed there and I can manually access the path from Start > Run. 
  I've tried running the Endpoint definitions update manually as an Administrator, and with the Windows Update service in every combo of state I could try, and still nothing (not that I want Endpoint getting updates from the internet anyways). 
  Not sure what we're looking for in the windowsupdate.log but here are the last few lines before the time I tried running the update. The error from definition update doesn't appear to add anything to this log file.
  2014-11-19 18:50:01:854
  1012 10a0
  Service *************
  2014-11-19 18:54:12:693
  2068 1398
  Misc ===========  Logging initialized (build: 7.5.7601.17514, tz: -0600)  ===========
  2014-11-19 18:54:12:693
  2068 1398
  Misc  = Process: C:\WINDOWS\CCM\CcmExec.exe
  2014-11-19 18:54:12:693
  2068 1398
  Misc  = Module: c:\Windows\system32\wuapi.dll
  2014-11-19 18:54:12:693
  2068 1398
  COMAPI FATAL: Unable to connect to the service (hr=80070422)
  2014-11-19 18:54:12:693
  2068 1398
  COMAPI WARNING: Unable to establish connection to the service. (hr=80070422)
  2014-11-19 18:54:33:507
  2068 1098
  COMAPI FATAL: Unable to connect to the service (hr=80070422)
  2014-11-19 18:54:33:507
  2068 1098
  COMAPI WARNING: Unable to establish connection to the service. (hr=80070422)

• Symantec endpoint protection will not open hidden.  mavericks 10.9.4

  Symantec endpoint protection will not open hidden.  i have the hide on opening box checked in login options.
  Please help.
  thnaks

  doctorjay wrote:
  Symantec endpoint protection will not open hidden.  i have the hide on opening box checked in login options.
  Please help.
  thnaks
  If you are (ugh!) referring to Symantec's Anti-Virus software for the Mac, this when installed runs behind the scenes and does not require the application to be open all the time. Therefore the solution might be to not run it at login at all. That will certainly 'hide' it.
  [Why don't Apple have an emoticon for retching? I don't know which is worse Symantec or McAfee.]
  Typically you just get a small symbol in the menu bar near the clock to show it is installed and active. This certainly was the case when I was unfortunately required to use it at one organisation, it is also true for most if not all other makes, e.g Sophos.

• Deploying SCCM EndPoint Protection Client with updates?

  Am using SCCM 2012 r2 and need to get the EndPoint Protection Client built int o my image. 
  If I deploy it post-imaging the laptop, how do I get the latest definitions?
  Because it shows up with a red icon in the system tray and I have to go in and manually update the definitions after I install it. 
  Is there a task that could be done in an OSD to update the definitions?
  Otherwise only way I can think of is preinstall and update and get the full scan done before capturing an image of my system to deploy to other systems. 

  Hi,
  If you use Endpoint Protection on all computer including the latest definitions in your Build and Capture saves time.
  Otherwise ,the command line in windows works fine ,trigger an update of SCEP at the end of the task sequence:
  "%Program Files%\Microsoft Security Client\mpcmdrun.exe" -SignatureUpdate
  Here are some great articles for you reference:
  Operating System Deployment and Endpoint Protection Client Installation
  http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx
  How to Configure Definition Updates for Endpoint Protection in Configuration Manager
  http://technet.microsoft.com/en-us/library/jj822983.aspx 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site

  I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
  I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Send failed with hr = 80072ee2.
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Send request failed, hr:0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
  error 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  SLS FATAL: GetResponse failed with hresult 0x80072ee2...
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
  2014-04-30 11:05:09:739
   828 da8
  Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
  2014-04-30 11:05:09:739
   828 da8
  SLS Retrieving SLS response from server...
  2014-04-30 11:05:09:739
   828 da8
  SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Send failed with hr = 80072ee2.
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Send request failed, hr:0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
  error 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  SLS FATAL: GetResponse failed with hresult 0x80072ee2...
  2014-04-30 11:05:30:742
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
  2014-04-30 11:05:30:742
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
  2014-04-30 11:05:30:742
   828 da8
  Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
  2014-04-30 11:05:30:742
   828 da8
  Agent   * WARNING: Exit code = 0x80248014
  2014-04-30 11:05:30:742
   828 da8
  Agent *********
  2014-04-30 11:05:30:742
   828 da8
  Agent **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)  Id = 9]
  2014-04-30 11:05:30:742
   828 da8
  Agent *************
  2014-04-30 11:05:30:742
   828 da8
  Agent WARNING: WU client failed Searching for update with error 0x80248014
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr Decremented PDC RefCount for Network to 0
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr Decremented idle timer priority operation counter to 0
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI   - Updates found = 0
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80248014
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI ---------
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI -------------
  2014-04-30 11:05:30:743
   576 1254
  COMAPI WARNING: Operation failed due to earlier error, hr=80248014
  2014-04-30 11:05:30:743
   576 1254
  COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
  The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
  Regards, Evan Mills - Systems Administrator

  Every two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
  up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
  So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
  1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200)    WUAHandler    4/30/2014 6:49:33 AM    11080 (0x2B48)
  Async installation of updates started.    WUAHandler    4/30/2014 6:49:34 AM    11080 (0x2B48)
  Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
  Async install completed.    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
  Installation of updates completed.    WUAHandler    4/30/2014 6:50:23 AM    11032 (0x2B18)
  It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates.

• Why is KB2884678 Endpoint Protection Client Update Expired?

  Hi,
  KB2884678 Update for System Center Endpoint Protection 2012 suddenly expired in my SCCM Software Update Library.  This was just released 10/9/2013.  After testing and planned deployment, I was able to install this to the majority of my clients
  and servers.  However, now it is expired and I am not done yet.
  Why did this update suddenly expired on SCCM? Is there something going on? I don't see a replacement either.

  Thanks! Although it's a bit confusing because it says it superseded KB2865173 and not mentions 2884678.  But you are right.  This must be the replacement because 2884678 brings the client to version 4.3 while 2907566 brings
  the client to 4.4.
  So I guess, do you know by any chance if installing Cumulative Update 3 will upgrade my clients to 4.4 or still 4.3?

• Endpoint Protection Client Status page data is wrong

  So as part of my daily monitoring activities I fire up my CM 12 R2 console and go to Monitoring > Endpoint Protection Status > System Center 2012 R2 Endpoint Protection Status.
  The count of systems where "Configuration Manager client not installed" is
  always wrong. Right now it's claiming 80 clients. Clicking this URL jumps to Assets and Compliance > Devices > [collection name]: Configuration Manager client not installed... but there has never been a single client listed in this view.
  Manually searching the collection with "AND Client No" returns a matching number of clients as expected. What's the deal? I feel like I can't really trust the numbers on this monitoring page...
  EDIT: and yes, it has been summarized recently.
  born to learn!

  Sounds like they're both querying different data. For the details about the query you could have a look at the
  SMSProv.log, when you're performing the actions, that should provide some more information.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Locally check how Endpoint Protection client gets updates

  Hi,
  I'm in the middle of a large deployment of SCEP (ahem) System Center 2012 Endpoint Protection, and I've come across an interesting question. Is it possible to determine the method the local SCEP client used to obtain it's most recent definitions update?
  The background here is that our clients are set to obtain updates from the SCCM server, and only from the Internet as a last resort after 12 hours of failure. However, during one recent deployment, the local team reported a spike in their Internet traffic
  and believe several hundred SCEP clients updated via the Internet. Is it possible to verify this locally from log files on the computer or some other method?
  This is an issue for some of our locations where Internet bandwidth is at a premium, but we have good internal WAN links.
  Kind regards,
  Matt

  Hi,
  We could configure Definition Update sources under Antimalware Policy.
  How to Configure Definition Updates for Endpoint Protection in Configuration Manager
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Sesion bean client not running with comand line

  This is a session bean client program created using Netbeans 5.0 and Sun Application Server 9.
  Everything is normal as long as you run the client application from Netbeans.
  I have been trying to run the .jar file (created by Netbeans) from the command line and the exception thrown is as following:
  C:\Program Files\Java\jdk1.5.0_07\bin>java -jar CartClient.jar
  Exception in thread "main" java.lang.NoClassDefFoundError: com/sun/logging/LogDomains
  at com.sun.enterprise.util.ORBManager.<clinit>(ORBManager.java:78)
  at com.sun.enterprise.naming.SerialInitContextFactory.<clinit>(SerialInitContextFactory.java:56)
  at java.lang.Class.forName0(Native Method)
  at java.lang.Class.forName(Class.java:242)
  at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:42)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:654)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  at javax.naming.InitialContext.<init>(InitialContext.java:197)
  at cartclient.Main.main(Main.java:45)
  Somebody knows the reazon why this program run normal in Netbeans and the jar file doesn't
  work using the command line.

  The solution to this problem is to add the following libraries to the session bean
  client:
  appserv-admin.jar
  appserv-deployment-client.jar
  appserv-ext.jar
  appserv-rt.jar
  javaee.jar

• DAC did not run scheduled plan

  This plan has been running every night for the last year at 12:30 am, last night it failed to start/run for some reason.
  Where can I look for Dac schedule errors or java errors.
  Is this due to daylight savings possibly?
  Anyone else have this issue this morning 12 am.
  thanks for the help!!

  A bit more information in the job history. This job executes a chain. Usually the run shows a CHAIN_START with a status of "RUNNING", the individual steps as "SUCCEEDED" and then a CHAIN_RUN with a status of "SUCCEEDED". The job(s) with a problem shows Log Info:CHAIN_LOG_ID='27519",REASON="manual slave run", an Operation of CHAIN_RUN with a status of "SUCCEEDED", followed by "CHAIN_START with a status of "RUNNING", the successful steps and then a CHAIN_RUN with a status of "SUCCEEDED". The jobs under Job History show one starting at 2:42:10 and running for 9926.7 minutes. The second shows as starting at 2:42:11 and running for .01 minutes. The job log looks like this:
  Log ID Log Date Operation Status
  28121 May 20,2007 2:42:11 PM -07:00 CHAIN_RUN SUCCEEDED
  28120 May 20,2007 2:42:11 PM -07:00 RUN SUCCEEDED
  28119 May 20,2007 2:42:11 PM -07:00 RUN SUCCEEDED
  28118 May 20,2007 2:42:10 PM -07:00 CHAIN_START RUNNING
  28117 May 20,2007 2:42:10 PM -07:00 CHAIN_RUN SUCCEEDED

• Sample java client not running--showing a strange error-- help urgently

  Hi,
  I have followed all the steps, given in JDevloper help, to create and deploy an EJB onto a 9ias server and I have been successful in creating the EJB and deploying it from the JDevloper machine to 9ias machine.My JDevloper is on one machine and 9ias is on another. After deploying when I am creating a sample java client, as given in the JDevloper help file, it gives a very strange error
  java.lang.NullPointerException
       void Samplemypackage1.MySessionEJB1Client.main(java.lang.String[])
  Process exited with exit code 0.
  I have tried a lot but it's not happening. Is it becuase
  1. 9ias and JDevloper should be on the same machine
  2. some configurational changes need to be done in the settings
  3. jdk1.3.1 is not compatible with JDevloper.
  I am enclosing the code snippet for your quick reference.
  package Samplemypackage1;
  import java.util.Hashtable;
  //import javax.rmi.PortableRemoteObject;
  import javax.naming.Context;
  import javax.naming.InitialContext;
  import mypackage1.MySessionEJB1;
  import mypackage1.MySessionEJB1Home;
  public class MySessionEJB1Client
  public static void main(String [] args)
  MySessionEJB1Client mySessionEJB1Client = new MySessionEJB1Client();
  try
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
  env.put(Context.SECURITY_PRINCIPAL, "admin");
  env.put(Context.SECURITY_CREDENTIALS, "admin");
  env.put(Context.PROVIDER_URL, "ormi://9ias:23791/MySessionEJB1");
  Context ctx = new InitialContext(env);
  MySessionEJB1Home mySessionEJB1Home = (MySessionEJB1Home)ctx.lookup("MySessionEJB1");
  MySessionEJB1 mySessionEJB1;
  // Use one of the create() methods below to create a new instance
  mySessionEJB1 = mySessionEJB1Home.create();
  // Call any of the Remote methods below to access the EJB
  System.out.println(mySessionEJB1.calc("om sri"));
  catch(NullPointerException ne)
  ne.printStackTrace();
  catch(Throwable ex)
  ex.printStackTrace();
  When I tried to debug the program I found that the line " mySessionEJB1 = mySessionEJB1Home.create()" returns a null. I really fail to understand as to why it is happening.
  Please help me.
  Thankx

  That's strange. home.create() should never return a null.
  Do you see any exception trace on the server side?
  Do you have the same version of oc4j.jar on client and server machine? Which version of Jdeveloper and 9iAs are you using?
  Try copying oc4j.jar from the server machine to client machine and use that to connect to the bean.
  HTH
  Dhiraj