Endpoint Protection

Similar Messages

• BSOD on XP with Zenworks and Symantec Endpoint Protection

  After upgrading to Symantec Endpoint Protection (SEP) we are getting Blue Screen after imaging.
  We have SEP included in our image and after pushing the image to another computer, we instantly get a BSOD, when trying to boot up the newly imaged machine:
  *** STOP: 0x00000024 (0x00190203,0x8A4B0DE8,0xC0000102,0x00000000)
  Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.
  For test purpose I have tried doing the imaging job with Ghost 2003. This works perfectly, so I guess it is the combination of SEP and ZfD that is causing the problem. If I exclude SEP from the image, imaging with ZfD works fine. Imaging with Symantec antivirus ver. 10 also works perfect.
  Anyone out there running ZfD and SEP 11?
  Environtment:
  Windows XP SP3
  ZfD 7.01 sp1 ir1 running on Netware 6.5
  Symantec Enpoint Protection 11.0.3001.2224 (getting the same error with 11.0.2010.25)

  There should an updated patch for ZDM7 available withing a few days. (ZDM7
  SP1 IR3A HP1.)
  I would strongly suggest testing with the updated files when they are
  released.
  The is a much newer Linux Kernal starting with IR3A which could effect your
  problem.
  If you are still seeing an issue, I would suggest opening a ticket with
  Novell.
  Unless somebody here happened to have a copy of SEP, helping here would be
  tough.
  But I have not heard of this issue myself, but anything is possible.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "martinusen" <[email protected]> wrote in message
  news:[email protected]...
  >
  > After upgrading to Symantec Endpoint Protection (SEP) we are getting
  > Blue Screen after imaging.
  >
  > We have SEP included in our image and after pushing the image to
  > another computer, we instantly get a BSOD, when trying to boot up the
  > newly imaged machine:
  >
  > *** STOP: 0x00000024 (0x00190203,0x8A4B0DE8,0xC0000102,0x00000000)
  >
  > Disable or uninstall any anti-virus, disk defragmentation or backup
  > utilities. Check your hard drive configuration, and check for any
  > updated drivers. Run CHKDSK /F to check for hard drive corruption, and
  > then restart your computer.
  >
  > For test purpose I have tried doing the imaging job with Ghost 2003.
  > This works perfectly, so I guess it is the combination of SEP and ZfD
  > that is causing the problem. If I exclude SEP from the image, imaging
  > with ZfD works fine. Imaging with Symantec antivirus ver. 10 also works
  > perfect.
  >
  > Anyone out there running ZfD and SEP 11?
  >
  > Environtment:
  > Windows XP SP3
  > ZfD 7.01 sp1 ir1 running on Netware 6.5
  > Symantec Enpoint Protection 11.0.3001.2224 (getting the same error with
  > 11.0.2010.25)
  >
  >
  > --
  > martinusen
  > ------------------------------------------------------------------------
  > martinusen's Profile: http://forums.novell.com/member.php?userid=26795
  > View this thread: http://forums.novell.com/showthread.php?t=345351
  >

• Automatic Install of Endpoint Protection fails on windows 8.1 clients with SCCM 2012 R2

  Running SCCM 2012 R2 and deploying CM clients and Endpoint Protection via software updates. CM client and EP install fine on Windows 7 clients. CM client installs fine but endpoint protection fails on Windows 8.1 clients with the following from the
  endpoint protection agent log:
  <![LOG[Create Process Command line: "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /policy "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:22:02.560+240" date="08-13-2014" component="EndpointProtectionAgent"
  context="" type="1" thread="4260" file="epagentutil.cpp:607">
  <![LOG[Detail error message is : [EppSetupResult]
  HRESULT=0x80070643
  Description=Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal
  error during installation.
  So on the win8.1 client I run the above command line manually in a command window and receive Access is denied. Then I run the same command in an elevated command window and EP installs fine. Does this have something to do with why the automatic
  EP client install fails with the 0x80070643 error code? If so, what is the fix?

  Hi,
  Try uninstalling any other security software.
  For more information, please review the link below:
  I‘m getting an error code from my Microsoft security software
  http://www.microsoft.com/security/portal/mmpc/help/errorcodes.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Upgraded SCCM 2012 SP1 to CU5 - Problem updating Endpoint Protection Client (to V4.5.216.0)

  We upgraded SCCM SP1 to CU5. We got one primary site, on which we had no problems with running the CU setup. After the upgrade we pushed the new administrator console and client.
  SP1 CU5 - console update -> Updated on all administrator users (50 computers)
  SP1 CU5- x64 and x86 client update -> Updated on pilot group (50 computers)
  No problems so far.
  We are having troubles updating the Endpoint Protection Client version. This was V4.1.522.0 before the upgrade. When we enroll a new computer, it receives the new V4.5.216.0, which is the last version.
  But we can't update our older clients. We try to deploy the software update (Update for Forefront Endpoint Protection 2010 Client - 4.5.216.0 (KB2952678)) but it doesn't install. After 20 minutes, if I look in the Deployment logs, it says the installation
  was successfull; but it isn't, it's still the old version.
  Strange thing is, we can upgrade to an inbetween version (Update for Forefront Endpoint Protection 2010 Client - 4.3.215.0 (KB2864366)). Which installs on a test client.
  If I look to the cache files of the new EP Client update, and use the UpdateInstall.exe manually, the update does install. Then I see in the logfile EndpointProtectionAgent.log it still refers to the version 4.1.522.0.
  EP 4.5.216.0 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Re-apply EP AM policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Apply AM Policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  State 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash D277339FA77A9017801399D96266BAD42DE74F38 is NOT changed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Skip sending state message due to same state message already exists. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Firewall provider is installed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Installed firewall provider meet the requirements. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  This is the WindowsUpdate.log when I try to push the new EP client.
  2015-01-14 11:24:13:651 7416 1c44 Handler :::::::::
  2015-01-14 11:24:13:651 7416 1c44 Handler : Updates to install = 1
  2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Command line install completed. Return code = 0x8004ff25, Result = Failed, Reboot required = false
  2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Exit code = 0x8024200B
  2015-01-14 11:24:21:716 7416 1c44 Handler :::::::::
  2015-01-14 11:24:21:716 7416 1c44 Handler :: END :: Handler: Command Line Install
  2015-01-14 11:24:21:732 7416 1c44 Handler :::::::::::::
  2015-01-14 11:24:21:794 1096 c18 Agent *********
  2015-01-14 11:24:21:794 1096 edc AU Can not perform non-interactive scan if AU is interactive-only
  2015-01-14 11:24:21:794 1096 c18 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
  2015-01-14 11:24:21:794 1096 c18 Agent *************
  2015-01-14 11:24:21:794 2296 fac COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
  2015-01-14 11:24:21:794 2296 fac COMAPI - Install call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
  2015-01-14 11:24:21:794 2296 fac COMAPI - Reboot required = No
  2015-01-14 11:24:21:794 2296 fac COMAPI - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
  2015-01-14 11:24:21:794 2296 fac COMAPI ---------
  2015-01-14 11:24:21:794 2296 fac COMAPI -- END -- COMAPI: Install [ClientId = CcmExec]
  2015-01-14 11:24:21:794 2296 fac COMAPI -------------
  2015-01-14 11:24:21:794 1096 1620 AU Can not perform non-interactive scan if AU is interactive-only
  2015-01-14 11:24:26:739 1096 1424 Report REPORT EVENT: {ED287668-4BEF-46FD-BB57-CA17680E5D3B} 2015-01-14 11:24:21:732+0100 1 182 101 {A90C3005-7B59-4268-8B11-12D9BE5C8EA0} 201 80070643 CcmExec Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Update for System Center Endpoint Protection 2012 Client - 4.5.216.0 (KB2952678).
  2015-01-14 11:24:27:207 1096 1424 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2015-01-14 11:24:27:207 1096 1424 Report WER Report sent: 7.5.7601.17514 0x80070643 A90C3005-7B59-4268-8B11-12D9BE5C8EA0 Install 101 Managed
  2015-01-14 11:24:27:207 1096 1424 Report CWERReporter finishing event handling. (00000000)
  Thanks in advance!

  Hello,
  According to
  kb2952678:
  To apply this update, you must have one of the following installed:
  System Center 2012 R2 Configuration Manager Cumulative Update 4 for System Center 2012
  Configuration Manager Service Pack
  Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for
  Forefront Endpoint Protection 2010
  Do you have Update Rollup 1 for Forefront Endpoint Protection 2010?
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Cisco ISE 1.2 and Symantec Endpoint Protection

  Hi Experts,
  Good Day!
  I'm just wondering if ISE 1.2 is able to detect an application/software in a laptop like the Symantec Endpoint Protection before giving the user an access to the network? Is it possible?
  I tried to searched over the internet however, I can't find any documentation about it.
  Thank you for your support.
  Cheers,
  Niks

  hello ,have you checked posturing service of ISE , with ISE posture service enabled you can check Antivirus Installation , Antivirus Version/ Antivirus Definition Date etc . Check the following link for different Posture Assessment Options  available
  http://www.cisco.com/en/US/partner/docs/security/ise/1.2/user_guide/ise_pos_pol.html#wp2276381

• Report to show Endpoint Protection last time updated?

  Hello,
  I am trying to create a report to show the Endpoint Protection version and the last time it updated. I found this page of different views but non of them include last update:
  http://technet.microsoft.com/en-us/library/dn581986.aspx
  Does anyone know a way of doing this or is it not possible?
  Thanks

  For Custom End Point Report, You can check below link
  http://blogs.technet.com/b/configmgrteam/archive/2012/03/28/building-custom-endpoint-protection-reports-in-system-center-2012-configuration-manager.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Endpoint Protection error: The source folder for content does not exist.

  I have a single SCCM 2012 SP1 CU4 server running on Windows Server 2012.
  I have been using this for a little more than a month for Endpoint Protection and Windows Updates.
  I just recently started seeing that my Endpoint Deployment Package has Failed.  I click on "Content Status" and select the Endpoint package (which again shows Failed).  I click on "View Status" and I get this
  message in the "Error" tab:
  The source folder for content does not exist.
  The Asset Details point to the exact location  that does not exist:
  The source directory "\\<server>\updates\endpoint\6bd81fde-3a3f-4aa9-bf70-ba007891ca68" for package "<package>" does not exist. 
  I didn't change anything related to this, and that directory path (\\server\updates\endpoint) is
  shared and is populated with a lot of other folders. 
  Is this possibly just a bad update file?  Should I manually create that sub-folder that it says is missing?
  Any help would be great!  Thanks!

  Thanks for the quick reply, Torsten.  (I often forget which logs to check for certain things).
  There are six lines (3 errors -- in italics below) in the log around the same time frame.  They read:
  The source directory \\sccm-corp\updates\endpoint\6bd81fde-3a3f-4aa9-bf70-ba007891ca68 doesn't exist or the SMS service cannot access it, Win32 last error = 2    SMS_DISTRIBUTION_MANAGER    5/27/2014 11:54:46 AM  
   5920 (0x1720)
  STATMSG: ID=2306 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SCCM-Corp.pdcarea.lcl SITE=PDC PID=6008 TID=5920 GMTDATE=Tue May 27 16:54:46.962 2014 ISTR0="\\sccm-corp\updates\endpoint\6bd81fde-3a3f-4aa9-bf70-ba007891ca68" ISTR1="PDC00063"
  ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PDC00063"    SMS_DISTRIBUTION_MANAGER    5/27/2014 11:54:46 AM    5920 (0x1720)
  Failed to take snapshot of one or more contents in package PDC00063    SMS_DISTRIBUTION_MANAGER    5/27/2014 11:54:46 AM    5920 (0x1720)
  CDistributionSrcSQL::UpdateAvailableVersion PackageID=PDC00063, Version=10, Status=2302    SMS_DISTRIBUTION_MANAGER    5/27/2014 11:54:46 AM    5920 (0x1720)
  STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SCCM-Corp.pdcarea.lcl SITE=PDC PID=6008 TID=5920 GMTDATE=Tue May 27 16:54:46.990 2014 ISTR0="Endpoint Protection Definition Updates" ISTR1="PDC00063" ISTR2="" ISTR3=""
  ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PDC00063"    SMS_DISTRIBUTION_MANAGER    5/27/2014 11:54:46 AM    5920 (0x1720)
  Failed to process package PDC00063 after 33 retries, will retry 67 more times    SMS_DISTRIBUTION_MANAGER    5/27/2014 11:54:47 AM    5920 (0x1720)

• SCCM 2012 Endpoint Protection initial update not downloaded

  Hi,
  I'm new to SCCM 2012. I recently started deploying the Endpoint  Protection to all of clients (Windos 7 and XP Pro). 
  I've noticed that some clients have not been updating their initial definitions after the Endpoint Protection Software is installed. 
  Since they are not updating their detonation the client remains unprotected with the status icon in red.
  The odd thing is that some of our computers do the initial update just fine while others are effected. 
  Also if I click update manually then the update goes through no issue, but with 100+ clients not updated its not something I want to do manually. 
  The clients are set to receive auto updates via a auto deployment rule. 
  Also the antimalware policy is set to do updates as well in this order: 
  Config Mgr
  WSUS
  Microsoft Malware Protection Center
  Microsoft Update
  Has anyone seen this before? 
  If I need to upload any specific logs just let me know. 
  Many Thanks

  Do you have Software update configured (and working) thru ConfigMgr or using a standalone WSUS?
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund |
  Mastering ConfigMgr 2012 The Fundamentals

• Steps to install Forefront Endpoint Protection 2010?

  I've been searching on how to install Forefront Endpoint Protection 2010 on a Windows Server 2012 R2 Server.  I can't seem to find anything about this.  Can someone tell me the steps I need to take.  I installed SQL 2012, then SCCM
  2012, but when I launch the Forefront 2010 installer its saying it can't find SCCM 2007.  I take it its not supported in Forefront 2010? Anyways, if there are instructions on how to install the Endpoint Protection and Exchange Online protection I'd appreciate
  it.  
  Fernando

  Hi,
  In SCCM 2012 Endpoint Protection 2012 is integrated so you cannot install FEP 2010 in it. Add the Site System role called "Endpoint Protection" on your Primary site server, CAS if you use a CAS and then you are good to go.
  the steps are described here:
  http://blogs.technet.com/b/anilm/archive/2012/02/19/how-to-enable-configuration-manager-2012-endpoint-protection.aspx
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Using the pre-configured SCCM 2012 SP1 endpoint protection templates for Exchange 2010?

  I am looking to update the exclusions for SCCM Endpoint Protect clients performing server AV protection on Exchange 2010 nodes.
  Within SC there are a number of pre-defined templates, including ones for Exchange 2007 / 2010. However when I analyse these they do not appear to list all the exclusions that the Exchange product team define on TechNet -
  http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx
  So do I;
  1 - Use the template as it has been verified by Microsoft for using with Exchange 2010 and it covers all I need to exclude?
  2 - Edit the template, adding in the additional exclusions as defined by the Exchange product team?
  Would whichever logic I use apply to other templates, such as SQL, SharePoint, etc as well?
  Thank you
  Alan

  As I cut and pasted the xml file I noticed the following comment that I had missed before..........
          <!-- Exchange -->
          <!-- Exchange Server 2010 exclusions are defined in TechNet bb332342 -->
          <!-- Although the exclusions defined in the article work, testing showed that they exceed what is necessary-->
  Still going with adding the full recommended list from TechNet though

• What purpose is the Data field in the registry on an individual file extension exclusion in Endpoint Protection?

  File extension exclusions for System Center Endpoint Protection are at
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Extensions
  and consist of a REG_DWORD value, named as a file extension such as .mdf, and a corresponding Data element, which always appears to be 0x00000000
  Can this data value ever be anything else, and if so, what are the possible values and their meanings? If not, I'm curious why not just make it a REG_SZ and leave it blank, rather than a data type that requires a value.

  The data field is always 0x00000000. I think other values would be ignored. Only the Name field seems to be important.
  The funny thing is that the exclusion entry can be a REG_SZ and it will work just the same. In fact, if you use the tool that creates a GPO to deploy EP policy instead of using ConfigMgr, the entries are created as REG_SZ instead of DWORD.
  I'm not sure why both methods are used, but the antimalware engine seems to interpret them the same.

• Endpoint Protection Antimalware Policy SQL 2008

  We use SCCM 2012 to manage our antimalware solution (SCEP). We created policies for different servers for example SQL server 2008 R2. We created Endpoint Protection Antimalware policy SQL 2008:
  To prevent performance issues MS reccomends to exclude some processes from virus scanning:
  %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe
  %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe
  As you can see we currently use MSSQLSERVER as instance name.
  Because we use many different SQL instances we need to restrict the ammount of policies to one and don't want to create seperate policies for different SQL instances. Is it possible to use some kind of wildcard, like: %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.*\MSSQL\Binn\SQLServr.exe,
  where instance name is * ?
  Is it also possible to monitor the scan status real time? I would like to see which files are being scanned when starting a quick/full scan. From within the SCEP client it isn't possible.
  Hope you could help me out.
  Sacha

  Hey
  Thanks for the post ,
  As i comprehension Your request  - I suggest You to exclude the Parent SQL folder : 
  %ProgramFiles%\Microsoft SQL Server
  It will exclude the all instances under the parent folder .
  For file process You have to provide full path name .
  "to see which files are being scanned when starting a quick/full scan"
  You have to create reporting on the sccm for that :
  http://technet.microsoft.com/en-us/library/gg712698.aspx
  I'd be glad to answer any question

• Symantec Endpoint Protection 12.1 and Peopletools 8.53

  Hello,
  We're currently enabling virus scan for PT 8.53 with Symantec Endpoint Protection (SEP) v12. However, we are unable to configure it correctly. Our set up looks like this:
  * PS webserver is insatalled on server 1, this is where we configure the virusscan.xml file
  * SEP 12 is installed on a separate server, server 2. client and SEP manager is installed on this server.
  * OS is Windows 2008 R2 64-bit for both servers.
  May I know if  anyone here have successfully used SEP for scanning attachments?
  Unfortunately, as per oracle, only symantec scan engine was verified to work with peoplesoft, other versions are still not tested to work.
  another question is, what should be the value for the virusscan.xml parameters below?
      <Provider>
       <name>SymantecManagementClient</name>
      <class>psft.pt8.virusscan.provider.GenericVirusScanProviderImpl</class>
      <icapversion>ICAP/1.0</icapversion>
      <service-name>/SmcService</service-name>
      <policycommand>?action=SCAN</policycommand>
      <address>server2</address>
      <port>8014</port>
      <disable>false</disable>
       </Provider>
  we've mixed and matched the available service names from server 2, but we are still getting the error below:
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.ICAPClient connectAndCheckOptions
  INFO: Input OPTIONS Header = OPTIONS icap://server2:8014/SmcService ICAP/1.0
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.ICAPClient connectAndCheckOptions
  INFO: OPTIONS recieve header= HTTP/1.1 200 OK
  Date: Tue, 10 Sep 2013 15:14:19 GMT
  Server: Apache
  Allow: GET,HEAD,POST,OPTIONS
  Content-Length: 0
  Connection: close
  Content-Type: text/plain
  ICAP header = ICAP/1.0 200
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.ICAPClient scanStream
  SEVERE: Unable to connect to the Scan server SymantecManagementClient; Reason = CONNECTERROR
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.VirusScanProviderManager scanStream
  INFO:  Scanning completed using provider = SymantecManagementClient Provider classname = psft.pt8.virusscan.provider.GenericVirusScanProviderImpl
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.VirusScanProviderManager scanStream
  INFO: Finish Scanning Request.
  port 8014 is the client communications port for SEP and its the only port that gives us a response (INFO: OPTIONS recieve header= HTTP/1.1 200 OK..etc), when we try other ports we get a "SEVERE: Unable to connect to SymantecManagementClient" message on this line.
  Hoping for your responses, thank you in adance for your help.

  Hello,
  Just to give an update. We were able to make this work but we used Symantec Protection Engine for Cloud Services instead. Also, for anyone having problems with the parameters - we used the exact same parameters listed in Peoplebooks or on the delivered virusscan.xml file, just update the IP address. We also saved the xml file on both the Portal.war and PSIGW.war directories.

• Locally check how Endpoint Protection client gets updates

  Hi,
  I'm in the middle of a large deployment of SCEP (ahem) System Center 2012 Endpoint Protection, and I've come across an interesting question. Is it possible to determine the method the local SCEP client used to obtain it's most recent definitions update?
  The background here is that our clients are set to obtain updates from the SCCM server, and only from the Internet as a last resort after 12 hours of failure. However, during one recent deployment, the local team reported a spike in their Internet traffic
  and believe several hundred SCEP clients updated via the Internet. Is it possible to verify this locally from log files on the computer or some other method?
  This is an issue for some of our locations where Internet bandwidth is at a premium, but we have good internal WAN links.
  Kind regards,
  Matt

  Hi,
  We could configure Definition Update sources under Antimalware Policy.
  How to Configure Definition Updates for Endpoint Protection in Configuration Manager
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Pre-Install Endpoint Protection

  Good morning.
  We have a large number of Windows 8.1 Tablets used by our students. At the end of each course the Tablets are removed form Intune, Re-Imaged and rejoined back to Intune.
  The only thing that's causes us a headache is the amount of time it takes to download the Endpoint Protection.
  Is it possible to pre-install Endpoint Protection, then when re-joining Intune it just pulls down the latest definitions.
  The image we use is updated, Windows and software updates etc, prior to being deployed to the Tablets.  
  TIA
  Mick
  PS. Just been thinking, Windows 8.1 Defender looks exactly like Endpoint Protection, so is Intune just using Defender, renaming it and updating it. If so I could just update Defender to the latest definitions .
  Would that work!!!!!

  PS. Just been thinking, Windows 8.1 Defender looks exactly like Endpoint Protection, so is Intune just using Defender, renaming it and updating it. If so I could just update Defender to the latest definitions .
  Would that work!!!!!
  No. That wouldn't work. The Endpoint Protection client is required and is not the same as Windows Defender.
  As for the length of time it tales to enrol, install EP and download the updates, that can be a pain. When I'm doing this I make sure that the devices are using WiFI rather than mobile networks to speed up the process. Then the process really doesn't
  take long at all. Other than that there is nothing much that can be done.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• System Center Endpoint Protection creates TEMP Folders / Reinstallation not possible

  Hi all,
  After I updated from SCCM 2012 RTM to SCCM 2012 R2 CU2 I have an issue on several Servers, which havin System Center Endpoint Protection 2012 installed (provided through SCCM Agent).
  There are hourly Temp Folders created in C:\Windows\...:
  The Temp-Folders are including SCEP 2012 Content...
   This files are filling up my System drive C:\. I always have to delte those files.
  I think System Center Endpoint Protection is trying to reinstall or update itself, and failes...
  If I try to uninstall "System Center 2012 Endpoint Protection" manually from the sever, i get the following popup (file not found):
  I cannot find the correct Version of this msi-File "fepclient.msi", so I click Cancel, and then I get the Error 0x8007064C (Cannot complete uninstall wizard).
  I have this Problem on 4 different Servers right now (FileServer, two Citrix Server, SCCM-Server).
  I tried several steps on the SCCM Server:
  - Manual Uninstall
  - Re-Installation with "scepinstall.exe" from the SCCM Client Source (same error)
  - Re-Installation from SCCM Console (Push)
  I am not getting rid of this error... I do not want to delete registry keys and testing arround because this are productive Servers... Any ideas how to resolve this one???
  If you Need more Details about the infrastructure / OS, just ask.
  Patrik

  Reinstalling the SCCM Agent did not help to get any additional log-Information.
  But I did no found a log-file in C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.5.216.0_epp_install.log
  I find the following warnings / Errors:
  TEMP Folder which is created in C:\Windows\...:
   MSI-Missing:
  But that does not really help me...