FEP 2010 Implementation Notes/Concerns

Similar Messages

• FEP 2010 - Email alerts not sended (Test-Emails are Successful)

  Hello,
  I got a FEP 2010 environment that is integrated with SCCM 2007.
  The "Test email alert" is sent successfull. But there is no email-alert sent when a FEP-client gets MallWare. (The MallWare is only removed and this is shown in the event viewer of the client
  & the reports on the FEP Server).
  Worth to meantion is that the Alerts stopped to work after a reinstall of IIS and Reporting Services.
  In the Event Viewer of the server running FEP, the "Forefront Endpoint Protection" log keep saying:
  Error, FepSrv, 3004
  Alerts manager failed
  Error recieved:
  MalwareDetectionAlertResultComputerName
  And one/two minutes later it says:
  Information, FepSrv, 3005
  Alerts manager succeeded after failure
  I have tried the "FEP Best Practices Analyzer (BPA)" and I got the result "0 items NonCompliant" and it showed that Alerts where configured correctly.
  I don't know what more to troubleshoot, do you have any ideas?
  Best Regards,
  Anders

  Hi Jörgen,
  Thank you for the answer, but the SQL Agent is up and running and there's no errors.. 
  The workflow seems to work properly, except the "FEPSrv" who can't find events that would trigger alerts.
  (If I run a report on the FEP-server, the report contain info about the clients who's been exposed to MalWare - And MalWare info)
  The "Update Rollup 1 for forefront endpoint protection 2010" ( http://www.microsoft.com/en-us/download/details.aspx?id=26583 )  has not been implemented, can this be
  a possible reason to why the alerts not function properly?
  Regards,
  Anders

• FEP 2010 (SCCM 2007 R3 win2K8 R2) - quick scan run but 'Potentially unprotected'?

  Hi there,
  I have been deploying FEP 2010 via SCCM 2007 R3 for a couple months.  I have a FEP policy that indicates it should do a Quick Scan daily at a specified time and a Full Scan on Fridays.  The GUI on the FEP client indicates the computer is "Potentially
  unprotected" - yet also indicates the last scan was today at 6:45AM (as the policy dictates).  The GUI says 'You haven't run a scan on your computer for a while...."
  Is there a way I can keep the FEP client from doing this - it will cause questions/concerns when the FEP shield is not green.  Alternately - what might I have configured incorrectly?
  Thank you.

  When this message appears, try run a full system scan and see whether it disappears or not.

• FEP 2010

  Hi,
  I have few queries in FEP 2010
  1. Conficker virus is frequently reappearing on the FEP clients even after removal. How to get rid of this completely.
  2. Unable to specify the override on the policy as it says "the specified threat could not be found in the definitions. Verify that forefront endpoint protection has the most up to date definition" even though the definitions are up to date.
  3. Frequent failure of
  SQL Server Scheduled Job 'FEP_GetNewData_FEPDW_XXX' . as per the article
  http://blogs.technet.com/b/clientsecurity/archive/2011/01/24/fep-data-collection-job-fails-periodically.aspx  it says
  known issue. Does installing update rollup1 fix this issue.
  4. Reporting part- The subreports  (antimalware protection history) are showing when we select  report time span for
  DAY  but when we select it as WEEK its displaying with error "Subreport could not be shown". As seen from article
  http://blogs.technet.com/b/clientsecurity/archive/2011/05/19/forefront-endpoint-protection-fep-2010-fep-reports-may-not-display-properly.aspx  Does installing Cumulative Update Packages for Microsoft SQL Server 2008 solves this issue.

  Enforce an update and run a full system scan in those infected clients and if problem persist, use Windows Defender Offline and boot into those PCs and run a full system scan:
  http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
  Make sure Windows Update is running and they are update.

• Deploying SCEP 2012 over existing FEP 2010

  I need to upgrade FEP 2010 to SCEP 2012 through SCCM. FEP was installed via SCCM 2007, and machines will not upgrade to the SCEP client. New builds pick up SCEP without incident from Config Manager.
  I've read about a migration process from 2007 to 2012, but the docs aren't clear.
  I have build an Application using FEPInstall.exe, then used the Supersedence option to uninstall. The Application deploys to the workstation, but sits in a "Waiting for content" category under Monitoring with a status of "In Progress"
  Does anyone have any experience with this process, and can you share the steps involved with migrating?

  Hi,
  >>You mentioned the Forefront Endpoint Policy. Are you referring to SCCM policy, or a group policy?
  He is referring to SCCM Policy. SCCM Console->Administration -> Client Settings -> properties -> Endpoint Protection.
  >>As of this morning, the Software Center is now showing an Installation Status of Downloading. Sitting at 0%.
  Please check CAS.log, LocationServices.log, ContentTransferManager.log and DataTransferService.log on the client. (C:\Windows\CCM\Logs)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• "No action " Status in FEP 2010 Report

  Hi Team,
  We need a clarification about the FEP 2010 options as below:
  Our internal security team raised an Point that what does "No action" actions specify here,which notified in FEP reports.
  There it says 1 system status is "No action",however there is no hyperlink to check which one is the system. 
  Whether FEP not able to qurantined the Malware or if any.
  Please help us in understanding in this ( No action, Incident 7 computers) Whether this means system is clean or not.
  Actions   Incidents   Computers 
  Failed   0   0 
  Removed   0   0 
  Quarantined   19   9 
  Cleaned   0   0 
  Allowed   0   0 
  No Action   1   1 
  Blocked   0   0 
  Regards
  Sudam Bisi
  Cognizant technology Solutions

  Hi,
  No Action means no action defined
  For more information:
  http://social.technet.microsoft.com/Forums/forefront/en-US/c99390b4-4929-41e3-ac2c-6a5675b5e75a/forefront-endpoint-protection-antimalware-action
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• MATP- error after implementing note

  Dear All,
  We are working on MATP scenario. After configuring all the necessary settings we run availability check in simulation.
  Initially when we ran availability check for small quantity, it was confirming in APO ( In ATP simulation). But while providing larger quantity, it was showing an ABAP error.
  At the same time in R3, system gave an error saying u201Cerror in calling up function u201CBAPI_APOATP_CHECKu201D in APO server XYZ a calculation field is defined too smallu201D while checking availability for larger quantity.
  To overcome this situation, we had implemented a note u201C1005131u201D. Now the dump in APO and error message in R3 is not coming, but it not confirming orders.
  (When we check materials availability in R3, missing part button does not appear but at the same time system does not confirm any quantity)
  Have anyone of you have faced similar situation? Please reply if anyone has any clue regarding this issue.
  We are using SCM 7.0
  Regards,
  Nitesh

  Hi Nitesh,
  Are you using phantom assemblies ?
  There can be a  error during PDS  explosion that causes the error. We faced the same error and implemented note 1147324.
  Please implement note 1147324
  Thanks,
  Pavan Verma
  Edited by: Pavan Verma on Jan 21, 2010 11:38 PM

• Secured webservice java net socketexception ssl implementation not avail

  Hi all,
  i am trying to call a secured webservice (which has authentication and trusted certificate) from plsql by using a java stub generated using JDeveloper 10.1.
  I called the java method using a wrapper procedure for the java class in plsql.
  While trying to call the webservice i am gettting the following exception
  SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: SSL >>implementation not available; targetException=java.lang.IllegalArgumentException: Error opening socket: >>java.net.SocketException: SSL implementation not available
  *** 2010-02-06 18:32:14.155
  at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:436)
  at org.apache.soap.messaging.Message.send(Message.java:125)
  The problem happens only when i call a secured webservice, whereas i can able to call the certificate less common webservices. Please provide a way to proceed.
  Thanks,
  Ramesh.R

  The name of this forum is "Database - General" not "Java and SOAP and stuff"
  Please change the subject to "Please Ignore" and post in the correct Java group.
  Thank you.

• Is the Trojan (Gen:Variant.Graftor , W32/Injector.AWSE!tr ) detected by FEP 2010?

  Hello,
  My security team wants to know if the Trojan (Gen:Variant.Graftor , W32/Injector.AWSE!tr ) is detected by FEP 2010. If yes, could anyone provide the link.
  Regards,
  Tarani Mishra

  Ok, well, I was going by this part in the link I posted for Trojan:Win32/Yayih.A:
  This threat is also detected as:
  Win-Trojan/Yayih.4861440 (AhnLab)
  Trojan.Win32.AntiAV.ptv (Kaspersky)
  Trojan.AntiAV!zoXUT5UuOF4 (VirusBuster)
  Gen:Variant.Graftor.15447 (BitDefender)
  Trojan.Win32.Yayih (Ikarus)
  Searching by the PostenTracking.exe name, I found this:
  https://www.virustotal.com/en/file/66f54dc5d5ee2f0d6aceb49d5fbab94e272b780f3105cf7e02a3ddaa41f2a3fc/analysis/
  Which indicates that Microsoft products are not yet detecting it.
  If you are experiencing this malware in your environment and it's not being detected, you should submit a sample so Microsoft can get it added to the definitions...
  https://www.microsoft.com/security/portal/submission/submit.aspx

• Is FEP 2010 capable of securing computer against the man-in-the-middle attack?

  Hello
  Just would like to know if FEP 2010 is capable of preventing man-in-the-middle attack on computers with it installed?
  Thanks

  It is not the job of FEP or other Anti-Malware product to protect you against man-in-middle attacks, as it is not purpose of design of Anti-Malware. However, some of Man-in-Middle attacks are being blocked by Network Inspection System (NIS), which means
  if FEP detects any malicious package on a network which match signature of NIS , it will block it.
  Browser plays a very important role in blocking Man-in-Middle attack, for example if you use Internet Explorer, you have a better protection against this type of attack, take a look at:
  http://ie.microsoft.com/testdrive/Browser/MixedContent/Default.html

• FEP 2010 Antimaleware action reports showing blank

  Hi,
  We have configured FEP 2010 with SCCM 2007. Every reports was working but suddenly now antimaleware action report showing blank for last week.
  When checked FEP dashboard it shows infected systems but its report is coming blank.
  So please help.

  Hi,
  The FEP DashBoard shows the data that is active in SCCM, the historical data and more in depoth reports are genrated from another database the FEP Datawarehouse, There are SQL Agent tasks that synchrinise this data and normally this error is caused by a
  problem whit these jobs. Here is a post on the error and where to start to look.
  http://social.technet.microsoft.com/Forums/forefront/en-US/57375e2c-6785-4680-a86e-99324afb4388/fep-reports-history-not-working-fepgetnewdatafepdw111-sql-job-fails?forum=FCSNext
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Who implements notes using SNOTE in your organization?

  Hi,
  We are having a small argument at my company.
  We often have to implement notes using transaction SNOTE on our DEV system. Basis staff are responsible to install those notes.
  Now, developpers would like to implement notes with SNOTE themselves.
  In your organization, who implements notes with SNOTE?
  thanks.

  Yes, to add more to my previous post... There are 2 types of notes we usually implement, functional fixes/enhancements and technical fixes/enhancements. For the functional SAP notes, a functional person requests the note to be downloaded and applied to development (or if the note makes major changes or causes concern this is done in a sandbox first) and a project lead approves the application of the note. For the technical SAP notes, these are usually the result of the Basis team having opened an OSS message and receiving a fix from SAP and these receive approval from the technical lead.
  In all cases, it is only the Basis team that applies the notes with SNOTE. We have several reasons for this:
  1. There are only a handful of Basis team members, so it is quite easy to secure the system so that only these individuals have the appropriate access to use SNOTE.
  2. This makes control much easier since everyone cannot download and implement SAP notes on a whim
  3. Ultimately, the stability and performance of a system are the responsibility of the Basis team (at least in my organization), so it is better (in our opinion) to have the Basis team own the application of SAP notes so we are aware of any/all changes to the system. This is also why only the Basis team is responsible for installing transports in the production systems.
  4. Eventually the SAP notes will be included in a support pack and the Basis team will the ones applying the maintenance, so it seems more consistent to treat SNOTE the same way
  Brian

• Document splitting: Items for clearing 0010/100062508/2010/001 not found

  HI Gurus,
  I hava issue with FC valuation. I have done configurtin for FC Valuation of GL A/c i.e, Long Term loan paybles which is created as Open Item management.
  It is working fine post the entries at the end of May and reversed  the same on 01.06.2010 in development system. i have moved saem request to Acceptance client and testing the same scenario.  But i am getting the following error.
  "Document splitting: Items for clearing 0010/100062508/2010/001 not found
  Message no. GLT0002
  Diagnosis
  Document splitting cannot perform clearing because it was not possible to find complete splitting information on the items to be cleared (company code 0010, document number 100062508, fiscal year 2010, item 001).
  System Response
  Clearing cannot be performed and the document cannot be posted.
  Procedure
  Exclude the affected item from clearing.
  It may be that this item was not posted with active document splitting. In this case, this item or document would have to be migrated."
  I have checked the docuemnt splitting config . In two systems it was same and doc.splitting was configurated very long back.
  Could any one help on the above error
  Thanks in advance
  PAVAN

  Hi Pavan,
  Please note the following, the error GLT0002 is normally caused by a change done in your customizing for splitting. Since you mentioned that this is happening for one company code, it seems to be that one change was made only for this company code in your SPRO settings.
  For example if you have activated open item managment subsequently on account or another example would be that you posted document prior to activation of document splitting.
  Please see section 5 of note 891144:
  Items posted while open item management was still inactive in G/L account master data cannot be cleared after open item management has been activated subequently if New G/L document splitting is active.
  Therefore, if document splitting is active, open item management should never be activated subsequently on accounts to which documents had already been posted with inactive open item management.
  Review note 891144 in full. I believe that this will help you resolve the issue.
  Best Regards,
  Vanessa.

• FEP 2010 install on Windows server 2012 R2

  I am trying to install FEP 2010 client on Windows server 2012 R2  from 2007 Server ( SP2 R3)
  FEP deployment package fails to install. Error in execmgr is 
  Program exit code -2147156220.
  Is there a way of installing FEP 2010 client on Windows Server 2012 R2 from SCCM 2007 ?
  Thanks

  Hi,
  Are you running FEP 2010 update rollup 1?
  https://blogs.technet.com/b/configmgrteam/archive/2013/09/16/support-questions-about-win-8.1-and-winsvr-2012-r2-for-configmgr-and-endpoint-protection.aspx
  And the latest version of the FEpinstall.exe which is updated with this hotfix
  http://support.microsoft.com/kb/2907566/en-us
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• A datasheet component compatible with Microsoft Sharepoint Foundation 2010 is not installed error

  I have 2013 Office installed and using 2010 SharePoint Foundation.
  The button 'Datasheet View' is available on the site but when clicked on I get this error:
  The list cannot be displayed in Datasheet view for one or more of the following reasons:
  - A datasheet component compatible with Microsoft SharePoint Foundation is not installed.
  - Your Web browser does not support ActiveX controls.
  - A component is not properly configured for 32-bit or 64-bit support.
  I have installed and repaired the Office Suite already, ActiveX is enabled in the browser etc.
  I have also enabled the Microsoft Add-ons.
  Installed on Windows Server 2008 R2.
  How can I solve this issue?

  Hi,
  1. The Edit
  in Datasheet view functionality in SharePoint Server 2010 is not supported if you install
  64-bit Office 2013 client. The Edit in Datasheet functionality
  is available if you install 32-bit Office 2013 client
  http://technet.microsoft.com/en-us/library/ee681792.aspx
  2. Edit in data sheet view is not supported in 64 bit version of the i.e.
  If I understand correctly you are trying to access site from the Windows server 2008 R2, the default OS installation will have two browsers. Open internet explorer that doesn't have (64 bit) in the bracket. The one with 64bit is not supported
  http://office.microsoft.com/en-us/sharepoint-foundation-help/use-datasheet-view-in-64-bit-office-2010-HA101882420.aspx
  Regards Murali