FEP 2010 (SCCM 2007 R3 win2K8 R2) - quick scan run but 'Potentially unprotected'?

Hi there,
I have been deploying FEP 2010 via SCCM 2007 R3 for a couple months.  I have a FEP policy that indicates it should do a Quick Scan daily at a specified time and a Full Scan on Fridays.  The GUI on the FEP client indicates the computer is "Potentially
unprotected" - yet also indicates the last scan was today at 6:45AM (as the policy dictates).  The GUI says 'You haven't run a scan on your computer for a while...."
Is there a way I can keep the FEP client from doing this - it will cause questions/concerns when the FEP shield is not green.  Alternately - what might I have configured incorrectly?
Thank you.

When this message appears, try run a full system scan and see whether it disappears or not.

Similar Messages

  • Migrating SCCM 2007 R2 database to SQL 2012

    Am I able to migrate my SCCM 2007 R2 database from SQL 2008 (running in 2005 compatibility mode) to SQL 2012? Is it even supported to run a 2012 instance with compatibility set to 2005? Or will I need to upgrade the database at some point to get this to
    Currently, my attempts fail and the errors in the ConfigMgrSetup.log suggests an issue with compatibility:
    Incorrect syntax near '99900'. : ins_upd  
    Incorrect syntax near '99901'. : ins_upd 
    -which led me to a hotfix (http://support.microsoft.com/kb/2676776) that, upon installing, indicated that it failed to completely install. 
    For whatever it's worth, the SCCM server is running 2008 x64 and the SQL server is 2008 R2. 

    See the caveats at http://technet.microsoft.com/en-us/library/ee344146.aspx listed under the SQL Server Site Database Configurations section:
    "To use SQL Server 2012 to host the site database, you must install the following updates as described in the Microsoft
    Knowledge Base:
    Article 2676737 
    Article 2676776 
    Additionally, to use SQL Server 2012 for the site database, you must upgrade the instance of SQL Server in use at a site from SQL Server 2008 or SQL Server 2008 R2 to SQL Server 2012. It is not supported to install a new Configuration
    Manager 2007 SP2 site with SQL Server 2012. It is also not supported to install Configuration Manager 2007 R3 when SQL Server 2012 is in already in use for the site database."
    Jason | http://blog.configmgrftw.com

  • Purchased Quick Scan App for my i5 and didn't inittialy set up location option

    Purchased Quick scan App but didn't enable location services need to find out how to enable?

    You can also copy the files manually to the Firefox Profile Folder on the other computer.

  • For Your Consideration: Ultimate Lync 2010 client install with SCCM 2007

    While the subject of my post may be very presumptuous, I submit the following for your consideration to answer the often-asked question about how to deploy Lync 2010 client with SCCM.
    I cannot understand why Microsoft made the Lync install so darned confusing, complex, and convoluted.
    After our Lync 2010 FE server was up and running and all users migrated off our OCS server to the Lync environment, I spent about a month and a half trying to figure out how to:
    1.  Uninstall the OCS 2007 R2 client
    2.  Install all prerequisites for the Lync client
    3.  Install Lync on all user workstations silently.
    While researching this, the simple answer I kept seeing given to this question was, "just use the .exe with the right switches according to the TechNet article here: http://technet.microsoft.com/en-us/library/gg425733.aspx".  Well, my response is, I
    tried that and while the program installed itself correctly pushed through SCCM, because I was doing it using an administrative account (i.e. the SYSTEM account) due to our users not having admin rights, when the install was done, Lync would automatically
    start up, but in the SYSTEM context so that the user couldn't see it was running, they go to run it and it won't run for them.  I was unable to find any switch or option to prevent the automatic launch.  I suppose the simple solution to that would
    be to have the user reboot, but that's unnecessarily disruptive and was contrary to the desire to make this a silent install.
    The next simplest answer I saw was, "extract the MSI and use that with the right switches".  Problem with that is that the MSI by itself doesn't remove the OCS client or install the prerequisites, and also either requires a registry change to even allow
    the MSI to be used or a hacked MSI that bypasses the registry key check.  I tried to put a package together to uninstall OCS, install the prereqs, and use a hacked MSI, but I never could get the MSI hacked properly.  The other problem I ran into
    was detecting if the OCS client was running in a predictable way so I could terminate it, properly uninstall it, and then do the rest of the installations.  It was this problem that ultimately led me to the solution that I'm about to detail and that has
    worked marvellously for us.
    As I said before, when I first looked at this problem, I started by building a typical software deployment package (Computer Management -> Software Distribution -> Packages) and then created the programs to do the install.  My first attempt was
    just with the .exe file provided as-is by Microsoft using the switches they document in the link above for IT-Managed Installation of Lync, and...well, the end result wasn't quite as desirable as hoped.  So, my next attempt was to extract all the prerequisite
    files and the Lync install MSI (both for x86 and x64), attempt to hack it to get around the "UseMSIForLyncInstallation" registry key, and make the command-lines to terminate OCS and uninstall it.
    In the past when I had an install to do with SCCM that also required uninstalling an older version of a given application, I typically used the program-chaining technique.  That's where you have, for example, 3 or more programs that run in a package
    in a sequence and you have Program 3 be set to run after Program 2 does and then set Program 2 to run after Program 1 so you get the desired sequence of Programs 1-2-3 running in that order.  So, I created programs to 1) kill Communicator.exe 2) uninstall
    Communicator 2007 R2 by doing an "msiexec /uninstall {GUID}" 3) install Silverlight 4) install Visual C++ x86 5) optionally install Visual C++ x64, and then 6) install the Lync x86 or x64 client.  That final step was always the point of failure because
    I couldn't get the hacked MSI for the Lync Client install to work.  I also realized that if Communicator wasn't running when the deployment started, that step would fail and cause the whole process to bail out with an error.  That's one of the downsides
    of program-chaining, if one step fails, SCCM completely bails on the deployment.  This is what also led me to the key to my solution:  TASK SEQUENCES.
    I'm not sure how many people out there look in the "Operating System Deployment" area of SCCM 2007 where Task Sequences normally live, but I also wonder how many people realize that Task Sequences can be used for more than just Operating System deployments. 
    One of the biggest advantages of a task sequence is you can set a step to ignore an error condition, such as if you try to terminate a process that isn't running.  Another advantage is that task sequences have some very good built-in conditionals that
    you can apply to steps, for example, having the sequence skip a step if a certain application (or specific version of an application) is not installed on the machine.  Both of those advantages factor highly into my solution.
    OK, for those who already think this is "TL;DR", here's the step-by-step of how to do this:
    First, you need to extract all the files from the LyncSetup.exe for your needed architectures.  We have a mix of Windows XP and Windows 7 64-bit, so my solution here will take both possibilities into account.  To extract the files, just start up
    the .exe like you're going to install it, but then when the first dialog comes up, navigate to "%programfiles%\OCSetup" and copy everything there to a new location.  The main files you need are: Silverlight.exe, vcredist.exe (the x64 LyncSetup.exe includes
    both x86 and x64 Visual C++ runtimes, you need them both, just rename them to differentiate), and Lync.msi (this also comes in an x86 and x64 flavor, so if you have a mix of architectures in your environment, get both and either put them into their own directories
    or rename them to reflect the architecture).
    For my setup, I extracted the files for the x86 and x64 clients and just dumped them each into directories named after the architectures.
    Next, move these files into a directory to your SCCM file server, whatever it might be that you deploy from, in our case, it was just another volume on our central site server.  Go to the SCCM console into Computer Management -> Software Distribution
    -> Packages and then create a new package, call it something meaningful, and then point to the directory on your SCCM file server for the source files.
    Now you need to create 3 to 5 programs inside the package:
    1.  Name: Silverlight
       Command Line: x86\Silverlight.exe /q     (remember, inside my main Lync install folder on my distribution point, I have an x86 directory for the files from the x86 installer and an x64 folder for the files from the x64 installer. 
    The fact is the Silverlight installer is the same in both, so you only need one of them.)
       On the Environment tab:  Program can run whether or not a user is logged in, runs with administrative rights, Runs with UNC name
       On the Advanced tab:  Suppress program notifications
       All other options leave default.
    2.  Name:  Visual C++ x86
        Command Line:  x86\vcredist_x86.exe /q
       On the Requirements tab: Click the radio button next to "This program can run only on specified client platforms:" and then check off the desired x86 clients.
       Environment and Advanced tabs:  same as Silverlight
       (If you have only x64 clients in your environment, change all x86 references to x64.  If you have a mixed environment, create another program identical to this one, replacing references to x86 with x64.)
    3.  Name:  Lync x86
        Command Line:  msiexec /qn /i x86\Lync.msi OCSETUPDIR="C:\Program Files\Microsoft Lync"  (The OCSETUPDIR fixes the issue with the Lync client wanting to "reinstall" itself every time it starts up)
        Requirements, Environment, and Advanced tabs:  Same as with Visual C++ and Silverlight
        (Same deal as above if you have all x64 clients or a mix, either change this program to reflect or make a second program if necessary)
    Now you need to make the Task Sequence.  Go to Computer Management -> Operating System Deployment -> Task Sequences.  Under the Actions pane, click New -> Task Sequence.  In the Create a New Task Sequence dialog, choose "create a
    new custom task sequence", Next, enter a meaningful name for the task sequence like "Install Microsoft Lync", Next, Next, Close.
    The task sequence will have up to 12 steps in it.  I'll break the steps down into 3 phases, the prereqs phase, uninstall OCS phase, and then Lync install phase.
    Prereqs Phase:
    These are the easiest of the steps to do.  Highlight the task sequence and then in the Actions pane, click Edit.
    1.  Click Add -> General -> Install Software.  Name: "Install Microsoft Silverlight".  Select "Install a single application", browse to the Lync package created earlier and then select the Silverlight program.
    2.  Add -> General -> Install Software.  Name: "Install Microsoft Visual C++ 2008 x86".  Install Single Application, browse to the Lync package, select the Visual C++ x86 package.
    As before, if you're an all-x64 environment, replace the x86 references with x64.  If you have a mixed environment, repeat step 2, replacing x86 with x64.
    3.  Add -> General -> Run Command Line.  Name: "Enable Lync Installation".  This step gets around the UseMSIForLyncInstallation registry requirement.  The Lync client MSI simply looks for the presence of this key when it runs, so
    we'll inject it into the registry now and it doesn't require a reboot or anything.  It just has to be there before the client MSI starts.
    Command Line: reg add "hklm\Software\Policies\Microsoft\Communicator" /v UseMSIForLyncInstallation /t REG_DWORD /d 1 /f
    Uninstall OCS Phase:
    This part consists of up to 6 Run Command Line steps.  (Add -> General -> Run Command Line)
    4.  Name: "Terminate Communicator".  Command Line: "taskkill /f /im communicator.exe".  On the Options page, check the box next to "Continue on error".  This will terminate the Communicator process if it's running, and if it's not, it'll
    ignore the error.
    5.  Name: "Terminate Outlook".  Command Line: "taskkill /f /im OUTLOOK.exe".  Check the "Continue on error" on the Options page here too.  Communicator 2007 hooks into Outlook, so if you don't kill Outlook, it might prompt for a reboot
    because components are in use.
    (NOTE:  If necessary, you could also add another step that terminates Internet Explorer because Communicator does hook into IE and without killing IE, it might require a restart after uninstalling Communicator in the next steps.  I didn't run into
    this in my environment, though.  Just repeat step 5, but replace OUTLOOK.EXE with IEXPLORE.EXE)
    6.  Name: "Uninstall Microsoft Office Communicator 2007".  Command Line: "msiexec.exe /qn /uninstall {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /norestart" On the Options page:  Add Condition ->  Installed Software -> Browse to the
    Office Communicator 2007 non-R2 MSI -> select "Match this specific product (Product Code and Upgrade Code)".
    7.  Name:  "Uninstall Microsoft Office Communicator 2007 R2".  Command Line:  "msiexec.exe /qn /uninstall {0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4} /norestart".  On the Options page:  Add Condition -> Installed Software ->
    Browse to the Office Communicator 2007 R2 MSI -> select "Match any version of this product (Upgrade Code Only)".
    OK, I need to stop here and explain steps 6 and 7 in more detail because it was a gotcha that bit me after I'd already started deploying Lync with this task sequence.  I found out after I'd been deploying for a while that a tech in one of our remote
    offices was reinstalling machines and putting the Communicator 2007 non-R2 client on instead of the R2 client, and my task sequence was expecting R2, mostly because I thought we didn't have any non-R2 clients out there.  So, at first I just had our Help
    Desk people do those installs manually, but later on decided to add support for this possibility into my task sequence.  Now, when you normally uninstall something with msiexec, you would use the Product Code GUID in the command, as you see in steps 6
    and 7.  All applications have a Product Code that's unique to a specific version of an application, but applications also have an Upgrade Code GUID that is unique for an application but common across versions.  This is part of how Windows knows that
    Application X version 1.2 is an upgrade to Application X version 1.1, i.e. Application X would have a common Upgrade Code, but the Product Code would differ between versions 1.1 and 1.2.
    The complication comes in that Communicator 2007 and Communicator 2007 R2 have a common Upgrade Code, but different Product Codes and the "MSIEXEC /uninstall" command uses the Product Code, not the Upgrade Code.  This means that if I didn't have step
    6 to catch the non-R2 clients, step 7 would be fine for the R2 clients, but fail on non-R2 clients because the Product Code in the MSIEXEC command would be wrong.  Luckily, we only had one version of the non-R2 client to deal with versus 4 or 5 versions
    of the R2 client.  So, I put the command to remove Communicator 2007 non-R2 first and checked for that specific product and version on the machine.  If it was present, it uninstalled it and then skipped over the R2 step.  If non-R2 was not present,
    it skipped that step and instead uninstalled any version of the R2 client.  It's important that steps 6 and 7 are in the order they are because if you swap them, then you'd have the same outcome as if step 6 wasn't there.  What if neither is on the
    machine?  Well the collection this was targeted to included only machines with any version of Communicator 2007 installed, so this was not a problem.  It was assumed that the machines had some version of Communicator on them.
    8.  Name:  "Uninstall Conferencing Add-In for Outlook".  Command Line:  "msiexec.exe /qn /uninstall {730000A1-6206-4597-966F-953827FC40F7} /norestart".  Check the "Continue on error" on the Options Page and then Add Condition ->
    Installed Software -> Browse to the MSI for this optional component and set it to match any version of the product.  If you don't use this in your environment, you can omit this step.
    9.  Name:  "Uninstall Live Meeting 2007".  Command Line:  "msiexec.exe /qn /uninstall {69CEBEF8-52AA-4436-A3C9-684AF57B0307} /norestart".  Check the "Continue on error" on the Options Page and then Add Condition -> Installed Software
    -> Browse to the MSI for this optional component and set it to match any version of the product.  If you don't use this in your environment, you can omit this step.
    Install Lync phase:
    Now, finally the main event, and it's pretty simple:
    10.  Click Add -> General -> Install Software.  Name: "Install Microsoft Lync 2010 x86".  Select "Install a single application", browse to the Lync package created earlier and then select the "Lync x86" program.  As before, if you
    only have x64 in your environment, replace the x86 with x64, or if you have a mixed environment, copy this step, replacing x86 references with x64.
    And the task sequence is done!  The final thing you need to do now is highlight the task, click Advertise in the Actions pane, and deploy it to a collection like you would with any other software distribution advertisement.  Go get a beer!
    Some final notes to keep in mind:
    1.  You can't make a task sequence totally silent...easily.  Users will get balloon notifications that an application is available to install.  The notifications cannot be suppressed through the GUI.  I've found scripts that supposedly
    hack the advertisement to make it be silent, but neither of them worked for me.  It was OK, though because in the end we wanted users, especially laptop users, to be able to pick a convenient time to do the upgrade.  The task sequence will appear
    in the "Add/Remove Programs" or "Programs and Features" Control Panel.  You can still do mandatory assignments to force the install to happen, you just can't make it totally silent.  On the plus side, the user shouldn't have to reboot at any point
    during or after the install!
    2.  In the advertisement setup, you can optionally show the task sequence progress.  I've configured the individual installs in this process to be silent, however, I did show the user the task sequence progress.  This means instead of seeing
    5 or 6 Installer windows pop up and go away, the user will have a single progress bar with the name of the step that is executing.
    3.  One step that I didn't consider when I actually did this was starting the Lync client as the user when the install was complete.  The user either had to start the client manually or just let it start on its own at the next logon.  However,
    while I was writing this, I realized that I could possibly start the client after installing by making another Program in the Lync Package with a command line that was along the lines of "%programfiles%\Microsoft Lync\communicator.exe" and then in the Environment
    tab, set it to "Run with user's rights" "only when a user is logged on".
    4.  My first revision of this task sequence has the Prereqs phase happening after the OCS uninstall phase, but I kept running into problems where the Silverlight installer would throw some bizarre error that it couldn't open a window or something wacky
    and it would fail.  Problem was, I couldn't re-run the task sequence because now it would fail because OCS had been uninstalled, so that's why the Prereqs happen first.  It ran much more reliably this way.
    5.  For some reason that baffles me, when I'd check the logs on the Site Server to monitor the deployment, I'd frequently see situations where the task sequence would start on a given machine, complete successfully, almost immediately start again, and
    then fail.  I'm not sure what is causing that, but I suspect either users are going to Add/Remove Programs and double-clicking the Add button to start the install instead of just single-clicking it, or the notification that they have software to install
    doesn't go away immediately or Lync doesn't start up right after the install, so they think the first time it didn't take and try it a second time.
    I hope this helps some of you SCCM and Lync admins out there!

    On Step 8 I found multiple product codes for the Conferencing Add-In for Outlook.  Here's a list of the ones I found in the machines on my network:
    I'm sure there's others one, just be mindful that this add-in will have numerous product codes.

  • FEP 2010 Admin Template Breaks GPResult /H on SCCM 2012 clients

    We have both FEP 2010 clients, which are being managed by a GPO created from the FEP2010 Admin Template in our Central store, and SCCM 2012/SCEP clients which are being managed by
    SCCM but we have noticed when running GPResult /h on the SCCM clients, you get an error in the Administrative Template section:
    An error has occurred while collecting data for Administrative Templates.
    The following errors were   encountered:
    Registry   value "%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk" is of   unexpected type.
    We have discovered the SCCM/SCEP client local policy creates the exclusion paths in the registry as a DWORD but the FEP2010 Admin Template creates the exclusion paths
    as a REG_SZ on the FEP 2010 clients. When you run GPResult /h, the templates from the Central Store are used and since the value types are different on the SCCM/SCEP 2012 client, GPResult /H fail.
    The current work-around is to create a GPO using the FEP 2010 Admin Template with the exclusion paths that are the same as your SCCM 2012 settings and apply that GPO to the SCCM Clients. That changes the registry keys from DWORD to REG_SZ
    and GPResult start working again!!
    Running GPResult /Z also works!! 
    Any one else experience this behavior?

    I tried and found that the value type is different too. The DWORD value for Forefront Client also works, so the workaround you are currently using is applicable. Anyway, I will record the situation that the ADMX template has a different value type with SCEP
    policy value.
    Juke Chou
    TechNet Community Support

  • Problem deploying Office 2010 via SCCM 2007

    I have a problem with deploying Office 2010 to Workstations. 
    I did exactly as instructed settings: http://technet.microsoft.com/en-us/library/ff404178(v=office.14).aspx
    When you release it manually (I tested it) everything went fine but when I let you install via SCCM 2007 workstation, just run setup.exe and processes stuck there and nothing happens.I have no idea why setup.exe. What is wrong any ideas?
    (It does not matter who's office: 013,010,07)

    Are you using any silent key like setup.exe/s S  or setup/quite etc.. ??
    Kamala kannan.c| Please remember to click “Mark as Answer” or Vote as Helpful if its helpful for you. |Disclaimer: This posting is provided with no warranties and confers no rights
    No, should i? Microsoft does not say anything like that...  Name field,
    which in this example is named Office 2010 silent installation.
    In the Command line field,
    in this example type setup.exe.
    Of course I'll try but I do not suppose this helped ...

  • FEP Exemptions for SCCM 2007 Server

    I configured a policy for my SCCM 2007 site server and used the SCCM Server Template. It came populated with the %programfiles%\Microsoft Configuration Manager\Inboxes\*.box. I found today that my SCCM server was backing up processing hardware inventory
    and I looked at the %programfiles%\Microsoft Configuration Manager\Inboxes\Auth\dataldr.box and found over 6000 there. I added that path to my exclusions in the policy but it did not speed up .mif processing. Only when I turned of real time protection did
    the backlog clear up. Is there a process that I might exclude that might be getting blocked? Should I post this in the SCCM forum?Orange County District Attorney

    This is old post and there have been several changes in SCCM, and Forefront, specially successor for Forefront is System Center Endpoint Protection which integrated into SCCM. You could define filtering for both process and files and it should work, but
    you might wait or enforce policy update on clients.
    If possible try reproduce the problem in SCEP and check if it reproduce or not?

  • FEP 2010 install on Windows server 2012 R2

    I am trying to install FEP 2010 client on Windows server 2012 R2  from 2007 Server ( SP2 R3)
    FEP deployment package fails to install. Error in execmgr is 
    Program exit code -2147156220.
    Is there a way of installing FEP 2010 client on Windows Server 2012 R2 from SCCM 2007 ?

    Are you running FEP 2010 update rollup 1?
    And the latest version of the FEpinstall.exe which is updated with this hotfix
    -- My System Center blog ccmexec.com -- Twitter

  • FEP 2010 - Email alerts not sended (Test-Emails are Successful)

    I got a FEP 2010 environment that is integrated with SCCM 2007.
    The "Test email alert" is sent successfull. But there is no email-alert sent when a FEP-client gets MallWare. (The MallWare is only removed and this is shown in the event viewer of the client
    & the reports on the FEP Server).
    Worth to meantion is that the Alerts stopped to work after a reinstall of IIS and Reporting Services.
    In the Event Viewer of the server running FEP, the "Forefront Endpoint Protection" log keep saying:
    Error, FepSrv, 3004
    Alerts manager failed
    Error recieved:
    And one/two minutes later it says:
    Information, FepSrv, 3005
    Alerts manager succeeded after failure
    I have tried the "FEP Best Practices Analyzer (BPA)" and I got the result "0 items NonCompliant" and it showed that Alerts where configured correctly.
    I don't know what more to troubleshoot, do you have any ideas?
    Best Regards,

    Hi Jörgen,
    Thank you for the answer, but the SQL Agent is up and running and there's no errors.. 
    The workflow seems to work properly, except the "FEPSrv" who can't find events that would trigger alerts.
    (If I run a report on the FEP-server, the report contain info about the clients who's been exposed to MalWare - And MalWare info)
    The "Update Rollup 1 for forefront endpoint protection 2010" ( http://www.microsoft.com/en-us/download/details.aspx?id=26583 )  has not been implemented, can this be
    a possible reason to why the alerts not function properly?

  • Deploying SCEP 2012 over existing FEP 2010

    I need to upgrade FEP 2010 to SCEP 2012 through SCCM. FEP was installed via SCCM 2007, and machines will not upgrade to the SCEP client. New builds pick up SCEP without incident from Config Manager.
    I've read about a migration process from 2007 to 2012, but the docs aren't clear.
    I have build an Application using FEPInstall.exe, then used the Supersedence option to uninstall. The Application deploys to the workstation, but sits in a "Waiting for content" category under Monitoring with a status of "In Progress"
    Does anyone have any experience with this process, and can you share the steps involved with migrating?

    >>You mentioned the Forefront Endpoint Policy. Are you referring to SCCM policy, or a group policy?
    He is referring to SCCM Policy. SCCM Console->Administration -> Client Settings -> properties -> Endpoint Protection.
    >>As of this morning, the Software Center is now showing an Installation Status of Downloading. Sitting at 0%.
    Please check CAS.log, LocationServices.log, ContentTransferManager.log and DataTransferService.log on the client. (C:\Windows\CCM\Logs)
    Best Regards,
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Does FEP 2010 offer protection for NAS file servers?

    We are in the process of rolling out FEP 2010 and wanted to know if it has the capability to scan NAS file servers?
    Tom Martin Email: [email protected]

    Could Microsoft Forefront Endpoint Protection scan NAS drive?
    We have NAS drive (EMC back-end), network shares via Windows Server. We are using FEP 2010 with SCCM 2007. Today, we have Expiro virus/malware headache! Where is infected some network shares. Don't know yet how far it goes. Is there any easy way to do this?
    The problem with Expiro where it mutating itself with different names, last one seen as Expiro.gen!S
    Thanks for any suggestions.

  • FEP 2010 Antimaleware action reports showing blank

    We have configured FEP 2010 with SCCM 2007. Every reports was working but suddenly now antimaleware action report showing blank for last week.
    When checked FEP dashboard it shows infected systems but its report is coming blank.
    So please help.

    The FEP DashBoard shows the data that is active in SCCM, the historical data and more in depoth reports are genrated from another database the FEP Datawarehouse, There are SQL Agent tasks that synchrinise this data and normally this error is caused by a
    problem whit these jobs. Here is a post on the error and where to start to look.
    -- My System Center blog ccmexec.com -- Twitter

  • FEP 2010 Implementation Notes/Concerns

    My perspective is from a large enterprise with SCCM 2007R3, no SCOM, currently running Symantec.
    I realize this is the first release with SCCM integration but I feel a few notes should be posted to either point me in the right direction for information or to better the product if my findings are correct.
    Current FEP 2010 findings:
    SCCM Integration:
    Only partial integration with SCCM (policies, collections, reports) Doesn't use the existing CM distribution points for definition distribution
    Appears to be built for small to medium SCCM sites as the only automated definition delivery systems out of the box don't scale well.
    Automation relies on WSUS or Windows Update
    If you use UNC/DFS for definition updates you have to build the download and replication system - in this configuration there is no log of the definition transaction and its source on the clients. 
    WSUS and Windows Update implementations appear to be the only way to utilize delta definitions so UNC methods require full downloads.
    Alerting and Reporting:
    Email alerts don't give path and file nor accurate/full remediation detail, the only way to get detail is event log or SCOM
    No configuration for what information email alerts contain
    Alerts only once per 24 hour period per node without the ability to configure
    Alerts state action required even when the threat has been quarantined or deleted from the system and no additional malware or remediation is needed (specific test was with 22 malware components on the desktop,
    alureon file was one that showed this failure even though it never infected the system)
    Relies on SCOM for the optimal alerting and reporting
    Some built in reports don't appear to populate properly
    Although there are decent policy templates and CM integration, the policies aren't cumulative, they don't support layered/multiple policies
    XP Support:
    NIS (Network Inspection Service) requires WFP  = no Windows XP support
    Client Interface:
    In the client interface there is no way to view overrides or definition update configuration
    If UNC definition updates are used, the client interface doesn't update its last checked time

    This is old post and there have been several changes in FEP, now the successor of FEP is System Center Endpoint Protection (SCEP) and several things been improved. Try reproduce your issue in SCEP and if problem persist, please post it as a new question.
    I believe most of your issues been addressed in SCEP. However things like support for Windows XP is no longer available because support for Windows XP already ended.

  • Uninstalling programs using sccm 2007 sp3

    Hi there,
    We have imaged 300 desktops which have office 2007 preinstalled.  What we want to do is uninstall office using sccm 2007....my questions is that is this path possible??  Big question is can we uninstall a program that has not been deployed with

    this is an example for MS Visio 2007 Professional but it is valid for all apps like Visio, Project, Office (2007 and 2010 Versions). The only difference is in the <Configuration Product="APPLICATION ID">
    <Configuration Product="VisPro">
    <Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />
    <Setting Id="SETUP_REBOOT" Value="Never" />
    This line in SilentUninstallConfig.xml file stops the client from restarting after an uninstall procedure.

  • SCCM 2007 with MDT 2012 Update 1 - LTI Build Process - "UserLocale" setting is all lowercase.

    Greetings all.  I'm trying to resolve a situation where the "UserLocale" property is being set to "en-us" opposed to "en-US".  Quick environment stats:  SCCM 2007, MDT2010, using LTI build process with a 
    custom UDI.  2 Build Sites (customer build sites), both sites have branch distribution points.
    Both sites are performing the exact same LTI builds.  Same task sequence. 
    Both sites have MDT location records that have the "UserLocale" property defined as "en-US".
    Both sites successfully build the same LTI build, but post build; Site A has correct UserLocale entry of "en-US", while Site B does not have correct UserLocale entry - it is set to "en-us".   This wouldn't normally be a big
    deal, however we have an enterprise application that is hard coded to look for case specific property of "en-US", so this application does not function as desired as Site B.
    Both builds use the same task sequence, same OS.WIM (Windows 7 x86), and same unattend.xml.  The unattend.xml does have UserLocale specified as "en-US" (and also the MDT location records for Site A and Site B both have "UserLocale"
    property defined as "en-US", so I do not understand where the lowercase "en-us" is being populated from during the client build for Site B, when it works correctly for Site A?
    Bdd.log for client build at Site A shows:
    Obtained USERLOCALE value from SQL:  USERLOCALE = en-USUpdated
    C:\WINDOWS\panther\unattend\unattend.xml with UserLocale=en-US (value was en-US)
    Property USERLOCALE is now = en-US
    Bdd.log for client build at Site B shows:
    Obtained USERLOCALE value from SQL:  USERLOCALE = en-US
    Property UserLocale_Edit is now = en-us;0409
    Property UserLocale is now = en-us
    Value for USERLOCALE is already set to en-us so database value of en-US will be ignored.
    Updated C:\WINDOWS\panther\unattend\unattend.xml with UserLocale=en-us (value was en-US)
    Value for USERLOCALE is already set to en-us so database value of en-US will be ignored.
    Can anyone offer insight as to my next troubleshooting steps? I'm not sure why Site B, bdd.log - unattend.xml shows updating UserLocale to en-us instead of en-US?
    (Please note I have verified that the OS.WIM, unattend.xml, and all MDT scripts that run during task sequence execution are exact matches on the BDP's for each site. Same size, date, and content)

    Well, there must be something that is different... If you zip up the logs (all of them) from each setup, and mail them to me, I can take a quick look.
    / Johan
    Regards / Johan Arwidmark Twitter: @jarwidmark Blog: http://www.deploymentresearch.com FB: www.facebook.com/deploymentresearch

Maybe you are looking for

  • Help! - Tracks linked to application files, not my music !!

    Something very weird is going on here.... I've got about 500 tracks that somehow are linked to application files. For example if I select "Show in Finder" it takes me to: Applications:iWeb.app:Contents:Frameworks:SFApplication.framework:Versions:A:Re

  • Files are automatically placed in trash, ***?

    Hi, This is an issue that has been troubling me recently. I find that OS X Automatically places files in the trash can, such as the app file for my kindle for mac and also a video editing software I need to use quite often. I have also found mixes an

  • SCORM Audio problems

    I created a course in Presenter and tested it in our LMS and it operated fine. I then added narration and re-imported the course. The course now locks up when trying to load in our LMS. I ran HTTP Analyzer and it's freezing while loading the audio fi

  • Final Cut import Subtitles

    I'd like to know how to import subtitles at format txt to Final Cut, at same way that import DVD Studio Pro Help-me for question. Tanks

  • No 'create' button in RSA2

    Hi Expert     i plan to create a data source by using RSA2 whereas i found there is no 'create/change' button in the screen of RSA2. only 'display' there.     my user has sap_all authority. are there additional roles needed? thanks