Malware Detection System 2011-003 definition update conditions

Similar Messages

• Security Update 2011-003 (Snow Leopard ONLY - Really, Really?!?!?!)

  What anyone who doesn't have Snow Leopard isn't at risk of getting tagged by dreaded "Mac Defender" Trojan Horse???
  Come Apple Snow Leopard isn't the only OS that is at risk, you really should make this avaible to ALL Mac users, not just those who have purchased and installed Snow Leopard.

  Eric Schwarzkopf wrote:
  What anyone who doesn't have Snow Leopard isn't at risk of getting tagged by dreaded "Mac Defender" Trojan Horse???
  Come Apple Snow Leopard isn't the only OS that is at risk, you really should make this avaible to ALL Mac users, not just those who have purchased and installed Snow Leopard.
  It would apparently have been a much bigger undertaking  to provide similar functionality for earlier systems. You'd probably have to start from scratch, whereas for Snow Leopard it's a small update to a pre-existing feature. This isn't to say, though, that Apple shouldn't have provided something for earlier systems anyway.
  From
  About Security Update 2011-003:
  Description: The OSX.MacDefender.A definition has been added to the malware check within File Quarantine.
  The "File Quarantine" check for "potentially unsafe files" began with OS X v10.5, but the addition of a specific  "malware check" feature using a list of known malware was new in Snow Leopard.
  From
  About file quarantine in Mac OS X v10.5 and v10.6:
  Snow Leopard checks for malware
  Mac OS X v10.6 Snow Leopard builds upon the existing unsafe file type check by also checking for known instances of "malware", or malicious software. When you open a quarantined file, the file quarantine feature will check to see if it may include known malware.

• Problem after install Security Update 2011-003

  hi
  after after install Security Update 2011-003
  i can't open App like mail, safari and more.
  any idea
  Benny

  Process:         Safari [400]
  Path:            /Applications/Safari.app/Contents/MacOS/Safari
  Identifier:      com.apple.Safari
  Version:         ??? (???)
  Build Info:      WebBrowser-75332101~1
  Code Type:       X86 (Native)
  Parent Process:  launchd [212]
  Date/Time:       2011-06-01 02:54:16.134 +0300
  OS Version:      Mac OS X 10.6.7 (10J869)
  Report Version:  6
  Exception Type:  EXC_BREAKPOINT (SIGTRAP)
  Exception Codes: 0x0000000000000002, 0x0000000000000000
  Crashed Thread:  0
  Dyld Error Message:
    Library not loaded: /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.frame work/Versions/A/WebCore
    Referenced from: /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
    Reason: no suitable image found.  Did find:
            /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore. framework/Versions/A/WebCore: truncated fat file.  file length=12320768, but needed slice goes to 35270944
  Binary Images:
  0x8fe00000 - 0x8fe4162b  dyld 132.1 (???) <39AC3185-E633-68AA-7CD6-1230E7F1CEF4> /usr/lib/dyld
  q

• SCEP Definition update from Microsoft Malware Protection Center vs WindowsUpdate?

  Hi,
  SCEP Definition update from Microsoft Malware Protection Center vs WindowsUpdate? What is the different?
  /SaiTech

  If I remember correctly - definitions for A/V and NIS will be the same from either location.  I think MMPC might give you the ability to download partial, not yet released definitions for added zero-day protection.  I don't remember
  if you have to be part of MAPS to get that benefit, sorry.
  With the integration of WSUS with SCCM 2012, I've found that using updates distributed from ConfigMgr to be sufficient.  I do have those other methods available, but at lower priorities so that remote users who don't VPN as often as they should, have
  a fallback until we can get PKI/HTTPS or an Azure DP, or Direct Access.
  Again, I'm not 100% sure, but I do know that getting updates from SCCM's built in WSUS (via Automatic Deployment Rules), has worked really well for us, and having those extra methods enabled in your policy definitely makes for some extra fallback options.

• Security update 2011-003 cannot install

  I've tried everything on multiple computer to install the Security update 2011-003. At first, it downloads, but it stalls during installation. Then I downloaded the install direct from Apple. It installed, but stalled saying it had 1 minute until completion. That lasted over an hour. I ran disk utility, then the direct install again and the same thing happened: installed until 1 minute until completion and stalls.
  Anybody else with the problem and solutions?

  Exactly which version of Mac OS are you on? 10.6.?
  And, which model Mac do you have?
  The security update is for OS 10.6.7 only. Not sure if the new 2011 iMacs need the update or not.

• System Center Endpoint Protection Definition Updates

  Hi can anyone advise deploying definitions via SCCM 2012 and selecting the source as being "Updates distributed from Configuration Manager" does that mean each client will go to the Primary Site to get updates? Or by using ADR will it ensure that
  definitions come via distribution points?
  Also another question, as sccm 2012 is not rolled out to all sites yet, and will be deploying unmanaged clients, when I deploy the SCEP client offline un-managed with a policy file, is there a way then later to change policy on the client by command line?

  You could configure updating SCEP in many ways, including:
  Updates distributed from Configuration Manager – This method uses Configuration Manager software updates to deliver definition and engine updates to computers in your hierarchy.
  Updates distributed from Windows Server Update Services (WSUS) – This method uses your WSUS infrastructure to deliver definition and engine updates to computers.
  Updates distributed from Microsoft Update – This method allows computers to connect directly to Microsoft Update in order to download definition and engine updates. This method can be useful for computers that are not often connected to the business network.
  Updates distributed from Microsoft Malware Protection Center – This method will download definition updates from the Microsoft Malware Protection Center.
  Updates from UNC file shares – With this method, you can save the latest definition and engine updates to a share on the network. Clients can then access the network to install the updates.
  For more details, please refer to:
  http://technet.microsoft.com/en-us/library/jj822983.aspx

• SCEP definition updates trying to pull from the Internet - poor behaviour

  Most of our clients do NOT have the ability to just head out to the internet to get things (via proxy or otherwise) and as such, I have configured my Malware policy to use "Updates distributed from Configuration Manager" ONLY
  I do NOT want it trying to get updates from ANYWHERE ELSE.
  Some aren't behaving. :(
  I am seeing log entries that indicate that the client is trying to go out to the Internet to get the updates.
  Here is a cycle of the machine's more recent attempt:
  2014-01-27 19:51:43:096 3616 e38 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0000)  ===========
  2014-01-27 19:51:43:096 3616 e38 Misc   = Process: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
  2014-01-27 19:51:43:096 3616 e38 Misc   = Module: C:\Windows\system32\wuapi.dll
  2014-01-27 19:51:43:096 3616 e38 COMAPI -------------
  2014-01-27 19:51:43:096 3616 e38 COMAPI -- START --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-01-27 19:51:43:096 3616 e38 COMAPI ---------
  2014-01-27 19:51:43:096 3616 e38 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-01-27 19:51:43:096 1032 e7c Agent *************
  2014-01-27 19:51:43:096 1032 e7c Agent ** START **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-01-27 19:51:43:096 1032 e7c Agent *********
  2014-01-27 19:51:43:096 1032 e7c Agent   * Online = Yes; Ignore download priority = No
  2014-01-27 19:51:43:112 1032 e7c Agent   * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
  2014-01-27 19:51:43:112 1032 e7c Agent   * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
  2014-01-27 19:51:43:112 1032 e7c Agent   * Search Scope = {Machine}
  2014-01-27 19:51:43:112 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
  2014-01-27 19:51:43:128 1032 e7c Misc  Microsoft signed: Yes
  2014-01-27 19:52:27:427 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:52:27:427 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:52:27:427 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:53:11:727 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:53:11:727 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:53:11:727 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:53:56:042 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:53:56:042 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:53:56:042 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:54:40:342 1032 e7c Misc WARNING: DownloadFileInternal failed for
  http://download.windowsupdate.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
  2014-01-27 19:54:40:342 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
  2014-01-27 19:54:40:358 1032 e7c Misc  Microsoft signed: Yes
  2014-01-27 19:55:24:657 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:55:24:657 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:55:24:657 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:56:08:941 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:56:08:941 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:56:08:941 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:56:53:257 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:56:53:257 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:56:53:257 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:57:37:603 1032 e7c Misc WARNING: DownloadFileInternal failed for
  http://download.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
  2014-01-27 19:57:37:603 1032 e7c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
  2014-01-27 19:57:37:619 1032 e7c Misc  Microsoft signed: Yes
  2014-01-27 19:58:01:011 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:58:01:011 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:58:01:011 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:58:24:278 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:58:24:278 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:58:24:278 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:58:47:577 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:58:47:577 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:58:47:577 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: Send failed with hr = 80072ee2.
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab>.
  error 0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Misc WARNING: DownloadFileInternal failed for
  http://www.update.microsoft.com/v9/1/windowsupdate/redir/muv4wuredir.cab: error 0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Agent WARNING: Failed to obtain the authorization cab URLs, hr=0x80072ee2
  2014-01-27 19:59:10:844 1032 e7c Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80072EE2
  2014-01-27 19:59:10:891 1032 e7c Agent   * WARNING: Exit code = 0x80072EE2
  2014-01-27 19:59:10:891 1032 e7c Agent *********
  2014-01-27 19:59:10:891 1032 e7c Agent **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-01-27 19:59:10:891 1032 e7c Agent *************
  2014-01-27 19:59:10:891 1032 e7c Agent WARNING: WU client failed Searching for update with error 0x80072ee2
  2014-01-27 19:59:10:906 3616 458 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-01-27 19:59:10:922 3616 458 COMAPI   - Updates found = 0
  2014-01-27 19:59:10:922 3616 458 COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
  2014-01-27 19:59:10:922 3616 458 COMAPI ---------
  2014-01-27 19:59:10:922 3616 458 COMAPI --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-01-27 19:59:10:922 3616 458 COMAPI -------------
  2014-01-27 19:59:10:922 3616 5d0 COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
  2014-01-27 19:59:10:922 3616 5d0 COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
  2014-01-27 19:59:15:891 1032 e7c Report REPORT EVENT: {45AA9823-28E9-4632-92BE-AF48B4BB8710} 2014-01-27 19:59:10:891-0000 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 System Center
  Endpoint Protecti Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.
  2014-01-27 19:59:15:969 1032 e7c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2014-01-27 19:59:15:969 1032 e7c Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Unmanaged
  2014-01-27 19:59:15:969 1032 e7c Report CWERReporter finishing event handling. (00000000)
  Anyone have any suggestions?  I don't want the machines to EVER try to go out to the internet when they are trying to update their SCEP defs.

  Stop SCEP from downloading over the internet, uncheck the following locations:
  1. SCFEP Def Deployment (ADR if you have one) - 
  Download Setting: If software updates are not available on preferred distribution point or remote distribution point, download content from Microsoft Updates
  2. Client Setting (Endpoint Protection) [check your priority if you have more than 1]
  Disable Alternet Sources (such as Microsoft Windows Update, ....) for the inital definition update on client computers.
  3. Asset and Compliance :Endpoint Protection, Antimalware Policies (check all that you have and priority)
  Defintion Updates: If Configuration Manager is used as a source for definition update, clients will only update from alternate sources if definition is older than (hours)  Set this to 720.  This is the max, after this the machine will be forced
  to pull from Microsoft to protect the machine.
  http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com

• SCEP 2012 manual definitions update for use in OSD

  So I am setting up to deploy SCEP 2012 4.5.0216.0 during my OSD task sequence. I am following the guidelines laid out by the blog post: 
  http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx.  I have created a package with the scepinstall.exe, EPAMPolicy.xml, and Install.cmd. 
  Note:  I got the EPAMPolicy.xml from a client I let install SCEP the "normal way" by deploying client settings that said to install and manage the client. 
  I added to the EPAMPolicy.xml file:
  <AddValue Name="DisableUpdateOnStartupWithoutEngine" Disabled="false" Type="REG_DWORD">1</AddValue>
  Added it between:
  <AddValue Name="AuGracePeriod" Type="REG_DWORD" Disabled="false">4320</AddValue>"I ADDED THE CODE RIGHT HERE"<AddValue Name="SignatureUpdateInterval" Type="REG_DWORD" Disabled="false">8</AddValue>
  The "Install.cmd" contains:
  "%~dp0scepinstall.exe" /s /q /NoSigsUpdateAtInitialExp /policy "%~dp0EPAMPolicy.xml"
  So these things together install SCEP 2012 version 4.5.0216.0 and
  cancels any definition updates when done installing and when the service first starts up.  When the install finishes the client is RED since I cancelled all updates.  This is WORKING FINE.
  Now I have a package that contains the definition updates "mpam-fe.exe" and "nis_full.exe" as described in the linked blog.  Running the proper 32/64 version of the mpam-fe.exe effectively updates the client Anti-malware definitions
  to the version I have downloaded for that day.  The client now turns GREEN.  This is WORKING FINE.
  The part that is not working is running the Network Inspection Service definitions, "nis_full.exe".  It goes right through like it was fine when run manually, but when you check event log you see it put two errors in Event
  Log.  It also is causing my Task Sequence to fail.
  I questioned how valid the nis_full.exe was anymore since the blog post is not real new...so I found: 
  http://support.microsoft.com/kb/935934.  It is titled, "How to manually download the latest antimalware definition updates for Microsoft Forefront Client Security, Microsoft Forefront Endpoint
  Protection 2010 and Microsoft System Center 2012 Endpoint Protection".  I verified by downloading using the links given in that article that my files matched hash for hash. 
  In that article it does say if running SCEP 2012 to also install the nis_full.exe as administrator. 
  This is not working!
  Any assistance is appreciated.  Any better way to deploy SCEP during task sequence and definitions WITHOUT scanning for updates during "Install Software Updates" task or letting client go to
  internet?
  Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

  Using the supplied EPAMPolicy2.xml did not resolve the issue. I still get an "0x80004005" error when I try to deploy the "nis_full.exe" during my task sequence. The client and malware definitions work as intended and install successfully. The NIS definitions
  fail though.
  Snippet of my SMSTS.LOG:
  <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:37:58.886+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:804">
  <![LOG[Successfully completed the action (Install SCEP 2012 Anti-malware Defs) with the exit win32 code 0]LOG]!><time="09:37:58.886+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:830">
  <![LOG[MP server https://SCCMSRV.domain.local. Ports 80,443. CRL=false.]LOG]!><time="09:37:58.886+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5881">
  <![LOG[Setting authenticator]LOG]!><time="09:37:58.901+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5903">
  <![LOG[Set authenticator in transport]LOG]!><time="09:37:58.901+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:7734">
  <![LOG[Sending StatusMessage]LOG]!><time="09:37:58.917+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:4023">
  <![LOG[Setting message signatures.]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1295">
  <![LOG[Setting the authenticator.]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1325">
  <![LOG[CLibSMSMessageWinHttpTransport::Send: URL: SCCMSRV.domain.local:443 CCM_POST /ccm_system_AltAuth/request]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8604">
  <![LOG[In SSL, but with no client cert]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8738">
  <![LOG[Request was successful.]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:8939">
  <![LOG[Set a global environment variable _SMSTSLastActionRetCode=0]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Set a global environment variable _SMSTSLastActionSucceeded=true]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Clear local default environment]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:807">
  <![LOG[Updated security on object C:\_SMSTaskSequence.]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:1704">
  <![LOG[Set a global environment variable _SMSTSNextInstructionPointer=15]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Set a TS execution environment variable _SMSTSNextInstructionPointer=15]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:386">
  <![LOG[Set a global environment variable _SMSTSInstructionStackString=10 12]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Set a TS execution environment variable _SMSTSInstructionStackString=10 12]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:414">
  <![LOG[Save the current environment block]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:833">
  <![LOG[Successfully save execution state and environment to local hard disk]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="engine.cxx:254">
  <![LOG[Start executing an instruction. Instruction name: Install SCEP 2012 NIS Defs. Instruction pointer: 15]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="engine.cxx:116">
  <![LOG[Set a global environment variable _SMSTSCurrentActionName=Install SCEP 2012 NIS Defs]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Set a global environment variable _SMSTSNextInstructionPointer=15]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Set a local default variable _SMSSWDProgramName]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:700">
  <![LOG[Set a global environment variable _SMSTSLogPath=C:\Windows\CCM\Logs\SMSTSLog]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Expand a string: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:782">
  <![LOG[Expand a string: ]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:782">
  <![LOG[Command line for extension .exe is "%1" %*]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="commandline.cpp:228">
  <![LOG[Set command line: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="commandline.cpp:731">
  <![LOG[Start executing the command line: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:722">
  <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:751">
  <![LOG[Expand a string: FullOS]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:782">
  <![LOG[Executing command line: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="commandline.cpp:827">
  <![LOG[[ smsswd.exe ]]LOG]!><time="09:37:59.587+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:289">
  <![LOG[PackageID = 'PR100043']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:318">
  <![LOG[BaseVar = '', ContinueOnError='']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:319">
  <![LOG[ProgramName = 'Install NIS Definitions']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:320">
  <![LOG[SwdAction = '0002']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:321">
  <![LOG[GetExecRequestMgrInterface successful]LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:187">
  <![LOG[Retrieving value from TSEnv for '_SMSTSPolicyPR100043_Install NIS Definitions']LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:85">
  <![LOG[::DecompressBuffer(65536)]LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="ccmzlib.cpp:739">
  <![LOG[Decompression (zlib) succeeded: original size 3059, uncompressed size 39008.]LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="ccmzlib.cpp:651">
  <![LOG[ADV_AdvertisementID=PR120019]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:1151">
  <![LOG[PKG_PSF_ContainsSourceFiles=TRUE]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:1170">
  <![LOG[ResolveSource flags: 0x00000000]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3201">
  <![LOG[SMSTSPersistContent: . The content for package PR100043 will be persisted]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3212">
  <![LOG[The package PR100043 is found locally in the cache C:\_SMSTaskSequence\Packages\PR100043]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3242">
  <![LOG[SMS PkgID 'PR100043' resolved to location 'C:\_SMSTaskSequence\Packages\PR100043']LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:145">
  <![LOG[Start to compile TS policy]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:3066">
  <![LOG[Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="utils.cpp:3167">
  <![LOG[End TS policy compilation]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:3171">
  <![LOG[getPointer()->ExecQuery( BString(L"WQL"), BString(pszQuery), lFlags, pContext, ppEnum ), HRESULT=80041017 (e:\nts_sccm_release\sms\framework\core\ccmcore\wminamespace.cpp,463)]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="wminamespace.cpp:463">
  <![LOG[Failed to query CCM_SoftwareDistribution]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="2" thread="2136" file="installsoftware.cpp:729">
  <![LOG[Get Install Directory for SMS Client]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:4215">
  <![LOG[Start to evaluate TS policy with lock]LOG]!><time="09:38:00.024+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:10966">
  <![LOG[Locked policy transaction lock successfully]LOG]!><time="09:38:00.039+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8021">
  <![LOG[Updating settings in \\.\root\ccm\policy\machine\actualconfig]LOG]!><time="09:38:00.039+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:8024">
  <![LOG[RequestedConfig policy instance(s) : 437]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
  <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:Client:Default:{8864FB91-94EE-4F16-A144-0D82A232049D} successfully]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
  <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "SMS:Client:Default:{8864FB91-94EE-4F16-A144-0D82A232049D}") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
  <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
  <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:Client:Default:{8864FB91-94EE-4F16-A144-0D82A232049D} successfully]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
  <![LOG[RequestedConfig policy instance(s) : 0]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
  <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:PR1 successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
  <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "SMS:PR1") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
  <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
  <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:PR1 successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
  <![LOG[RequestedConfig policy instance(s) : 0]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
  <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmPortal successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
  <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "CcmPortal") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
  <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
  <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmPortal successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
  <![LOG[RequestedConfig policy instance(s) : 0]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
  <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source Local successfully]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
  <![LOG[RequestedConfig policy instance(s) : 9]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
  <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source Local successfully]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
  <![LOG[RequestedConfig policy instance(s) : 15]LOG]!><time="09:38:00.133+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
  <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmTaskSequence successfully]LOG]!><time="09:38:00.133+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
  <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "CcmTaskSequence") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.258+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
  <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.258+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
  <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmTaskSequence successfully]LOG]!><time="09:38:00.258+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
  <![LOG[Total RequestedConfig policy instance(s) : 461]LOG]!><time="09:38:00.336+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8186">
  <![LOG[Locked ActualConfig successfully]LOG]!><time="09:38:00.336+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8199">
  <![LOG[New/Changed ActualConfig policy instance(s) : 1]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8278">
  <![LOG[[1] Added/updated setting 'ccm_softwaredistribution:adv_advertisementid=it120019:pkg_packageid=it100043:prg_programid=install nis definitions'.]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8307">
  <![LOG[Unlocked ActualConfig successfully]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8333">
  <![LOG[Unlocked policy transaction lock successfully]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8339">
  <![LOG[Raising event:
  instance of CCM_PolicyAgent_SettingsEvaluationComplete
  ClientID = "GUID:d69a4ca6-a93a-479d-89aa-c85113eaef67";
  DateTime = "20140530133800.382000+000";
  PolicyNamespace = "\\\\.\\root\\ccm\\policy\\machine\\actualconfig";
  ProcessID = 1084;
  ThreadID = 2136;
  ]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="event.cpp:715">
  <![LOG[Successfully submitted event to the Status Agent.]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="event.cpp:733">
  <![LOG[End TS policy evaluation]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:10969">
  <![LOG[Policy evaluation initiated]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="utils.cpp:4253">
  <![LOG[Waiting for policy to be compiled in 'root\ccm\policy\machine' namespace ]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:383">
  <![LOG[Query path = 'CCM_SoftwareDistribution.ADV_AdvertisementID="PR120019",PRG_ProgramID="Install NIS Definitions",PKG_PackageID="PR100043"']LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:414">
  <![LOG[Verified policy is compiled in 'root\ccm\policy\machine' namespace]LOG]!><time="09:38:00.445+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:439">
  <![LOG[content location count = 1]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:231">
  <![LOG[Checking if the active request handle: {66096B8A-60B8-4CC3-ABBA-D0CD624938C4} is valid.]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:5052">
  <![LOG[CoCreateInstance succeeded]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:5074">
  <![LOG[Active request handle: {66096B8A-60B8-4CC3-ABBA-D0CD624938C4} is valid.]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:5082">
  <![LOG[Invoking Execution Manager to install software ]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:246">
  <![LOG[Installing software for PackageID='PR100043' ProgramID='Install NIS Definitions' AdvertID='PR120019' has started, jobID='{F528EBD4-1270-44E5-9539-5B5346BAE5A4}']LOG]!><time="09:38:00.803+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:268">
  <![LOG[Setting TSEnv variable 'SMSTSInstallSoftwareJobID_PR100043_PR120019_Install NIS Definitions'='{F528EBD4-1270-44E5-9539-5B5346BAE5A4}']LOG]!><time="09:38:00.803+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:52">
  <![LOG[Waiting for installation job to complete..]LOG]!><time="09:38:00.803+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:873">
  <![LOG[CompleteExecution received]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="1524" file="installsoftware.cpp:580">
  <![LOG[CompleteExecution processed]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="1524" file="installsoftware.cpp:593">
  <![LOG[Received job completion notification from Execution Manager]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:923">
  <![LOG[Installation completed with exit code 0x80004005]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:940">
  <![LOG[Installation failed with error (0x80004005)]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="3" thread="2136" file="installsoftware.cpp:967">
  <![LOG[Setting TSEnv variable 'SMSTSInstallSoftwareJobID_PR100043_PR120019_Install NIS Definitions'='']LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:52">
  <![LOG[GetExecRequestMgrInterface successful]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:187">
  <![LOG[Releasing job request, jobID='{F528EBD4-1270-44E5-9539-5B5346BAE5A4}']LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:339">
  <![LOG[Releasing of Job Request successful]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:348">
  <![LOG[CompleteJob successful]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:997">
  <![LOG[ReleaseSource() for C:\_SMSTaskSequence\Packages\PR100043.]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3564">
  <![LOG[reference count 1 for the source C:\_SMSTaskSequence\Packages\PR100043 before releasing]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3574">
  <![LOG[Released the resolved source C:\_SMSTaskSequence\Packages\PR100043]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3612">
  <![LOG[pInstall->Install(sPackageID, sProgramName), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\main.cpp,361)]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="main.cpp:361">
  <![LOG[Install Software failed, hr=0x80004005]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="3" thread="2136" file="main.cpp:361">
  <![LOG[Process completed with exit code 2147500037]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="commandline.cpp:1123">
  <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:804">
  <![LOG[Failed to run the action: Install SCEP 2012 NIS Defs.
  Unspecified error (Error: 80004005; Source: Windows)]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="3" thread="540" file="instruction.cxx:895">
  <![LOG[MP server https://SCCMSRV.domain.local. Ports 80,443. CRL=false.]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5881">
  <![LOG[Setting authenticator]LOG]!><time="09:38:03.064+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5903">
  <![LOG[Set authenticator in transport]LOG]!><time="09:38:03.064+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:7734">
  <![LOG[Sending StatusMessage]LOG]!><time="09:38:03.080+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:4023">
  <![LOG[Setting message signatures.]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1295">
  <![LOG[Setting the authenticator.]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1325">
  <![LOG[CLibSMSMessageWinHttpTransport::Send: URL: SCCMSRV.domain.local:443 CCM_POST /ccm_system_AltAuth/request]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8604">
  <![LOG[In SSL, but with no client cert]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8738">
  <![LOG[Request was successful.]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:8939">
  <![LOG[Set a global environment variable _SMSTSLastActionRetCode=-2147467259]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Set a global environment variable _SMSTSLastActionSucceeded=false]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
  <![LOG[Clear local default environment]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:807">
  <![LOG[Let the parent group (Install Endpoint Protection) decides whether to continue execution]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="instruction.cxx:1004">
  <![LOG[Let the parent group (Setup Operating System) decide whether to continue execution]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="instruction.cxx:254">
  <![LOG[The execution of the group (Setup Operating System) has failed and the execution has been aborted. An action failed.
  Operation aborted (Error: 80004004; Source: Windows)]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="3" thread="540" file="instruction.cxx:217">
  <![LOG[Failed to run the last action: Install SCEP 2012 NIS Defs. Execution of task sequence failed.
  Unspecified error (Error: 80004005; Source: Windows)]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="3" thread="540" file="engine.cxx:213">
  Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

• Delaying Endpoint definition updates by one week

  Hi,
  We would like to update our Endpoint Definitions with a one week-lag.
  I.e. the clients in our environment should never download definitions that were just released.
  Instead every definition update should be quarantined for one week, where we can perform tests in a non-production environment to be 100% sure that it does not impact our systems negatively.
  What is the easiest way to accomplish this? We are running Windows 7 and SCCM 2012 R2. 

  You should first configure SCEP NOT to download and install update automatically and only do it for one or few machines which you do testing. Once everything was fine, then you could do manual deployment every week.
  Or you could only add share folder as resource to deploy update and disable other sources and once you tested, download the latest definition from Microsoft Malware Protection Center and put it inside the share folder.
  For more information about updating definition, take a look at:
  https://technet.microsoft.com/en-us/library/jj822983.aspx
  Just I am wondering why you want to delay downloading definition? It is not recommended and might put your PCs at risk. If you are facing any compatibility issues with definition update and your programs, you may add those programs to exception list instead.

• FMS has detected system time is going backwards

  Hi,
  I have a REGISTERED Flash media server version with update 1
  and when i try to start it I have this error in the evnet log :
  "FMS has detected system time is going backwards;shutting
  down server"
  i try to reinstall it, the system clock is ok ! I'm using
  windows 2003 it makes me crazy !!!!!!!!
  thanks

  I ran into this issue today and have not seen any posting regarding how to fix this in Linux, after using find and stat this is how you fix it....
  Within your fms directory their is a file named '. ' notice the extra spacing at the end, or follow this example.
  [root@xxx fms]# stat .*
    File: `.'
    Size: 4096            Blocks: 8          IO Block: 4096   directory
  Device: 301h/769d       Inode: 1167925     Links: 10
  Access: (0775/drwxrwxr-x)  Uid: (   xxx/  xxxxxx)   Gid: (  xxx/xxxxxx)
  Access: 2011-03-22 16:30:47.000000000 -0400
  Modify: 2011-03-22 16:17:13.000000000 -0400
  Change: 2011-03-22 16:28:42.000000000 -0400
    File: `.        '
    Size: 18              Blocks: 8          IO Block: 4096   regular file
  Device: 301h/769d       Inode: 1167965     Links: 1
  Access: (0660/-rw-rw----)  Uid: (    xxx/    xxxxxx)   Gid: (  xxx/xxxxxx)
  Access: 2011-03-22 16:16:53.000000000 -0400
  Modify: 2011-03-23 16:59:26.000000000 -0400
  Change: 2011-03-23 16:59:26.000000000 -0400
  Notice that the directory has a newer timestamp, and the file has a timestamp in the future due to adjusting the system clock.
  Simply stop fms, mv the file, and start fms, tail -f your master.00.log file to confirm things start without a clock error.
  service fms stop && mv '.        '  test && service fms start

• Two definition updates dueling

  We have System Center Endpoint Protection installed.  We are currently getting updates from our WSUS server and we have two different updates that seem to apply for this product.  If you one of them then the other one shows up.  And if you
  install the second one then first one comes back needing to be installed.
  The two updates are
  Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.165.1899.0)
  Definition Update for Microsoft Forefront Endpoint Protection 2010 - KB2461484 (Definiton 1.101.1659.0)
  We unchecked the entire Forefront category on our WSUS server.  But we are still getting both of these updates. 
  Any suggestion on how to remove the second update would be appreciated.

  
  Hi,
  Decline the superseded update and everything should be done.
  Similar issue discussed below:
  Forefront updates repeatedly offered
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/68696a03-e2e3-49fc-af2f-407bcde8c4e4/forefront-updates-repeatedly-offered?forum=winserverwsus
  Errors When Using the FEP 2010 Definition Update Automation Tool
  http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx
  Hope this helps.

• Error in updating condition table 372

  Hello,
  While saving Excise Invoice I am facing error 'Error in updating condition table 372'.Could you please solve this probelm?
  Thanks in Advance

  Dear All,
  I done this--by doing some configuration changes.
  Normally while doing Exports we are tempted to use the same sales area and accordingly we may give the combination of excise grp+series grp+export type in IMG>>>Logistics General>>>India>>>Business transactions>>>Outgoing excise invoices>>>Maintain default excise groups and series groups.
  Once after removing the export type to your sales area combination--system will show this error--and we cannot even post the Excise invoices.(J1IIN)
  I tried in my IDES--that with export type(Ex.Export under Bond)--with this assignment--i am able to post my excise invoices.
  Once after removing this assignment of export type--again i am getting this error.
  Actually i am not even aware why it is happening--almost after two months of struggle--i find this.
  (i feel it is in the same way that we cannot even open/See a sales order by deleting sales group which was created&used previously)
  i am sharing this because somebody may get a little help with my thread.
  Mark this if helpful--there by others can easily find this thread.
  Phanikumar

• Windows 8.1 store apps aren't running after definition update of windows defender!!!

  I am currently running windows 8.1 pro with media centre. 15 days back I installed this update
  "Definition Update for Windows Defender - KB2267602 (Definition 1.189.752.0)"
  after which my all windows apps(precisely metro apps/windows store apps) stoped working. Whenever I open such apps they dont get open. Sadly this update not uninstallable. I restored my system to the previous date. and all the apps started working
  again. But now yesterday my windows updated again & now again I am in the same situation and this time I am unable to restore my windows as there is not restore point left. :/
  Can any body help me out with this? I have scanned my Pc with Kapsersky2014, no viruses are found on system. 

  Hi,
  Before returning the system to a previous restore point, we can first do some troubleshooting and see whether it KB2267602 that case this issue.
  First, I suggest you run wsreset.exe to clear the Windows Store cache, most issues are caused by the cache, then you can also chec other solutions in the link below:
  http://blogs.technet.com/b/askperf/archive/2013/10/11/what-to-do-if-your-windows-8-modern-app-fails-to-start.aspx
  http://blogs.technet.com/b/ouc1too/archive/2013/10/19/windows-app-store-doesn-t-load-after-8-1-upgrade.aspx
  Please post back if issue persist.
  Yolanda Zhu
  TechNet Community Support

• How to update CONDITIONS for SERVICES in ME51N, ME52N.

  Hi All,
  My requirement is to update the CONDITIONS for SERVICES for the transaction ME51N, ME52N. I'm using BAPI_REQUISITION_CREATE to create the Purchase Requisition.
  Thanks.

  Hi Swetha,
  u will definitely update the condition and services by using the bapi
  *BAPIREQUISITION_CREATE*_ 
  with regards,
  Kiran.G

• SCCM 2012 R2 not show Threat item in Malware Detected Report.

  I had no "Malware detected" items fount.
  There are no report abount virus that Endpoint Protection client finds.
  I try to test be creating file with this test content: "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*", my Endpoint Protection find this file, logging it in its journal, but SCCM not show this Theat. 
  My computer was discovered, Endpoint Protection was automatic installed, Antimalware Policies work fine...
  ....but in "Monitoring/Endpoint Protection Status/System Center 2012 R2 Endpoint Protection Status" my collection with my computer(this is test collection), show me: "Endpoint Protection agent
  not yet installed: 1"
  There are many collection with many devices, but no one give me report about "Malware Detected", but virus was found in our company.
  SCCM 2012 R2 was upgrade from older version(i have not this information).
  What log must i fount about this issue?
  What cat i do to fix this problem?

  SCEP client is installed by policy successfull.
  Policy applied succesfull too.
  but i guess that data do not copy from SCEP to SCCM 
  or data do not inserted in database.
  CcmMessaging.log:
  Raising event:
  instance of CCM_CcmHttp_Status
  ClientID = "GUID:EFA60F96-CEE9-470B-8A3D-FD8453D1D7C2";
  DateTime = "20140410103213.874000+000";
  HostName = "SCCM2012.DOMAIN.LOC";
  HRESULT = "0x00000000";
  ProcessID = 2764;
  StatusCode = 0;
  ThreadID = 12908;
  Could not load logging configuration for component CcmTask. Using default values.
  Could not load logging configuration for component FileSystemFile. Using default values.
  Supplied sender token is null. Using GetUserTokenFromSid to find sender's token.
  mpfdm.log:
  PULL:Worker thread [Site System Status Summarizer] checking for *.SUM files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\sitestat.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 12200 (0x2FA8)
  PULL:Worker thread [Discovery Data Manager (Trusted)] checking for *.UDR files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\ddr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 25480 (0x6388)
  PULL:Worker thread [State System (Incoming - high priority)] checking for *.SMX files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box\high.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 5660 (0x161C)
  PULL:Worker thread [Status Manager] checking for *.SVF files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\stat.box. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014
  16:42:17 30604 (0x778C)
  PULL:Worker thread [State System (Incoming - low priority)] checking for *.SMX files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box\low.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 12176 (0x2F90)
  PULL:Worker thread [Software Metering Processor Usage (Site)] checking for *.MUX files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\swm.box.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 17576 (0x44A8)
  PULL:Worker thread [State System (Incoming - high priority)] checking for *.SME files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box\high.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 10552 (0x2938)
  PULL:Worker thread [Successful Policy Requests] checking for *.POL files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\polreq.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 19480 (0x4C18)
  PULL:Worker thread [Notification Manager] checking for *.BOS files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\bgb.box. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014
  16:42:17 11276 (0x2C0C)
  PULL:Worker thread [Software Inventory Processor (Site Trusted)] checking for *.SI? files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\sinv.box.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 23188 (0x5A94)
  PULL:Worker thread [Notification Manager] checking for *.BTS files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\bgb.box. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014
  16:42:17 17444 (0x4424)
  PULL:Worker thread [State System (Incoming - low priority)] checking for *.SME files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box\low.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 18876 (0x49BC)
  PULL:Worker thread [Discovery Data Manager (Trusted)] checking for *.DDR files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\ddr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 9008 (0x2330)
  PULL:Worker thread [Hierarchy Manager (Forwarding messages)] checking for *.MCM files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\MCM.box.
  SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:42:17 29416 (0x72E8)
  PULL:Worker thread [Asset Intelligence KB Manager] checking for *.AR? files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\AIKbMgr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 3960 (0x0F78)
  PULL:Worker thread [Discovery Data Manager (Registration)] checking for *.RDR files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\rdr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 11744 (0x2DE0)
  PULL:Worker thread [Endpoint Protection Manager] checking for *.EPP files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\EPMgr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 25272 (0x62B8)
  PULL:Worker thread [SMS_AMT_PROXY_COMPONENT] checking for *.APX files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\amtproxy.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 26296 (0x66B8)
  PULL:Worker thread [State System (Incoming)] checking for *.SME files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 25908 (0x6534)
  PULL:Worker thread [State System (Incoming)] checking for *.SMF files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 25468 (0x637C)
  PULL:Worker thread [State System (Incoming)] checking for *.SMX files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\statemsg.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 10148 (0x27A4)
  PULL:Worker thread [SMS_AMT_PROXY_COMPONENT] checking for *.OTP files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\amtproxy.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:17 30220 (0x760C)
  PULL:Worker thread [Distribution Manager (Incoming)] checking for *.STA files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\distmgr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:18 13872 (0x3630)
  PULL:Worker thread [Distribution Manager (Incoming)] checking for *.DMD files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\distmgr.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:18 30448 (0x76F0)
  PULL:Worker thread [Site Server Inventory Collection] checking for *.NHM files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\hinv.box. SMS_MP_FILE_DISPATCH_MANAGER
  10.04.2014 16:42:18 27100 (0x69DC)
  PULL:Worker thread [Data Loader (Trusted)] checking for *.MIF files in \\SQLSRV.DOMAIN.LOC\D$\SMS\MP\OUTBOXES\hinv.box. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014
  16:42:18 2452 (0x0994)
  The machine account will be used for ["Display=\\NV-WSUS.DOMAIN.LOC\"]MSWNET:["SMS_SITE=EKB"]\\NV-WSUS.DOMAIN.LOC\. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014
  16:43:43 5316 (0x14C4)
  Successfully made a network connection to \\NV-WSUS.DOMAIN.LOC\ADMIN$. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  NV-WSUS.DOMAIN.LOC is pushing files. Mode must be push. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  Cancelling network connection to \\NV-WSUS.DOMAIN.LOC\ADMIN$. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  Successfully logged on user DOMAIN.LOC\sccm-installer (Token = 00000000000032FC) and impersonated for accessing ["Display=\\SQLSRV.DOMAIN.LOC\"]MSWNET:
  ["SMS_SITE=EKB"]\\SQLSRV.DOMAIN.LOC\. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  Successfully made a network connection to \\SQLSRV.DOMAIN.LOC\ADMIN$. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  Pulling files from SQLSRV.DOMAIN.LOC. Mode must be pull. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  Cancelling network connection to \\SQLSRV.DOMAIN.LOC\ADMIN$. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  Reverting current impersonation. SMS_MP_FILE_DISPATCH_MANAGER 10.04.2014 16:43:43 5316 (0x14C4)
  statesys.log:
  CMessageProcessor - Processing file: g1a2vm9n.SMX SMS_STATE_SYSTEM 10.04.2014 16:43:13 25096 (0x6208)
  *** *** Unknown SQL Error! SMS_STATE_SYSTEM 10.04.2014 16:43:13 25096 (0x6208)
  CMessageProcessor - Encountered a non-fatal SQL error while processing SMS_STATE_SYSTEM 10.04.2014 16:43:13 25096 (0x6208)
  CMessageProcessor - Non-fatal error while processing g1a2vm9n.SMX SMS_STATE_SYSTEM 10.04.2014 16:43:13 25096 (0x6208)
  STATMSG: ID=6104 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_STATE_SYSTEM" SYS=SCCM2012.kontur SITE=EKB PID=6388 TID=25096 GMTDATE=Чт апр 10 10:43:13.059 2014
  ISTR0="g1a2vm9n.SMX" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_STATE_SYSTEM 10.04.2014 16:43:13
  25096 (0x6208)
  Thread "State Message Processing Thread #0" id:25096 was unable to process file "C:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\process
  \g1a2vm9n.SMX", moving to corrupt directory. SMS_STATE_SYSTEM 10.04.2014 16:43:13 25096 (0x6208)