MDT 2012 & Symanted Endpoint Protection & Samba

Similar Messages

• How Does Configuration Manager 2012 R2 Endpoint Protection Stack Up to the Competition (Bit9, Symantec, McAfee, etc.)?

  I have a client in the financial services sector that owns System Center 2012 R2 (just Operations Manager 2012 R2 deployed so far) that is being courted by Bit9 for its "superior" endpoint protection. Can anyone point me to some credible resources
  for comparing Microsoft's Endpoint Protection (component of Configuration Manager 2012 R2) to the competition (Bit9, Symantec, McAfee, etc.)?
  If Microsoft's Endpoint Protection is "good enough" (and has a credible long term product roadmap), it probably makes sense to deploy that since it has already been purchased/licensed.  Any feedback is much appreciated.
  Thanks in advance.
  Bill Thacker

  Check out this page :
  http://www.microsoft.com/security/portal/mmpc/research/awards-and-certifications.aspx
  Under "Highlight" 
  There are many awards and certification programs across the IT security industry. Detailed below are some of the most widely recognized programs and testing
  bodies.
  Benoit Lecours | Blog: System Center Dudes

• Using the pre-configured SCCM 2012 SP1 endpoint protection templates for Exchange 2010?

  I am looking to update the exclusions for SCCM Endpoint Protect clients performing server AV protection on Exchange 2010 nodes.
  Within SC there are a number of pre-defined templates, including ones for Exchange 2007 / 2010. However when I analyse these they do not appear to list all the exclusions that the Exchange product team define on TechNet -
  http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx
  So do I;
  1 - Use the template as it has been verified by Microsoft for using with Exchange 2010 and it covers all I need to exclude?
  2 - Edit the template, adding in the additional exclusions as defined by the Exchange product team?
  Would whichever logic I use apply to other templates, such as SQL, SharePoint, etc as well?
  Thank you
  Alan

  As I cut and pasted the xml file I noticed the following comment that I had missed before..........
          <!-- Exchange -->
          <!-- Exchange Server 2010 exclusions are defined in TechNet bb332342 -->
          <!-- Although the exclusions defined in the article work, testing showed that they exceed what is necessary-->
  Still going with adding the full recommended list from TechNet though

• SCCM 2012 R2 - Endpoint Protection is greyed out

  Somehow the Endpoint Protection menu is greyed out for me. It was setup and we use it to do a quick scan on user's machine when needed. All of the sudden, it's being greyed out. Does anyone knows how to fix this problem?

  Hi,
  Have you seen this thread?
  Right click on a server endpoint greyed out
  http://social.technet.microsoft.com/Forums/en-US/efe34496-8cf2-4fe7-9074-83221bf8bf9e/right-click-on-a-server-endpoint-greyed-out?forum=configmanagersecurity
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Integrating SCCM 2012 SP1 Endpoint Protection Manager with SIEM

  Team,
  Does anyone know how to expose the central SCCM antimalware reporting data to external sources?  I would like to take all centrally collated security events and load the data into Arcsight express, e.g. client malware detection events.  Are all
  client security events logged in a file on the SCCM server before being copied to the SQL database?  Or do I have to read a SQL table to get this information?  Any help greatly appreciated.
  Cheers
  Rod

  Hi,
  You will have to read that from the ConfigMgr database views, start by having a look a the SCCM_EXT.vex_EP_AntimalwareInfectionStatus view.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Configuring SMTP account for Endpoint protection alerts

  Hi all
  I am using SCCM 2012 R2 Endpoint protection. I want to configure email alerts for Endpoint protection. I have mail server in Windows 2008 R2 server in a WORKGROUP. Since mail server is not in domain , how can i configure SMTP server setting. What account
  i need to use for SMTP?

  You can get advice from others on the forum Ashok but ultimately you are the only one that will be able to figure this out. You need to look at your mail server (or talk to the person that manages it) and see how it is configured to allow email relay from
  the firewall, for example. It could be that the mail server is configured with a rule to allow relays anonymously from that specific IP address.
  You then need to configure the email server to allow the requests from the ConfigMgr server in exactly the same way. It might be as simple as adding the IP address to the above rule. You will NOT need to configure an Endpoint Protection SMTP Server Connection
  Account. As Joyce says this is only required if the mail server REQUIRES authenticated access (but you can configure the rule so that it doesn't).
  "they just use SMTP server and a email address for authentication"
  This isn't the case Ashok. This is not authentication. The email address is just a label so that you can see where the alert is coming from.
  I hope this is all clear. This isn't a ConfigMgr issue as such. It's email relaying so is specific to the email product you use.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Endpoint Protection

  Folks,
  When I access Control Panel for any managed computer I saw Forefront Client 2010 installed, and I am using only ConfigMgr 2012 SP1 + Endpoint Protection.
  Do you know why this happens?
  Tnx.

  There's no such thing as Forefront 2012. No it's not possible for ConfigMgr to deploy anything other than "System Center Endpoint Protection" (at least not natively -- it's certainly possible that you have a FEP package though that was manually
  created or migrated that ConfigMgr is deploying).
  What exactly -- please type the exact text -- are you seeing in the Installed Applications list? Not being exact here is making it difficult to decipher what you mean as none of the terms you've typed above actually exist (and you've said 2010 and 2012) so
  I'm having to guess at what you mean.
  Ultimately though, as mentioned, COnfigMgr 2012 will only natively deploy and manage "System Center Endpoint Protection" 2012.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Help with Application for Endpoint Protection

  I created an application to install System Center Endpoint Protection, because we are using Symantec Endpoint Protection 12.1.3, which is unsupported for SCEP to remove.  With the application I set it to supersede our SEP 12.1 client and remove
  any previous software. I created a previous thread, located here:
  http://social.technet.microsoft.com/Forums/en-US/38a476b3-0e71-4e80-b348-81143fa5cefe/creating-an-application-for-sc-endpoint-protection?forum=configmanagergeneral.
  The initial test works, our SEP is removed and SCEP is installed, however the client takes anywhere from 3-5 hours before SCEP pulls down the correct Anti-Malware policy and applies the latest definitions.  The time frame for this is longer then
  we want, rebooting the computer or going into the SCCM client and running the actions does not seem to speed up the process.
  At the moment, the command that works is "scepinstall.exe" /s /q, 
  what I attempted to do was export the current anti-malware policy and run the command
  "scepinstall.exe" /s /q /policy "Malware.xml", however this does not seem to work, in SCCM or running the command via a command prompt.  The only way it would is if I fully defined the path the of the xml such
  as, scepinstall.exe /s /q /policy C:\Windows\CCMCache\2\malware.xml, but this command does not work in SCCM, only via the command prompt.  As well defining the policy doesn't seem to do anything, when I open SCEP, I cannot enter the history
  or settings tab. Even if it did I could not guarantee that the path would remain constant. 
  It seems odd that it can take 3-5 hours before SCEP pulls down its policy, is this normal when installing without a defined policy?
  Is there a setting that I need to change somewhere that is defining when the client can check in for a new Anti-malware policy? The SCCM client is checking the default time of 60 mins.
  Is there a way to define the policy on the install any other way?
  Is there something I am missing? 

  Hi,
  I normally use a custom task sequence when swithing the antivirus, here is a great way of doing it solving the initial download of the definition updates as well from a package works great for OSD as well.
  http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/
  using the cache\2 is not a really good idea as it will not be same between computer, put the command line in a .cmd file and use the %~dp0 variable for current directory "scepinstall.exe /s /q /policy %~dp0EPAMPolicy2.xml" .
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Endpoint Protection Client Status page data is wrong

  So as part of my daily monitoring activities I fire up my CM 12 R2 console and go to Monitoring > Endpoint Protection Status > System Center 2012 R2 Endpoint Protection Status.
  The count of systems where "Configuration Manager client not installed" is
  always wrong. Right now it's claiming 80 clients. Clicking this URL jumps to Assets and Compliance > Devices > [collection name]: Configuration Manager client not installed... but there has never been a single client listed in this view.
  Manually searching the collection with "AND Client No" returns a matching number of clients as expected. What's the deal? I feel like I can't really trust the numbers on this monitoring page...
  EDIT: and yes, it has been summarized recently.
  born to learn!

  Sounds like they're both querying different data. For the details about the query you could have a look at the
  SMSProv.log, when you're performing the actions, that should provide some more information.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• System Center Endpoint Protection Licensing?

  Hi there,
  I want to implement System Center 2012 R2 Endpoint Protection in the business. We have a Silver membership, so we do have the license for System Center 2012 R2. What I don't get is if Endpoint protection is separate or not from a licensing point of view.
  Do we have to pay for subscriptions or not? And how much? It's just confusing because Microsoft doesn't make it clear. Sure I can install SCCM....but that is pointless if I can't use Endpoint Protection.
  Thx in advance

  Hi,
  About SCEP, it depends upon the client ML you purchased, is either included or additional.
  You could find more information from the following link.
  Server and cloud pricing and licensing
  http://www.microsoft.com/en-us/server-cloud/pricing-and-licensing.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Automatic Install of Endpoint Protection fails on windows 8.1 clients with SCCM 2012 R2

  Running SCCM 2012 R2 and deploying CM clients and Endpoint Protection via software updates. CM client and EP install fine on Windows 7 clients. CM client installs fine but endpoint protection fails on Windows 8.1 clients with the following from the
  endpoint protection agent log:
  <![LOG[Create Process Command line: "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /policy "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:22:02.560+240" date="08-13-2014" component="EndpointProtectionAgent"
  context="" type="1" thread="4260" file="epagentutil.cpp:607">
  <![LOG[Detail error message is : [EppSetupResult]
  HRESULT=0x80070643
  Description=Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal
  error during installation.
  So on the win8.1 client I run the above command line manually in a command window and receive Access is denied. Then I run the same command in an elevated command window and EP installs fine. Does this have something to do with why the automatic
  EP client install fails with the 0x80070643 error code? If so, what is the fix?

  Hi,
  Try uninstalling any other security software.
  For more information, please review the link below:
  I‘m getting an error code from my Microsoft security software
  http://www.microsoft.com/security/portal/mmpc/help/errorcodes.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Upgraded SCCM 2012 SP1 to CU5 - Problem updating Endpoint Protection Client (to V4.5.216.0)

  We upgraded SCCM SP1 to CU5. We got one primary site, on which we had no problems with running the CU setup. After the upgrade we pushed the new administrator console and client.
  SP1 CU5 - console update -> Updated on all administrator users (50 computers)
  SP1 CU5- x64 and x86 client update -> Updated on pilot group (50 computers)
  No problems so far.
  We are having troubles updating the Endpoint Protection Client version. This was V4.1.522.0 before the upgrade. When we enroll a new computer, it receives the new V4.5.216.0, which is the last version.
  But we can't update our older clients. We try to deploy the software update (Update for Forefront Endpoint Protection 2010 Client - 4.5.216.0 (KB2952678)) but it doesn't install. After 20 minutes, if I look in the Deployment logs, it says the installation
  was successfull; but it isn't, it's still the old version.
  Strange thing is, we can upgrade to an inbetween version (Update for Forefront Endpoint Protection 2010 Client - 4.3.215.0 (KB2864366)). Which installs on a test client.
  If I look to the cache files of the new EP Client update, and use the UpdateInstall.exe manually, the update does install. Then I see in the logfile EndpointProtectionAgent.log it still refers to the version 4.1.522.0.
  EP 4.5.216.0 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Re-apply EP AM policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Apply AM Policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
  Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  State 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash D277339FA77A9017801399D96266BAD42DE74F38 is NOT changed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Skip sending state message due to same state message already exists. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Firewall provider is installed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  Installed firewall provider meet the requirements. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
  This is the WindowsUpdate.log when I try to push the new EP client.
  2015-01-14 11:24:13:651 7416 1c44 Handler :::::::::
  2015-01-14 11:24:13:651 7416 1c44 Handler : Updates to install = 1
  2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Command line install completed. Return code = 0x8004ff25, Result = Failed, Reboot required = false
  2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Exit code = 0x8024200B
  2015-01-14 11:24:21:716 7416 1c44 Handler :::::::::
  2015-01-14 11:24:21:716 7416 1c44 Handler :: END :: Handler: Command Line Install
  2015-01-14 11:24:21:732 7416 1c44 Handler :::::::::::::
  2015-01-14 11:24:21:794 1096 c18 Agent *********
  2015-01-14 11:24:21:794 1096 edc AU Can not perform non-interactive scan if AU is interactive-only
  2015-01-14 11:24:21:794 1096 c18 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
  2015-01-14 11:24:21:794 1096 c18 Agent *************
  2015-01-14 11:24:21:794 2296 fac COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
  2015-01-14 11:24:21:794 2296 fac COMAPI - Install call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
  2015-01-14 11:24:21:794 2296 fac COMAPI - Reboot required = No
  2015-01-14 11:24:21:794 2296 fac COMAPI - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
  2015-01-14 11:24:21:794 2296 fac COMAPI ---------
  2015-01-14 11:24:21:794 2296 fac COMAPI -- END -- COMAPI: Install [ClientId = CcmExec]
  2015-01-14 11:24:21:794 2296 fac COMAPI -------------
  2015-01-14 11:24:21:794 1096 1620 AU Can not perform non-interactive scan if AU is interactive-only
  2015-01-14 11:24:26:739 1096 1424 Report REPORT EVENT: {ED287668-4BEF-46FD-BB57-CA17680E5D3B} 2015-01-14 11:24:21:732+0100 1 182 101 {A90C3005-7B59-4268-8B11-12D9BE5C8EA0} 201 80070643 CcmExec Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Update for System Center Endpoint Protection 2012 Client - 4.5.216.0 (KB2952678).
  2015-01-14 11:24:27:207 1096 1424 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2015-01-14 11:24:27:207 1096 1424 Report WER Report sent: 7.5.7601.17514 0x80070643 A90C3005-7B59-4268-8B11-12D9BE5C8EA0 Install 101 Managed
  2015-01-14 11:24:27:207 1096 1424 Report CWERReporter finishing event handling. (00000000)
  Thanks in advance!

  Hello,
  According to
  kb2952678:
  To apply this update, you must have one of the following installed:
  System Center 2012 R2 Configuration Manager Cumulative Update 4 for System Center 2012
  Configuration Manager Service Pack
  Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for
  Forefront Endpoint Protection 2010
  Do you have Update Rollup 1 for Forefront Endpoint Protection 2010?
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• SCCM 2012 Endpoint Protection initial update not downloaded

  Hi,
  I'm new to SCCM 2012. I recently started deploying the Endpoint  Protection to all of clients (Windos 7 and XP Pro). 
  I've noticed that some clients have not been updating their initial definitions after the Endpoint Protection Software is installed. 
  Since they are not updating their detonation the client remains unprotected with the status icon in red.
  The odd thing is that some of our computers do the initial update just fine while others are effected. 
  Also if I click update manually then the update goes through no issue, but with 100+ clients not updated its not something I want to do manually. 
  The clients are set to receive auto updates via a auto deployment rule. 
  Also the antimalware policy is set to do updates as well in this order: 
  Config Mgr
  WSUS
  Microsoft Malware Protection Center
  Microsoft Update
  Has anyone seen this before? 
  If I need to upload any specific logs just let me know. 
  Many Thanks

  Do you have Software update configured (and working) thru ConfigMgr or using a standalone WSUS?
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund |
  Mastering ConfigMgr 2012 The Fundamentals

• Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site

  I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
  I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Send failed with hr = 80072ee2.
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Send request failed, hr:0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
  error 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  SLS FATAL: GetResponse failed with hresult 0x80072ee2...
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
  2014-04-30 11:05:09:739
   828 da8
  Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
  2014-04-30 11:05:09:739
   828 da8
  SLS Retrieving SLS response from server...
  2014-04-30 11:05:09:739
   828 da8
  SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Send failed with hr = 80072ee2.
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Send request failed, hr:0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
  error 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  SLS FATAL: GetResponse failed with hresult 0x80072ee2...
  2014-04-30 11:05:30:742
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
  2014-04-30 11:05:30:742
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
  2014-04-30 11:05:30:742
   828 da8
  Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
  2014-04-30 11:05:30:742
   828 da8
  Agent   * WARNING: Exit code = 0x80248014
  2014-04-30 11:05:30:742
   828 da8
  Agent *********
  2014-04-30 11:05:30:742
   828 da8
  Agent **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)  Id = 9]
  2014-04-30 11:05:30:742
   828 da8
  Agent *************
  2014-04-30 11:05:30:742
   828 da8
  Agent WARNING: WU client failed Searching for update with error 0x80248014
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr Decremented PDC RefCount for Network to 0
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr Decremented idle timer priority operation counter to 0
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI   - Updates found = 0
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80248014
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI ---------
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI -------------
  2014-04-30 11:05:30:743
   576 1254
  COMAPI WARNING: Operation failed due to earlier error, hr=80248014
  2014-04-30 11:05:30:743
   576 1254
  COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
  The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
  Regards, Evan Mills - Systems Administrator

  Every two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
  up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
  So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
  1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200)    WUAHandler    4/30/2014 6:49:33 AM    11080 (0x2B48)
  Async installation of updates started.    WUAHandler    4/30/2014 6:49:34 AM    11080 (0x2B48)
  Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
  Async install completed.    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
  Installation of updates completed.    WUAHandler    4/30/2014 6:50:23 AM    11032 (0x2B18)
  It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates.

• Error code 1603 While deploying symantec Endpoint protection through MDT Task sequence as Install a single Application

  Hi ,
  Am getting Error code 1603 (fatal error during installation) while deploying the SEP through MDT task sequence . am not getting such issue regularly but some time am getting and need to be fixed.
  Shailendra
  Shailendra Dev

  Hi,
  I am Chetan Savade from Symantec Technical Support Team.
  Logs can provide more detail info, as said earlier by MrBrooks provide SEP_Inst.log from the affected machine.
  Adding Windows defender related articles if they can help you:
  Keeping Windows Defender Enabled when Deploying and Installing Symantec Endpoint Protection Client package.
  http://www.symantec.com/docs/TECH168501
  Windows Defender startup type registry value is Manual instead of Disabled after installing Symantec Endpoint Protection
  http://www.symantec.com/docs/TECH206793
  How to prepare a Symantec Endpoint Protection 12.1.x client for cloning
  http://www.symantec.com/docs/HOWTO54706
  Best Regards,
  Chetan