Remove Microsoft Endpoint Protection 2012 Client

Hi,
I ended up with Microsoft Endpoint Protection 2012 on my private PC and I can't get rid of it.
When I try to uninstall it via the "Programs and Features" dialogue the "Uninstall" or "Change" button disappears everytime I select the endpoint entry. Wild guess, this is due to a group policy setting.
So my question is, which group policy do I have to change to successfully uninstall the client without having to reinstall my whole system.
Thanks
Simon

Hi
Thank you for your post here.
Please read the articles below to see if they are helpful.
http://support.microsoft.com/kb/2834133
http://technet.microsoft.com/en-us/library/gg477040.aspx
Best Regards
Quan Gu

Similar Messages

  • Best practice to run Microsoft Endpoint Protection client in VDI environment

    We are using Citrix XenDesktop VDI environment. Symantec Endpoint Protection client (VDI performance optimised) has been installed on the “streamed to the clients” virtual machine image. Basically, all the files (in golden image) have been “tattooed” with
    Symantec signature. Now, when the new VM starts, Symantec scan engine simply ignores “tattooed” files and also randomise scan times. This is a rough explanations but I hope you’ve got the idea.
    We are switching from Symantec to Microsoft Endpoint Protection and I’m looking for any information and documentation in regards best practice for running Microsoft Endpoint Protection clients in VDI environment.
     Thanks in advance.

    I see this post is a bt old but the organization I'm with has a very large VDI deployment using VMware. We also are using SCEP 2012 for the AV.
    Did you find out what you were looking for or did you elect to take a different direction?
    We install SCEP 2012 into the base image and manage the settings using GPO and the updates for defs are through the normal route.
    Our biggest challenge is getting alert message from the client.
    Thanks

  • System Center Endpoint Protection Antimalware client version - wont upgrade

    Hi
    Running SCCM 2012 SP1 CU4 on Server A. Endpoint Protection role on Server B. Both Servers 2008 R2. there is only one primary site server and no secondary sites in the hierarchy.
    All clients are Windows 7.
    The SCEP client is not upgrading on clients as I would have expected. After enabling the automatic client upgrade option in site hierarchy settings I found all the clients upgraded their SCCM agent. I was expecting the SCEP client to be upgraded also. Machines
    have been rebooted since the SCCM agent upgrade.
    How can I go about upgrading the SCEP agent on all computers?
    Many thanks

    Hi Daniel
    I can't find this file in %programfiles%\microsoft configuration manager\logs, or %programfiles%\sms_ccm\logs. Can you tell me where this log file is?
    I think I sorted the issue, some of the boundaries weren't in a boundary group. Now some of the SCEP agents are upgrading. There are still some issues but I guess I'll do some reinstalls and see if I can resolve this this way.
    Common installation issues I'm seeing are 0x8004FF91 or 0x8000ffff,
    for example. These are found in the c:\windows\ccm\logs\EndpointProtectionAgent.log on the clients.
    Thanks

  • Collection Alerting for Endpoint Protection and Client Status

    both for the Client Status alerts and for the Endpoint Protection alerts I have set these up on one collection each,
    the thing is if you go to the Client Status node under monitoring, by default the collection 'All desktop and server clients' is selected, while this one doesn't even have the alert configured
    same goes for endpoint protection, where by default the collection 'All client Systems' is selected ...
    what is the purpose of configuring a specific collection for the alerting, if you have to select this every time you look at the monitoring?
    try to explain that to customers..

    The purpose of configuring alerts for different Collections is that you can have e-mails send to different Groups. When you create subscriptions you can select the different alerts and configure them to mailed to different Groups.
    Kent Agerlund | My blogs: blog.coretech.dk/kea and
    SCUG.dk/ | Twitter:
    @Agerlund | Linkedin: Kent Agerlund |
    Mastering ConfigMgr 2012 The Fundamentals

  • Last Windows Update except DefinitionUpdate for Microsoft Endpoint Protection

    Heres the script
    Set objSession = CreateObject("Microsoft.Update.Session")
    Set objSearcher = objSession.CreateUpdateSearcher
    Set colHistory = objSearcher.QueryHistory(1, 1)
    For Each objEntry in colHistory
        Wscript.Echo "Title: " & objEntry.Title
        Wscript.Echo "Update application date: " & objEntry.Date
    Next
    I dont want any result about the definition update if thats that latest update that been installed...
    Please thank you

    Here are some bits on=f information to help you understand what is possible:
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa386526(v=vs.85).aspx
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa387102(v=vs.85).aspx
    ¯\_(ツ)_/¯

  • Upgraded SCCM 2012 SP1 to CU5 - Problem updating Endpoint Protection Client (to V4.5.216.0)

    We upgraded SCCM SP1 to CU5. We got one primary site, on which we had no problems with running the CU setup. After the upgrade we pushed the new administrator console and client.
    SP1 CU5 - console update -> Updated on all administrator users (50 computers)
    SP1 CU5- x64 and x86 client update -> Updated on pilot group (50 computers)
    No problems so far.
    We are having troubles updating the Endpoint Protection Client version. This was V4.1.522.0 before the upgrade. When we enroll a new computer, it receives the new V4.5.216.0, which is the last version.
    But we can't update our older clients. We try to deploy the software update (Update for Forefront Endpoint Protection 2010 Client - 4.5.216.0 (KB2952678)) but it doesn't install. After 20 minutes, if I look in the Deployment logs, it says the installation
    was successfull; but it isn't, it's still the old version.
    Strange thing is, we can upgrade to an inbetween version (Update for Forefront Endpoint Protection 2010 Client - 4.3.215.0 (KB2864366)). Which installs on a test client.
    If I look to the cache files of the new EP Client update, and use the UpdateInstall.exe manually, the update does install. Then I see in the logfile EndpointProtectionAgent.log it still refers to the version 4.1.522.0.
    EP 4.5.216.0 is installed, version is higher than expected installer version 4.1.522.0. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
    Re-apply EP AM policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
    Apply AM Policy. EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
    Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent 13/01/2015 14:54:00 7808 (0x1E80)
    Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
    Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
    State 1 and ErrorCode 0 and ErrorMsg and PolicyName Antimalware Policy and GroupResolveResultHash D277339FA77A9017801399D96266BAD42DE74F38 is NOT changed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
    Skip sending state message due to same state message already exists. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
    Firewall provider is installed. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
    Installed firewall provider meet the requirements. EndpointProtectionAgent 13/01/2015 14:54:02 7808 (0x1E80)
    This is the WindowsUpdate.log when I try to push the new EP client.
    2015-01-14 11:24:13:651 7416 1c44 Handler :::::::::
    2015-01-14 11:24:13:651 7416 1c44 Handler : Updates to install = 1
    2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Command line install completed. Return code = 0x8004ff25, Result = Failed, Reboot required = false
    2015-01-14 11:24:21:716 7416 1c44 Handler : WARNING: Exit code = 0x8024200B
    2015-01-14 11:24:21:716 7416 1c44 Handler :::::::::
    2015-01-14 11:24:21:716 7416 1c44 Handler :: END :: Handler: Command Line Install
    2015-01-14 11:24:21:732 7416 1c44 Handler :::::::::::::
    2015-01-14 11:24:21:794 1096 c18 Agent *********
    2015-01-14 11:24:21:794 1096 edc AU Can not perform non-interactive scan if AU is interactive-only
    2015-01-14 11:24:21:794 1096 c18 Agent ** END ** Agent: Installing updates [CallerId = CcmExec]
    2015-01-14 11:24:21:794 1096 c18 Agent *************
    2015-01-14 11:24:21:794 2296 fac COMAPI >>-- RESUMED -- COMAPI: Install [ClientId = CcmExec]
    2015-01-14 11:24:21:794 2296 fac COMAPI - Install call complete (succeeded = 0, succeeded with errors = 0, failed = 1, unaccounted = 0)
    2015-01-14 11:24:21:794 2296 fac COMAPI - Reboot required = No
    2015-01-14 11:24:21:794 2296 fac COMAPI - WARNING: Exit code = 0x00000000; Call error code = 0x80240022
    2015-01-14 11:24:21:794 2296 fac COMAPI ---------
    2015-01-14 11:24:21:794 2296 fac COMAPI -- END -- COMAPI: Install [ClientId = CcmExec]
    2015-01-14 11:24:21:794 2296 fac COMAPI -------------
    2015-01-14 11:24:21:794 1096 1620 AU Can not perform non-interactive scan if AU is interactive-only
    2015-01-14 11:24:26:739 1096 1424 Report REPORT EVENT: {ED287668-4BEF-46FD-BB57-CA17680E5D3B} 2015-01-14 11:24:21:732+0100 1 182 101 {A90C3005-7B59-4268-8B11-12D9BE5C8EA0} 201 80070643 CcmExec Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80070643: Update for System Center Endpoint Protection 2012 Client - 4.5.216.0 (KB2952678).
    2015-01-14 11:24:27:207 1096 1424 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2015-01-14 11:24:27:207 1096 1424 Report WER Report sent: 7.5.7601.17514 0x80070643 A90C3005-7B59-4268-8B11-12D9BE5C8EA0 Install 101 Managed
    2015-01-14 11:24:27:207 1096 1424 Report CWERReporter finishing event handling. (00000000)
    Thanks in advance!

    Hello,
    According to
    kb2952678:
    To apply this update, you must have one of the following installed:
    System Center 2012 R2 Configuration Manager Cumulative Update 4 for System Center 2012
    Configuration Manager Service Pack
    Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for
    Forefront Endpoint Protection 2010
    Do you have Update Rollup 1 for Forefront Endpoint Protection 2010?
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site

    I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
    I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: Send failed with hr = 80072ee2.
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: Send request failed, hr:0x80072ee2
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
    error 0x80072ee2
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2014-04-30 11:05:09:739
     828 da8
    Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2014-04-30 11:05:09:739
     828 da8
    SLS FATAL: GetResponse failed with hresult 0x80072ee2...
    2014-04-30 11:05:09:739
     828 da8
    EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
    2014-04-30 11:05:09:739
     828 da8
    EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
    2014-04-30 11:05:09:739
     828 da8
    EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
    2014-04-30 11:05:09:739
     828 da8
    Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
    2014-04-30 11:05:09:739
     828 da8
    Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
    2014-04-30 11:05:09:739
     828 da8
    SLS Retrieving SLS response from server...
    2014-04-30 11:05:09:739
     828 da8
    SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: Send failed with hr = 80072ee2.
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: Send request failed, hr:0x80072ee2
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
    error 0x80072ee2
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2014-04-30 11:05:30:742
     828 da8
    Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2014-04-30 11:05:30:742
     828 da8
    SLS FATAL: GetResponse failed with hresult 0x80072ee2...
    2014-04-30 11:05:30:742
     828 da8
    EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
    2014-04-30 11:05:30:742
     828 da8
    EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
    2014-04-30 11:05:30:742
     828 da8
    Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
    2014-04-30 11:05:30:742
     828 da8
    Agent   * WARNING: Exit code = 0x80248014
    2014-04-30 11:05:30:742
     828 da8
    Agent *********
    2014-04-30 11:05:30:742
     828 da8
    Agent **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)  Id = 9]
    2014-04-30 11:05:30:742
     828 da8
    Agent *************
    2014-04-30 11:05:30:742
     828 da8
    Agent WARNING: WU client failed Searching for update with error 0x80248014
    2014-04-30 11:05:30:742
     828 da8
    IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
    2014-04-30 11:05:30:742
     828 da8
    IdleTmr Decremented PDC RefCount for Network to 0
    2014-04-30 11:05:30:742
     828 da8
    IdleTmr Decremented idle timer priority operation counter to 0
    2014-04-30 11:05:30:743
     576 12c0
    COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-04-30 11:05:30:743
     576 12c0
    COMAPI   - Updates found = 0
    2014-04-30 11:05:30:743
     576 12c0
    COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80248014
    2014-04-30 11:05:30:743
     576 12c0
    COMAPI ---------
    2014-04-30 11:05:30:743
     576 12c0
    COMAPI --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-04-30 11:05:30:743
     576 12c0
    COMAPI -------------
    2014-04-30 11:05:30:743
     576 1254
    COMAPI WARNING: Operation failed due to earlier error, hr=80248014
    2014-04-30 11:05:30:743
     576 1254
    COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
    The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
    Regards, Evan Mills - Systems Administrator

    Every two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
    up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
    So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
    1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200)    WUAHandler    4/30/2014 6:49:33 AM    11080 (0x2B48)
    Async installation of updates started.    WUAHandler    4/30/2014 6:49:34 AM    11080 (0x2B48)
    Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
    Async install completed.    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
    Installation of updates completed.    WUAHandler    4/30/2014 6:50:23 AM    11032 (0x2B18)
    It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates.

  • How to manage Forefront Endpoint Prorection Security Client 2010 with SCCM 2012

    Hi
    I've sucessfully installed System Center Configuration Manager 2012
    and now I 'd like to push/deploy Forefront Endpoint Protection Client 2010 on client machines.I also know that Microsoft embedded Forefront Endpoint Protection in SCCM 2012 so that you can manage FEP from single SCCM 2012 console.Now
    when I try to push FEP client on client machines using Default Client Settings
    then I've found that all Endpoint Protection settings are greyed out !
    Do I need to install Forefront Endpoint Protection 2010 or 2012 Server (which is beta) with SCCM 2012, in order to deploy FEP client or is there a workaround or solution to resolve this ?
    Thanks
    Sohail

    Hi,
    Endpoint Protection 2012 is builtin in SCCM 2012, you simply add the Site Role called Endpoint Protection either on your CAS if you have one of those or on your Primary site Server. FEP is no longer a standalone installer and it is a released product and
    no longer Beta.
    Then the Endpoint Protection Client Settings will no longer be greyed out and you can deploy the System Center 2012 Endpoint Protection client.
    http://technet.microsoft.com/en-us/library/hh508760.aspx
    regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCCM 2012 R2: Forefront Endpoint protection via automatic updates only work when manually triggering automatic updat rule

    Hi,
    I followed this manual to configure forefront endpoint protection on clients: http://www.windows-noob.com/forums/index.php?/topic/6106-using-system-center-2012-configuration-manager-part-6-adding-the-endpoint-protection-role-configure-alerts-and-custom-antimalware-policies/
    Now in short: everything works fine ... as long as I trigger the audomatic deployment rules.
    Current situation:
    1. ADR ran fine (3:30 this night)
    2.Software update group is NOT ok
    3.I run ADR manually (right click on ADR, run)
    4.software update group is ok (green icon)
    Then virusupdates are succesfull. This means that clients only update their virus definitions when I manually run the ADR-rule.
    I'm missing something here.
    Please advise.
    J.
    Jan Hoedt

    Probably this issue: http://social.technet.microsoft.com/Forums/en-US/c6109678-785b-4c6d-9cb4-c9dfc1e34b2e/sccm-2012-automatic-deployment-rule-not-executing-updates-for-scep?forum=configmanagerapps
    Iow: wsus updates were scheduled at 3, automatic update rules at 3:15, probably sync wasn't done yet so it doesn't find updates. "The day after" updates are marked as expired.
    Jan Hoedt

  • Cannot Remove Endpoint Protection

    We are replacing our security solution which will replace System Center Endpoint Protection 2012. The installer for the replacement successfully uninstalls the EP client and installs the replacement. However, some time after the install completes, EP uninstalls
    the new protection and restores the EP install.
    Can anyone shed some light on this behavior?

    If you don't disable SCEP in the client agent settings it will do exactly what you describe. This is "by design"
    John Marcum | Microsoft MVP - Enterprise Client Management
    My blog: System Center Admin | Twitter:
    @SCCM_Marcum | Linkedin:
    John Marcum

  • Why is KB2884678 Endpoint Protection Client Update Expired?

    Hi,
    KB2884678 Update for System Center Endpoint Protection 2012 suddenly expired in my SCCM Software Update Library.  This was just released 10/9/2013.  After testing and planned deployment, I was able to install this to the majority of my clients
    and servers.  However, now it is expired and I am not done yet.
    Why did this update suddenly expired on SCCM? Is there something going on? I don't see a replacement either.

    Thanks! Although it's a bit confusing because it says it superseded KB2865173 and not mentions 2884678.  But you are right.  This must be the replacement because 2884678 brings the client to version 4.3 while 2907566 brings
    the client to 4.4.
    So I guess, do you know by any chance if installing Cumulative Update 3 will upgrade my clients to 4.4 or still 4.3?

  • System Center 2012 Endpoint Protection

    I am trying to install System Center 2012 Endpoint Protection on my computer for Windows 8.1 and keep getting  Error code:0x8004FF71. The license is
    offered through our school. Not sure what to do so it will install. 

    Hi,
    You need to use System Center Endpoint PRotection 2012 R2 as that it is the version that supports Windows 8.1.
    https://social.technet.microsoft.com/Forums/en-US/d9e257f2-3959-430e-a687-749ce43376c2/sccm-2012-endpoint-protection-on-windows-81?forum=configmanagersecurity
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • System Center Endpoint Protection creates TEMP Folders / Reinstallation not possible

    Hi all,
    After I updated from SCCM 2012 RTM to SCCM 2012 R2 CU2 I have an issue on several Servers, which havin System Center Endpoint Protection 2012 installed (provided through SCCM Agent).
    There are hourly Temp Folders created in C:\Windows\...:
    The Temp-Folders are including SCEP 2012 Content...
     This files are filling up my System drive C:\. I always have to delte those files.
    I think System Center Endpoint Protection is trying to reinstall or update itself, and failes...
    If I try to uninstall "System Center 2012 Endpoint Protection" manually from the sever, i get the following popup (file not found):
    I cannot find the correct Version of this msi-File "fepclient.msi", so I click Cancel, and then I get the Error 0x8007064C (Cannot complete uninstall wizard).
    I have this Problem on 4 different Servers right now (FileServer, two Citrix Server, SCCM-Server).
    I tried several steps on the SCCM Server:
    - Manual Uninstall
    - Re-Installation with "scepinstall.exe" from the SCCM Client Source (same error)
    - Re-Installation from SCCM Console (Push)
    I am not getting rid of this error... I do not want to delete registry keys and testing arround because this are productive Servers... Any ideas how to resolve this one???
    If you Need more Details about the infrastructure / OS, just ask.
    Patrik

    Reinstalling the SCCM Agent did not help to get any additional log-Information.
    But I did no found a log-file in C:\ProgramData\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.5.216.0_epp_install.log
    I find the following warnings / Errors:
    TEMP Folder which is created in C:\Windows\...:
     MSI-Missing:
    But that does not really help me...

  • Endpoint Protection Signature Updates taking up Terabytes of Internet Data

    I have my antimalware policy set up as below. I've been looking a web traffic reports on our firewalls and I can see that as of mid-December a lot of clients are going to the internet for their EP definition updates. In January alone client machines used
    up 44 TB of data going to download.windowsupdate.com for updates.
    I don't really understand why as my policy says not to even use Microsoft Update as a source at all.
    What I've noticed on the firewall reports is that Monday resulted in literally 100 times more traffic than Wednesday which led to me thinking it might having something to do with the "If configuration manager is used as a source for definition updates
    ...." setting. This setting has a default value of 72 hours so if a client gets an update at 8 am on Friday morning then is turned off on Friday afternoon for the weekend and doesn't get turned on until 9 am on Monday morning this would mean it hasn't
    had an update in 73 hours.
    What happens at this point? I looks like the client goes to download.windowsupdate.com even when the policy says not to. It also looks like it doesn't first check for updates from Config Manager before it does this.
    Another thing that doesn't make much sense is that this only started happening mid-December and I had been using SCCM for EP updates for nearly two months by that time.
    Any ideas?
    Hibs Ya Bass!

    There is no value in that registry key.
    HHowever I have noticed that my ADRs have the below setting. I'm not sure what will happen with this setting enabled when I have no fallback locations configured.
    Here are some logs of a typical PC going to the internet for updates - remember not all PCs are doing this.
    From the mplogxxxx.log below you can see the EP client starting up at 23:50 UTC with version 1.67.1843.0 signatures installed. This version is out of date.
    **************************END RTP Perf Log*************************
    2014-03-16T23:50:33.339Z Verifying license file...
    2014-03-16T23:50:33.339Z verified!
    2014-03-16T23:50:33.339Z Product supports installmode: 0
    2014-03-16T23:50:33.620Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
    Product Version: 4.4.304.0
    Service Version: 4.4.304.0
    Engine Version: 1.1.10302.0
    AS Signature Version: 1.167.1843.0
    AV Signature Version: 1.167.1843.0
    2014-03-16T23:51:24.971Z Process scan (poststartupscan) started.
    2014-03-16T23:51:26.572Z Process scan (poststartupscan) completed.
    2014-03-16T23:53:05.128Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
    2014-03-16T23:53:05.128Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
    2014-03-16T23:57:58.214Z Task(SpyNetService -RestrictPrivileges -AccessKey 613C3C1F-F85A-BCED-39AF-C0B481FC03E0) launched
    2014-03-17T00:00:31.917Z Task(Scan -ScheduleJob -RestrictPrivileges) is scheduled to run in 604800000(ms) from now with period 190246545(ms)
    2014-03-17T00:00:31.917Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 1454570(ms)
    2014-03-17T00:00:31.918Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 65506808(ms)
    2014-03-17T00:00:32.197Z AutoPurgeWorker triggered with dwWork=0x3
    2014-03-17T00:00:32.197Z Product supports installmode: 0
    ==========================================================================
    A few minutes later at 23:55 (07:53 local time) the below happens in the WindowsUpdate.log where you can clearly see the client downloading the latest signatures from download.windowsupsate.com (i've removed some of the rows where the WU engine goes through
    all the updates to get under the 60,000 character limit)
    ================================================================
    2014-03-17    07:53:03:403     452    1398    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: +0800)  ===========
    2014-03-17    07:53:03:465     452    1398    Misc      = Process: C:\windows\system32\svchost.exe
    2014-03-17    07:53:03:480     452    1398    Misc      = Module: c:\windows\system32\wuaueng.dll
    2014-03-17    07:53:03:403     452    1398    Service    *************
    2014-03-17    07:53:03:480     452    1398    Service    ** START **  Service: Service startup
    2014-03-17    07:53:03:480     452    1398    Service    *********
    2014-03-17    07:53:04:351     452    1398    Agent      * WU client version 7.6.7600.256
    2014-03-17    07:53:04:351     452    1398    Agent      * Base directory: C:\windows\SoftwareDistribution
    2014-03-17    07:53:04:351     452    1398    Agent      * Access type: No proxy
    2014-03-17    07:53:04:366     452    1398    Agent      * Network state: Connected
    2014-03-17    07:53:17:688     452    bf4    Report    CWERReporter::Init succeeded
    2014-03-17    07:53:17:688     452    bf4    Agent    ***********  Agent: Initializing Windows Update Agent  ***********
    2014-03-17    07:53:17:688     452    bf4    Agent    ***********  Agent: Initializing global settings cache  ***********
    2014-03-17    07:53:17:688     452    bf4    Agent      * WSUS server: HTTP://mySiteServer.domain.GLOBAL:8530
    2014-03-17    07:53:17:688     452    bf4    Agent      * WSUS status server: HTTP://mySiteServer.domain.GLOBAL:8530
    2014-03-17    07:53:17:688     452    bf4    Agent      * Target group: (Unassigned Computers)
    2014-03-17    07:53:17:688     452    bf4    Agent      * Windows Update access disabled: No
    2014-03-17    07:53:17:719     452    bf4    DnldMgr    Download manager restoring 0 downloads
    2014-03-17    07:53:18:045     452    1398    Report    ***********  Report: Initializing static reporting data  ***********
    2014-03-17    07:53:18:045     452    1398    Report      * OS Version = 6.1.7601.1.0.65792
    2014-03-17    07:53:18:045     452    1398    Report      * OS Product Type = 0x00000004
    2014-03-17    07:53:18:061     452    1398    Report      * Computer Brand = Hewlett-Packard
    2014-03-17    07:53:18:061     452    1398    Report      * Computer Model = HP Z210 Workstation
    2014-03-17    07:53:18:061     452    1398    Report      * Bios Revision = J51 v01.20
    2014-03-17    07:53:18:061     452    1398    Report      * Bios Name = Default System BIOS
    2014-03-17    07:53:18:061     452    1398    Report      * Bios Release Date = 2011-09-16T00:00:00
    2014-03-17    07:53:18:061     452    1398    Report      * Locale ID = 3081
    2014-03-17    07:53:23:144     452    9fc    Report    CWERReporter finishing event handling. (00000000)
    2014-03-17    07:53:23:362    4672    a50    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: +0800)  ===========
    2014-03-17    07:53:23:362    4672    a50    Misc      = Process: C:\windows\CCM\CcmExec.exe
    2014-03-17    07:53:23:362    4672    a50    Misc      = Module: C:\Windows\system32\wuapi.dll
    2014-03-17    07:53:23:362    4672    a50    COMAPI    -------------
    2014-03-17    07:53:23:362    4672    a50    COMAPI    -- START --  COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:53:23:362    4672    a50    COMAPI    ---------
    2014-03-17    07:53:23:470     452    9fc    Agent    *************
    2014-03-17    07:53:23:470     452    9fc    Agent    ** START **  Agent: Finding updates [CallerId = CcmExec]
    2014-03-17    07:53:23:470     452    9fc    Agent    *********
    2014-03-17    07:53:23:470    4672    a50    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:53:23:470     452    9fc    Agent      * Include potentially superseded updates
    2014-03-17    07:53:23:470     452    9fc    Agent      * Online = No; Ignore download priority = Yes
    2014-03-17    07:53:23:470     452    9fc    Agent      * Criteria = "((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4'))"
    2014-03-17    07:53:23:470     452    9fc    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2014-03-17    07:53:23:470     452    9fc    Agent      * Search Scope = {Machine}
    2014-03-17    07:53:50:191     452    1398    AU    ###########  AU: Initializing Automatic Updates  ###########
    2014-03-17    07:53:50:378     452    1398    AU    AU setting next sqm report timeout to 2014-03-16 23:53:50
    2014-03-17    07:53:50:378     452    1398    AU      # AU disabled through Policy
    2014-03-17    07:53:50:378     452    1398    AU      # Will interact with non-admins (Non-admins are elevated (User preference))
    2014-03-17    07:53:50:409     452    1398    AU    Initializing featured updates
    2014-03-17    07:53:50:409     452    1398    AU    Found 0 cached featured updates
    2014-03-17    07:53:50:409     452    1398    AU    Successfully wrote event for AU health state:0
    2014-03-17    07:53:50:409     452    1398    AU    Successfully wrote event for AU health state:0
    2014-03-17    07:53:50:409     452    1398    AU    AU finished delayed initialization
    2014-03-17    07:53:50:409     452    1398    AU    AU setting next sqm report timeout to 2014-03-17 23:53:50
    2014-03-17    07:55:40:569     452    9fc    Agent    *************
    2014-03-17    07:55:40:591     452    9fc    Report    CWERReporter finishing event handling. (00000000)
    2014-03-17    07:55:40:592    4672    e6c    COMAPI    >>--  RESUMED  -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:55:40:936    4672    e6c    COMAPI      - Updates found = 96
    2014-03-17    07:55:40:936    4672    e6c    COMAPI    ---------
    2014-03-17    07:55:40:936    4672    e6c    COMAPI    --  END  --  COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:55:40:936    4672    e6c    COMAPI    -------------
    2014-03-17    07:56:38:889    4672    1534    COMAPI    -------------
    2014-03-17    07:56:38:889    4672    1534    COMAPI    -- START --  COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:56:38:889    4672    1534    COMAPI    ---------
    2014-03-17    07:56:38:891     452    9fc    Agent    *************
    2014-03-17    07:56:38:891     452    9fc    Agent    ** START **  Agent: Finding updates [CallerId = CcmExec]
    2014-03-17    07:56:38:891     452    9fc    Agent    *********
    2014-03-17    07:56:38:891    4672    1534    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:56:38:891     452    9fc    Agent      * Include potentially superseded updates
    2014-03-17    07:56:38:891     452    9fc    Agent      * Online = No; Ignore download priority = Yes
    2014-03-17    07:56:38:891     452    9fc    Agent      * Criteria = "((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4'))"
    2014-03-17    07:56:38:891     452    9fc    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2014-03-17    07:56:38:891     452    9fc    Agent      * Search Scope = {Machine}
    279C58FA-1C7C-41B2-81F5-F9D92DD1D8E6}.200 to search result
    2014-03-17    07:56:46:433     452    9fc    Agent      * Added update {B1D0B8FF-1023-438F-BE07-CD893F229A68}.200 to search result
    2014-03-17    07:56:46:462     452    9fc    Agent      * Found 96 updates and 10 categories in search; evaluated appl. rules of 1952 out of 3516 deployed entities
    2014-03-17    07:56:46:463     452    9fc    Agent    *********
    2014-03-17    07:56:46:463     452    9fc    Agent    **  END  **  Agent: Finding updates [CallerId = CcmExec]
    2014-03-17    07:56:46:463     452    9fc    Agent    *************
    2014-03-17    07:56:46:488    4672    a34    COMAPI    >>--  RESUMED  -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:56:46:515    4672    a34    COMAPI      - Updates found = 96
    2014-03-17    07:56:46:515    4672    a34    COMAPI    ---------
    2014-03-17    07:56:46:515    4672    a34    COMAPI    --  END  --  COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:56:46:515    4672    a34    COMAPI    -------------
    2014-03-17    07:59:28:666    4672    1ba0    COMAPI    -------------
    2014-03-17    07:59:28:666    4672    1ba0    COMAPI    -- START --  COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:59:28:666    4672    1ba0    COMAPI    ---------
    2014-03-17    07:59:28:668    4672    1ba0    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:59:28:668     452    9fc    Agent    *************
    2014-03-17    07:59:28:668     452    9fc    Agent    ** START **  Agent: Finding updates [CallerId = CcmExec]
    2014-03-17    07:59:28:668     452    9fc    Agent    *********
    2014-03-17    07:59:28:668     452    9fc    Agent      * Include potentially superseded updates
    2014-03-17    07:59:28:668     452    9fc    Agent      * Online = Yes; Ignore download priority = Yes
    2014-03-17    07:59:28:668     452    9fc    Agent      * Criteria = "((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'A38C835C-2950-4E87-86CC-6911A52C34A3'))"
    2014-03-17    07:59:28:668     452    9fc    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2014-03-17    07:59:28:668     452    9fc    Agent      * Search Scope = {Machine}
    2014-03-17    07:59:28:755     452    9fc    PT    WARNING: Cached cookie has expired or new PID is available
    2014-03-17    07:59:28:755     452    9fc    PT    Initializing simple targeting cookie, clientId = 553c311c-66c6-4896-a549-521f549398a5, target group = , DNS name = mySiteServer.domain.global
    2014-03-17    07:59:28:755     452    9fc    PT      Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/SimpleAuthWebService/SimpleAuth.asmx
    2014-03-17    07:59:29:227     452    9fc    PT    +++++++++++  PT: Starting category scan  +++++++++++
    2014-03-17    07:59:29:227     452    9fc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/ClientWebService/client.asmx
    2014-03-17    07:59:29:406     452    9fc    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2014-03-17    07:59:29:406     452    9fc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/ClientWebService/client.asmx
    2014-03-17    07:59:30:089     452    9fc    PT    +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2014-03-17    07:59:30:089     452    9fc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/ClientWebService/client.asmx
    2014-03-17    07:59:55:387    4672    1534    COMAPI    ---------
    2014-03-17    07:59:55:388    4672    1534    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    07:59:55:388     452    9fc    Agent    *************
    2014-03-17    07:59:55:388     452    9fc    Agent    ** START **  Agent: Finding updates [CallerId = CcmExec]
    2014-03-17    07:59:55:388     452    9fc    Agent    *********
    2014-03-17    07:59:55:388     452    9fc    Agent      * Include potentially superseded updates
    2014-03-17    07:59:55:388     452    9fc    Agent      * Online = Yes; Ignore download priority = Yes
    2014-03-17    07:59:55:388     452    9fc    Agent      * Criteria = "((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'E0789628-CE08-4437-BE74-2495B842F43B'))"
    2014-03-17    07:59:55:389     452    9fc    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2014-03-17    07:59:55:389     452    9fc    Agent      * Search Scope = {Machine}
    2014-03-17    07:59:55:433     452    9fc    PT    +++++++++++  PT: Starting category scan  +++++++++++
    2014-03-17    07:59:55:433     452    9fc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/ClientWebService/client.asmx
    2014-03-17    08:00:02:360     452    9fc    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2014-03-17    08:00:02:360     452    9fc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/ClientWebService/client.asmx
    2014-03-17    08:00:16:100     452    9fc    Agent    WARNING: Failed to evaluate Installed rule, updateId = {189A8F50-0C3A-4FDF-8BC2-BC23A3EB11FB}.101, hr = 80242013
    2014-03-17    08:00:18:951     452    9fc    PT    +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2014-03-17    08:00:18:951     452    9fc    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://mySiteServer.domain.GLOBAL:8530/ClientWebService/client.asmx
    2014-03-17    08:00:19:974     452    1398    AU    Can not perform non-interactive scan if AU is interactive-only
    2014-03-17    08:00:19:979     452    9fc    Agent    *************
    2014-03-17    08:00:20:008     452    9fc    Report    REPORT EVENT: {B2A79652-BABC-46DE-B505-B6CB6D5CD9A8}    2014-03-17 08:00:19:978+0800    1  
     147    101    {00000000-0000-0000-0000-000000000000}    0    0    CcmExec    Success    Software Synchronization    Windows Update
    Client successfully detected 12 updates.
    2014-03-17    08:00:20:008     452    9fc    Report    CWERReporter finishing event handling. (00000000)
    2014-03-17    08:00:20:008    4672    1534    COMAPI    >>--  RESUMED  -- COMAPI: Search [ClientId = CcmExec]
    2014-03-17    08:00:20:013    4672    1534    COMAPI      - Updates found = 12
    2014-03-17    08:00:20:013    4672    1534    COMAPI    ---------
    2014-03-17    08:00:20:013    4672    1534    COMAPI    --  END  --  COMAPI: Search [ClientId = CcmExec]
    2014-03-17    08:00:20:013    4672    1534    COMAPI    -------------
    2014-03-17    08:00:24:973     452    9fc    Report    CWERReporter finishing event handling. (00000000)
    2014-03-17    08:24:46:620    5620    1890    Misc    ===========  Logging initialized (build: 7.6.7600.256, tz: +0800)  ===========
    2014-03-17    08:24:46:620    5620    1890    Misc      = Process: c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    2014-03-17    08:24:46:620    5620    1890    Misc      = Module: C:\Windows\system32\wuapi.dll
    2014-03-17    08:24:46:620    5620    1890    COMAPI    -------------
    2014-03-17    08:24:46:620    5620    1890    COMAPI    -- START --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:46:620    5620    1890    COMAPI    ---------
    2014-03-17    08:24:46:623    5620    1890    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:46:623     452    1a78    Agent    *************
    2014-03-17    08:24:46:623     452    1a78    Agent    ** START **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:46:623     452    1a78    Agent    *********
    2014-03-17    08:24:46:623     452    1a78    Agent      * Online = Yes; Ignore download priority = No
    2014-03-17    08:24:46:623     452    1a78    Agent      * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'a38c835c-2950-4e87-86cc-6911a52c34a3' and
    CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
    2014-03-17    08:24:46:623     452    1a78    Agent      * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
    2014-03-17    08:24:46:623     452    1a78    Agent      * Search Scope = {Machine}
    2014-03-17    08:24:46:657     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2014-03-17    08:24:46:706     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:48:018     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
    2014-03-17    08:24:48:025     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:48:073     452    1a78    Agent    Checking for updated auth cab for service 7971f918-a847-4430-9279-4a52d1efe18d at http://ds.download.windowsupdate.com/v10/1/microsoftupdate/redir/muauth.cab
    2014-03-17    08:24:48:073     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2014-03-17    08:24:48:083     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:48:644     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\AuthCabs\authcab.cab:
    2014-03-17    08:24:48:650     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:48:755     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
    2014-03-17    08:24:48:762     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:49:139     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
    2014-03-17    08:24:49:146     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:49:156     452    1a78    PT    WARNING: Cached cookie has expired or new PID is available
    2014-03-17    08:24:51:859     452    1a78    PT    +++++++++++  PT: Starting category scan  +++++++++++
    2014-03-17    08:24:51:860     452    1a78    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
    2014-03-17    08:24:52:293     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
    2014-03-17    08:24:52:296     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:52:570     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
    2014-03-17    08:24:52:577     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:52:584     452    1a78    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2014-03-17    08:24:52:584     452    1a78    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
    2014-03-17    08:24:52:584     452    1a78    PT    WARNING: Cached cookie has expired or new PID is available
    2014-03-17    08:24:54:237     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
    2014-03-17    08:24:54:241     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:54:851     452    1a78    Misc    Validating signature for C:\windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab:
    2014-03-17    08:24:54:857     452    1a78    Misc     Microsoft signed: Yes
    2014-03-17    08:24:54:864     452    1a78    PT    +++++++++++  PT: Synchronizing extended update info  +++++++++++
    2014-03-17    08:24:54:864     452    1a78    PT      + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://update.microsoft.com/v6/ClientWebService/client.asmx
    2014-03-17    08:24:55:403     452    1398    AU    Can not perform non-interactive scan if AU is interactive-only
    2014-03-17    08:24:55:405     452    1a78    Agent    Update {59B2BB4D-839D-4719-8905-48902D4F9E0B}.200 is pruned out due to potential supersedence
    2014-03-17    08:24:55:405     452    1a78    Agent    Update {759CD48D-010A-42E7-84DE-AC43603E653D}.200 is pruned out due to potential supersedence
    2014-03-17    08:24:55:405     452    1a78    Agent    Update {B31982D9-2558-4A53-8EC7-9FF0E865698C}.200 is pruned out due to potential supersedence
    2014-03-17    08:24:55:406     452    1a78    Agent    Update {DB9D9C73-2729-4248-9314-663B427AF113}.200 is pruned out due to potential supersedence
    2014-03-17    08:24:55:406     452    1a78    Agent    Update {7AF502C1-C821-414B-9FD3-47F52F3FD523}.200 is pruned out due to potential supersedence
    2014-03-17    08:24:55:406     452    1a78    Agent      * Added update {33FBE82E-BE96-48C4-9C34-F6AEC8569DC7}.200 to search result
    2014-03-17    08:24:55:406     452    1a78    Agent      * Found 1 updates and 4 categories in search; evaluated appl. rules of 61 out of 76 deployed entities
    2014-03-17    08:24:55:413     452    1a78    Agent    *********
    2014-03-17    08:24:55:413     452    1a78    Agent    **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:413     452    1a78    Agent    *************
    2014-03-17    08:24:55:414    5620    1518    COMAPI    >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:416    5620    1518    COMAPI      - Updates found = 1
    2014-03-17    08:24:55:416    5620    1518    COMAPI    ---------
    2014-03-17    08:24:55:416    5620    1518    COMAPI    --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:416    5620    1518    COMAPI    -------------
    2014-03-17    08:24:55:419    5620    b4c    COMAPI    -------------
    2014-03-17    08:24:55:419    5620    b4c    COMAPI    -- START --  COMAPI: Download [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:419    5620    b4c    COMAPI    ---------
    2014-03-17    08:24:55:419    5620    b4c    COMAPI      - Forced: No; Download priority: 2
    2014-03-17    08:24:55:419    5620    b4c    COMAPI      - Updates in request: 1
    2014-03-17    08:24:55:419    5620    b4c    COMAPI      - ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
    2014-03-17    08:24:55:422    5620    b4c    COMAPI    <<-- SUBMITTED -- COMAPI: Download [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:422     452    1a78    DnldMgr    *************
    2014-03-17    08:24:55:422     452    1a78    DnldMgr    ** START **  DnldMgr: Downloading updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:422     452    1a78    DnldMgr    *********
    2014-03-17    08:24:55:422     452    1a78    DnldMgr      * Call ID = {E0013492-D13F-43AB-896F-8521DE916FCD}
    2014-03-17    08:24:55:422     452    1a78    DnldMgr      * Priority = 2, Interactive = 1, Owner is system = 1, Explicit proxy = 1, Proxy session id = -1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
    2014-03-17    08:24:55:422     452    1a78    DnldMgr      * Updates to download = 1
    2014-03-17    08:24:55:422     452    1a78    Agent      *   Title = Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.167.2113.0)
    2014-03-17    08:24:55:422     452    1a78    Agent      *   UpdateId = {33FBE82E-BE96-48C4-9C34-F6AEC8569DC7}.200
    2014-03-17    08:24:55:422     452    1a78    Agent      *     Bundles 3 updates:
    2014-03-17    08:24:55:422     452    1a78    Agent      *       {7E4CD222-2348-4617-A8FD-4608CA0F5D9C}.200
    2014-03-17    08:24:55:422     452    1a78    Agent      *       {85F7798B-FE1C-4AAB-8B5C-313B2ACB1778}.200
    2014-03-17    08:24:55:422     452    1a78    Agent      *       {F7095866-6910-4D42-B4BE-AA4ECE02D6CA}.200
    2014-03-17    08:24:55:441     452    1a78    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {85F7798B-FE1C-4AAB-8B5C-313B2ACB1778}.200]  ***********
    2014-03-17    08:24:55:492     452    1a78    DnldMgr      * BITS job initialized, JobId = {774F570F-FF72-408E-B8F9-1A9EC2A9DFEC}
    2014-03-17    08:24:55:492     452    1a78    DnldMgr    BITS job {774F570F-FF72-408E-B8F9-1A9EC2A9DFEC} using proxy = nzpr01.domain.co.nz:8080;proxy.domain.co.nz:8080, bypass = <NULL>
    2014-03-17    08:24:55:539     452    1a78    DnldMgr      * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2014/03/nis_delta_patch_35110c44392d4ed2952852248b7d4e98730d59d7.exe
    to C:\windows\SoftwareDistribution\Download\5d16f20387cc485e8ab3f76cf00d482d\35110c44392d4ed2952852248b7d4e98730d59d7 (full file).
    2014-03-17    08:24:55:617     452    1a78    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {F7095866-6910-4D42-B4BE-AA4ECE02D6CA}.200]  ***********
    2014-03-17    08:24:55:676     452    1a78    DnldMgr      * BITS job initialized, JobId = {34C6823B-B255-429F-ABB3-31D850C69994}
    2014-03-17    08:24:55:676     452    1a78    DnldMgr    BITS job {34C6823B-B255-429F-ABB3-31D850C69994} using proxy = nzpr01.domain.co.nz:8080;proxy.domain.co.nz:8080, bypass = <NULL>
    2014-03-17    08:24:55:792     452    1a78    DnldMgr      * Downloading from http://download.windowsupdate.com/msdownload/update/software/defu/2014/03/am_delta_4561a4006e1295d251371592cbebc2c18adcca43.exe
    to C:\windows\SoftwareDistribution\Download\8439bb6ce5944930522a2c27c57de50e\4561a4006e1295d251371592cbebc2c18adcca43 (full file).
    2014-03-17    08:24:55:943     452    1a78    Agent    *********
    2014-03-17    08:24:55:943     452    1a78    Agent    **  END  **  Agent: Downloading updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
    2014-03-17    08:24:55:943     452    1a78    Agent    *************
    2014-03-17    08:25:00:411     452    1a78    Report    REPORT EVENT: {4215F4AF-AAF5-4BB5-BE2C-BB09A9BA6176}    2014-03-17 08:24:55:412+0800    1  
     147    101    {00000000-0000-0000-0000-000000000000}    0    0    System Center Endpoint Protecti    Success    Software Synchronization  
     Windows Update Client successfully detected 1 updates.
    2014-03-17    08:25:00:411     452    1a78    Report    CWERReporter finishing event handling. (00000000)
    2014-03-17    08:25:17:443     452    134c    DnldMgr    BITS job {774F570F-FF72-408E-B8F9-1A9EC2A9DFEC} completed successfully
    2014-03-17    08:25:17:486     452    134c    Misc    Validating signature for C:\windows\SoftwareDistribution\Download\5d16f20387cc485e8ab3f76cf00d482d\35110c44392d4ed2952852248b7d4e98730d59d7:
    2014-03-17    08:25:17:496     452    134c    Misc     Microsoft signed: Yes
    2014-03-17    08:25:17:499     452    134c    DnldMgr      Download job bytes total = 76056, bytes transferred = 76056
    2014-03-17    08:25:17:500     452    134c    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {85F7798B-FE1C-4AAB-8B5C-313B2ACB1778}.200]  ***********
    2014-03-17    08:25:17:501     452    134c    DnldMgr      * All files for update were already downloaded and are valid.
    2014-03-17    08:25:22:501     452    1a78    Report    CWERReporter finishing event handling. (00000000)
    Hibs Ya Bass!

  • SCCM Server says Forefront Endpoint Protection failed to install update(s)

    I have a single SCCM 2012 SP1 CU4 server running on Windows Server 2012.  I primarily use this for Endpoint Protection and Windows Updates.
    Recently I started seeing a lot of errors in the Endpoint Protection deployments.  This one has me baffled because the Endpoint Protection client on the machine says that it is up-to-date.  However, when I go to
    Monitoring --> Deployments on the server, I see tons of errors that read "Failed to install update(s)."
    Under the "Last Enforcement Error Code" heading, it reads: 
    0x80070643. 
    I have spent several days searching about this, but the only info I can find is about Endpoint Protection
    installation problems.  In my case, though, I have Endpoint Protection installed...it is the
    update(s) that are showing the errors.
    Server screen-shot:
    Client screen-shot:
    Thanks in advance for any help.

    I see these entries starting at 6:19 PM last night and ending at 6:09 AM today:  I put in
    bold what kind of stands out to me. 
    Assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} has total CI = 1    UpdatesDeploymentAgent    5/15/2014 6:19:29 PM    1232 (0x04D0)
    OnPolicyModify for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})...     UpdatesDeploymentAgent    5/15/2014 6:19:29 PM    1232 (0x04D0)
    Starting forced trigger (TriggerActivate) for assignment {7b642d5f-623d-4c44-a902-a414bef0adf7}    UpdatesDeploymentAgent    5/15/2014 6:19:29 PM    1232 (0x04D0)
    Detection job ({F7A501B7-38F4-458B-AA62-F32212D3B614}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:19:29 PM    1232 (0x04D0)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:02 PM    1072 (0x0430)
    DetectJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:02 PM    4632 (0x1218)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:20:02 PM    4632 (0x1218)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:20:02 PM    4632 (0x1218)
    DownloadCIContents Job ({8C3E7548-DA29-48EB-B3C3-12B96B31D492}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:02 PM    4632 (0x1218)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    4632 (0x1218)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    4508 (0x119C)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM  
     4508 (0x119C)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM  
     4508 (0x119C)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    4508 (0x119C)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    4508 (0x119C)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    4508 (0x119C)
    DownloadJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    1128 (0x0468)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    1128 (0x0468)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:20:03 PM    1128 (0x0468)
    Message received: '<?xml version='1.0' ?>
        <CIAssignmentMessage MessageType='Activation'>
            <AssignmentID>{7b642d5f-623d-4c44-a902-a414bef0adf7}</AssignmentID>
        </CIAssignmentMessage>'    UpdatesDeploymentAgent    5/15/2014 6:37:00 PM    452 (0x01C4)
    Assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} has total CI = 2    UpdatesDeploymentAgent    5/15/2014 6:37:00 PM    452 (0x01C4)
    Assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7}) received activation trigger    UpdatesDeploymentAgent    5/15/2014 6:37:00 PM    452 (0x01C4)
    Detection job ({726D8962-0690-46DB-B9A0-FF5D979AE3CF}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:00 PM    452 (0x01C4)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:00 PM    620 (0x026C)
    DetectJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    4496 (0x1190)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    4496 (0x1190)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    4496 (0x1190)
    DownloadCIContents Job ({7EEA627C-B1B3-457D-BE69-6F3A8DDDA692}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    4496 (0x1190)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    452 (0x01C4)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM  
     1648 (0x0670)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM  
     1648 (0x0670)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    DownloadJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/15/2014 6:37:01 PM    1648 (0x0670)
    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    Suspend activity in presentation mode is selected    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    Atleast one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode.    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    Proceeding to non-business hours activites as presentation mode is off.    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    Auto install during non-business hours is disabled or never set, selecting only scheduled updates.    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    A user-defined service window(non-business hours) is available. We will attempt to install any scheduled updates.    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    Attempting to install 0 updates    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    No actionable updates for install task. No attempt required.    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    Updates could not be installed at this time. Waiting for the next maintenance window.    UpdatesDeploymentAgent    5/15/2014 10:00:00 PM    3736 (0x0E98)
    CUpdateAssignmentsManager received a SERVICEWINDOWEVENT END Event    UpdatesDeploymentAgent    5/16/2014 5:00:00 AM    3500 (0x0DAC)
    No current service window available to run updates assignment with time required = 1    UpdatesDeploymentAgent    5/16/2014 5:00:00 AM    3500 (0x0DAC)
    Attempting to cancel any job started at non-business hours.    UpdatesDeploymentAgent    5/16/2014 5:00:00 AM    3500 (0x0DAC)
    Message received: '<?xml version='1.0' ?>
        <CIAssignmentMessage MessageType='EnforcementDeadline'>
            <AssignmentID>{7b642d5f-623d-4c44-a902-a414bef0adf7}</AssignmentID>
        </CIAssignmentMessage>'    UpdatesDeploymentAgent    5/16/2014 6:09:00 AM    2768 (0x0AD0)
    Assignment {7b642d5f-623d-4c44-a902-a414bef0adf7} has total CI = 2    UpdatesDeploymentAgent    5/16/2014 6:09:00 AM    2768 (0x0AD0)
    Deadline received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:00 AM    2768 (0x0AD0)
    Detection job ({41BE2786-E548-429E-9590-5102B1F8DE2A}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:00 AM    2768 (0x0AD0)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:00 AM    4660 (0x1234)
    DetectJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    4660 (0x1234)
    UpdateAssginment Download: CCM_CONTENT_WF_DEADLINE_DOWNLOAD set    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    4660 (0x1234)
    DownloadCIContents Job ({D484DF2D-C472-478E-A75F-1C50DACF6A5D}) started for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    4660 (0x1234)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    4660 (0x1234)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    748 (0x02EC)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM  
     748 (0x02EC)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM  
     748 (0x02EC)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    748 (0x02EC)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    748 (0x02EC)
    Progress received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    748 (0x02EC)
    DownloadJob completion received for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:01 AM    748 (0x02EC)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2187.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/16/2014 6:09:02 AM    748 (0x02EC)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Name (Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.2219.0)) ArticleID (2461484) added to the targeted list of deployment ({7b642d5f-623d-4c44-a902-a414bef0adf7})  
     UpdatesDeploymentAgent    5/16/2014 6:09:02 AM    748 (0x02EC)
    Starting install for assignment ({7b642d5f-623d-4c44-a902-a414bef0adf7})    UpdatesDeploymentAgent    5/16/2014 6:09:02 AM    748 (0x02EC)
    ApplyCIs - JobId = {24FEF2A6-EFAB-4675-B3DE-E357BD4D7384}    UpdatesDeploymentAgent    5/16/2014 6:09:02 AM    748 (0x02EC)
    Raising client SDK event for class NULL, instance NULL, actionType 13l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l    UpdatesDeploymentAgent    5/16/2014 6:09:02 AM    748 (0x02EC)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDetecting, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:02
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDetecting, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:02
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateDownloading, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:02
    AM    2788 (0x0AE4)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateDownloading, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:02
    AM    2788 (0x0AE4)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateWaitInstall, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:02
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateWaitInstall, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:02
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateInstalling, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:22
    AM    2788 (0x0AE4)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:22
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_4fcb1b37-19a1-4c12-a77c-bbe513872a43) Progress: Status = ciStateVerifying, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:22
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateInstalling, PercentComplete = 100, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:22
    AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17EA00E/SUM_ba89c7f4-5400-4c40-aa1b-aefa5fbdffb2) Progress: Status = ciStateVerifying, PercentComplete = 0, DownloadSize = 0, Result = 0x0    UpdatesDeploymentAgent    5/16/2014 6:09:22
    AM    2788 (0x0AE4)
    CUpdatesJob({24FEF2A6-EFAB-4675-B3DE-E357BD4D7384}): Job completion received.    UpdatesDeploymentAgent    5/16/2014 6:09:51 AM    4660 (0x1234)
    Update (Site_A0C81BE8-8706-4378-B3C3-9149D17
    I did not specifically specify any maintenance windows.  It looks like the default business hours are set on the client though:
    Is this maybe causing my problems???  Is it possible to change that default value from the SCCM console??
    Thanks again for all of your help!

Maybe you are looking for

  • Creating a pseudo column in class-table mapping

    I would like to create a class (Reference) with attributes long owner ; long child ; String childName ; // read only This will be loaded into the owner object in a Vector. This will be mapped to a database table (db_references) with columns owner num

  • Ruleset Comparison in GRC10

    Hi, Does any one also know the Ruleset comparison program name in GRC10. I tried running the Ruleset comparison option from NWBC->Setup-> Access Ruleset Maintenance->Rulesetup->Ruleset Comparison, there is an option to select Risks,Actions,Permission

  • Windows Explorer Thumbnail View and 7D Mark II RAW Files

    I am running latest version of PhotoShop CC on Windows 8.1 Toshiba laptop. Prior to purchasing my Canon 7D Mark II, I could view Canon RAW files as photo thumbnails in Windows Explorer. Since upgrading cameras, I get generic thumbnails when I view a

  • Error in Initial Load of Products from ECC to CRM

    Hi ,     Im getting below errors In initial load of MATERIAL from ECC to CRM. <b>Data cannot be maintained for set type COMM_PR_MAT Data cannot be maintained for set type COMM_PR_UNIT Data cannot be maintained for set type COMM_PR_SHTEXT</b> <b>My An

  • Updating iPod After Software Update

    Howdy, Bit of a problem here. All of the software was updated last night and my iPod has been updated, yet it now says I need to plug it in to the standard electricity supply for it to update, but I don't have that plug. So, I can't use my iPod Anyth