SCCM Server says Forefront Endpoint Protection failed to install update(s)

Similar Messages

• SCCM 2012 R2: Forefront Endpoint protection via automatic updates only work when manually triggering automatic updat rule

  Hi,
  I followed this manual to configure forefront endpoint protection on clients: http://www.windows-noob.com/forums/index.php?/topic/6106-using-system-center-2012-configuration-manager-part-6-adding-the-endpoint-protection-role-configure-alerts-and-custom-antimalware-policies/
  Now in short: everything works fine ... as long as I trigger the audomatic deployment rules.
  Current situation:
  1. ADR ran fine (3:30 this night)
  2.Software update group is NOT ok
  3.I run ADR manually (right click on ADR, run)
  4.software update group is ok (green icon)
  Then virusupdates are succesfull. This means that clients only update their virus definitions when I manually run the ADR-rule.
  I'm missing something here.
  Please advise.
  J.
  Jan Hoedt

  Probably this issue: http://social.technet.microsoft.com/Forums/en-US/c6109678-785b-4c6d-9cb4-c9dfc1e34b2e/sccm-2012-automatic-deployment-rule-not-executing-updates-for-scep?forum=configmanagerapps
  Iow: wsus updates were scheduled at 3, automatic update rules at 3:15, probably sync wasn't done yet so it doesn't find updates. "The day after" updates are marked as expired.
  Jan Hoedt

• SCCM and ForeFront Endpoint Protection point site system role

  Thanks for looking at this......I am working with SCCM 2012, and ForeFront Endpoint Protection has been set up as an Endpoint Protection point site system role.  Up to now we just haven't had to mess with it much, it just has worked.  I
  have been busy packaging applications for the eager public. I have one pc that has had the Endpoint client self destruct.  Had to remove it via the control panel.  I next did a machine policy retrieval and evaluation cycle (among others) and sccm
  shows that it is aware that this particular machine needs FEP. It lists it as "To Be Installed".  How long will this take?  I have things set for "as soon as possible".   Am I at the mercy of Sccm?  Also, is there
  a way to force the install?  Thanks for any light you can shed on this!

  This will depend on your SCCM client policy settings to allow SCEP installation outside of maintenance windows (if you have any).
  It will also depend if you are using 2 hour deployment "randomizer" option in your SCCM client policy.
  Lastly, you can install it with BITS that have already been downloaded with SCCM client install.
  c:\windows\ccmsetup\scepintall.exe

• Forefront Endpoint Protection 2010 - Exclude files and locations == Exclude processes??

  Hi,
  I have a server with Forefront Endpoint Protection 2010 installed.
  This server is running Backup Exec. I have created an files and folder exclusion pointing to:
  C:\Program Files\Symantec
  There are various references online like this one
  http://www.symantec.com/business/support/index?page=content&id=TECH74529
  Which highlight excluding the processes rather than what I have done...
  If the process is inside the Symantec folder is there any technical difference between using the files and folder exclusion as opposed to the process exclusion?

  Yes, the difference is that excluding the folder location will only exclude the folder and the child items of that specific location from scanning activity whereas excluding a process will exclude any activity by the process regardless of location. So,
  with a process exclusion, if that process under C:\Program Files\Symantec produces activity in C:\Windows, the activity will be excluded from scanning, but if you just have the C:\Program Files\Symantec folder excluded, the activity in C:\Windows will not
  be excluded.

• Automatic Install of Endpoint Protection fails on windows 8.1 clients with SCCM 2012 R2

  Running SCCM 2012 R2 and deploying CM clients and Endpoint Protection via software updates. CM client and EP install fine on Windows 7 clients. CM client installs fine but endpoint protection fails on Windows 8.1 clients with the following from the
  endpoint protection agent log:
  <![LOG[Create Process Command line: "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /policy "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:22:02.560+240" date="08-13-2014" component="EndpointProtectionAgent"
  context="" type="1" thread="4260" file="epagentutil.cpp:607">
  <![LOG[Detail error message is : [EppSetupResult]
  HRESULT=0x80070643
  Description=Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal
  error during installation.
  So on the win8.1 client I run the above command line manually in a command window and receive Access is denied. Then I run the same command in an elevated command window and EP installs fine. Does this have something to do with why the automatic
  EP client install fails with the 0x80070643 error code? If so, what is the fix?

  Hi,
  Try uninstalling any other security software.
  For more information, please review the link below:
  I‘m getting an error code from my Microsoft security software
  http://www.microsoft.com/security/portal/mmpc/help/errorcodes.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Steps to install Forefront Endpoint Protection 2010?

  I've been searching on how to install Forefront Endpoint Protection 2010 on a Windows Server 2012 R2 Server.  I can't seem to find anything about this.  Can someone tell me the steps I need to take.  I installed SQL 2012, then SCCM
  2012, but when I launch the Forefront 2010 installer its saying it can't find SCCM 2007.  I take it its not supported in Forefront 2010? Anyways, if there are instructions on how to install the Endpoint Protection and Exchange Online protection I'd appreciate
  it.  
  Fernando

  Hi,
  In SCCM 2012 Endpoint Protection 2012 is integrated so you cannot install FEP 2010 in it. Add the Site System role called "Endpoint Protection" on your Primary site server, CAS if you use a CAS and then you are good to go.
  the steps are described here:
  http://blogs.technet.com/b/anilm/archive/2012/02/19/how-to-enable-configuration-manager-2012-endpoint-protection.aspx
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Forefront Endpoint Protection Monitoring Service

  Hello,
  I just saw that the Forefront Endpoint Protection Monitoring Service is stoppable. I had a virus a few weeks ago on my machine at home that has security essential installed. The virus continually disabled the service. Does it make sense to control the service
  via gpo to not make it stoppable even by the system and admin user?
  Cheers
  Sebastian
  Sebastian Bammer

  This is old discussion, but let me explain some improvements in Microsoft Anti-Malware Engine. When a program tried to disable any service, process or anything related to Windows Security or Microsoft Anti-Malware Engine , Firewall, etc. It will be detected
  as a suspicious behavior and it will be blocked (no matter whether it is known malware or unknown program). In case of unknown program, you might be asked to send more details or submit it to Microsoft Malware Protection Center.
  In addition, in Windows Vista and later version of Windows such as Windows 7, Windows 8.x when you have User Account Control (UAC), all programs run as an standard user unless you grand them permission as administrator. So by default, if a program tried
  to disable any Security related service in Windows is unable to that because it won't run as administrator and is unable to perform something which runs as administer unless, if you are in administrator account and UAC is off or you grand administrator privilege
  to the program (e.g. right click and run as administrator).
  However, if you still face any programs which might try to disable services and it won't block by FEP , Microsoft Security Essentials or other Microsoft Anti-Malware products, you could submit it sample to Microsoft Malware Protection Center for more analysis.

• Is Forefront Endpoint Protection 2010 detecting and removing CryptoLocker?

  Is Forefront Endpoint Protection 2010 detecting and removing CryptoLocker?

  Hi,
  For antimalware and antispyware, the latest definitions are
  1.187.361.0. You can install the latest updates:
  Updating your Microsoft antimalware and antispyware software
  If that threat cannot be detected or removed, you can feedback or submit a malware file in the Malware Protection Center.
  Best regards,
  Susie

• Forefront Endpoint Protection 2010 Antimalware Activity and Antimalware Protection Summary Reports aren't rendering properly.

  The Antimalware Activity and Antimalware Protection Summary Reports aren't rendering properly.  When I export them to PDF, they look normal but when I run either one of these reports through they don't display properly.  In the Antimalware
  Protection Summary report, the Latest Antimalware Protection Summary title bar has been extended and the Status legend is coved by white space and Latest Antimalware Definitions Summary title bar has been extended and Period legend
  are covered by white space.  On the same page the Antimalware Protection History-Week has been flushed to the right to where it only dispays Antimalw and the Antimalware Definitions History-Week has been flushed to the right to where it only dispays
  Antimalw.  On the Antimalware Activity the Actions legend has been flushed to the left.

  This is an old question but you may try it using the latest version of Forefront Endpoint Protection or System Center Endpoint Protection and let us know if you are able to reproduce the problem. There are many improvements in latest release of SCEP and
  FEP.

• SCOM 2007 R2 Forefront Endpoint Protection Management Pack

  Hi All,
  Question about Forefront Endpoint Protection Management Pack Alert configuration.
  We are receiving “Malware Outbreak” Monitor alert with below Alert Description:
  Protected Endpoints Watcher Forefront Endpoint Protection has detected active malware on more than 5% of your computers.
  Our customer is asking, How to find out the name of the 5% of computers with affected malware information. Kindly assist me on this. I could find only Watcher node.
  Thanks & Regards,
  Mohamed Sybulla

  Malware outbreak alert show Number of computers with the same malware detected
  To Generate report of computer names and version, see
  Viewing and printing reports.
  To resolve this alert, you can refer below links
  http://technet.microsoft.com/en-us/library/bb418869.aspx
  http://technet.microsoft.com/en-us/library/ff823761.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Weblogic Server 6.1 trial version fails to install in Linux

  Weblogic Server 6.1 trial version fails to install in Linux
  (in Linux Redhat 6.2, jdk 1.2.2)
  1. When unzipping the *.zip file "weblogic610_generic.zip", the unzip program
  reported that some files and directories not properly named. (using winzip, quite
  a number of files' directories start "d:/".
  2. During installation, the screen hanged right after choosing language, and the
  background threw "Exception in thread 'main'".

  Yes, that is exactly what I ran and it worked.
  Kernel: 2.2.12-20
  java -fullversion
  java full version "Linux_JDK_1.2.2_RC4"
  That was to install.
  Eric
  "Mo Guangquan" <[email protected]> wrote in message
  news:[email protected]...
  Hello,
  Could you give the detailed steps when you unzip and run? Did you only
  use the command "java -cp weblogic610_generic.zip install -i console" andit
  worked fine? Your system's basic setting like java version and kernal etc?
  Thanks.
  regards
  mo
  "Eric Gross" <[email protected]> wrote in message
  news:[email protected]...
  I actually did my test with RH 6.1. It worked fine.
  Regards,
  Eric
  "Alexander Klimenko" <[email protected]> wrote in message
  news:[email protected]...
  Sorry guys,
  but if you go to "supported platform" document you'll se just Linux RH
  7.1
  there.
  Regards,
  Alexander
  "Mo Guangquan" <[email protected]> wrote:
  error still occurs, guess it is because inside the zip file got some
  wrong
  absolute paths. error msg:
  ZGUtil.getInputStream(): ZGUtil.openZipFile(): Couldn't open /us
  java.io.IOException: ZGUtil.openZipFile(): Couldn't open /us
  at ZeroGb.c([DashoPro-V1.2-120198])
  at ZeroGb.a([DashoPro-V1.2-120198])
  at ZeroGb.a([DashoPro-V1.2-120198])
  at ZeroGb.m([DashoPro-V1.2-120198])
  at com.zerog.ia.installer.Main.i([DashoPro-V1.2-120198])
  at
  com.zerog.ia.installer.Main.<clinit>([DashoPro-V1.2-120198])
  at install.main([DashoPro-V1.2-120198])
  preinstaller.properties not found.
  Exception in thread "main"
  regards,
  mo
  "Eric Gross" <[email protected]> wrote in message
  news:[email protected]...
  Run the following to install it:
  java -cp weblogic610_generic.zip install -i console
  That will provide a console based install.
  Regards,
  Eric
  "mo" <[email protected]> wrote in message
  news:[email protected]...
  Weblogic Server 6.1 trial version fails to install in Linux
  (in Linux Redhat 6.2, jdk 1.2.2)
  1. When unzipping the *.zip file "weblogic610_generic.zip", the
  unzip
  program
  reported that some files and directories not properly named.
  (using
  winzip, quite
  a number of files' directories start "d:/".
  2. During installation, the screen hanged right after choosing
  language,
  and the
  background threw "Exception in thread 'main'".

• Failed to install updates. Error = 0x8007066a.

  Hi,
  FEP definition is 1.191.3578.0 in the machine. Receiving the below error from WUAhandler.log.  
  1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.191.3619.0) (d8b489fa-c598-4e31-996f-ea37c1fc44ec, 200)
  A top-level update (d8b489fa-c598-4e31-996f-ea37c1fc44ec) was not fully downloaded.
  Failed to install updates. Error = 0x8007066a.
  Please help to solve the issue. 
  Regards,
  Boopathi S

  Hi,
  The error translates to:The upgrade cannot be installed by the Windows Installer service because the program to be upgraded may be missing, or the upgrade may update a different version of the program. Verify that the program to be upgraded exists on your
  computer and that you have the correct upgrade.
  Could be a number of reasons, are you running the latest update of the client?
  http://support.microsoft.com/kb/2998627
  Regards,
  jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• TVSU fails to install updates on machine with 8.3 filenames disabled

  Hi all,
  I have experienced TSVU (4.0) failing to install updates on some machines (W7 ultimate 64 bits), but working fine on some other similar equipped machines.
  I have now investigated the issue, and browsing through logfiles on a working and non-working machine reveals that system update on one machine extracts the files using the command:
  os7005ww_64.exe /VERYSILENT /DIR=C:\PROGRA~2\Lenovo\SYSTEM~1\session\OS7005~2\ 
  Both the "program files (x86)" and "system update" directories has been changed to their proper 8.3 names.
  On the non working machine the call was:
  os7005ww_64.exe /VERYSILENT /DIR=C:\PROGRA~2\Lenovo\system update\session\OS7005~2\ 
  But this string seems to not be quoted properly when executed, so all the extracted files end up in a new catalog:
  C:\PROGRA~2\Lenovo\system
  From here all subsequent install calls then fails!
  The problematic machine had the NTFS 8.3 filename creation disabled, i think this might be the culprit! I have now changed this to the deafult value, uninstalled TVSU, and rebooted.
  But when i now try to install TVSU, it simply refuses It just pops up a windows installer window describing the command switches and exits.
  *sigh*
  I think the 8.3 filename problem could be the cause of other people experiencing TVSU installer problems, and this should propably be looked at by lenovo?
  The failure to install it anew, i haven't figured out yet - anyone???
  regards,
  Jesper

  Hi all
  You can verify the status of the short name of the  "system update" directory  (the primary problem) by doing the commands below. The problem i think, starts when short name generaten is turned off when _installing_ TVSU. then the SYSTEM~1 shortname will not be generated, and the program will revert to use long names, but quoting them wrong!
  try:
  cd c:\program files (x86)\lenovo
  dir /n /x
  IF TVSU is installed while short name generation is turned on (short name generated on install) you will get something like:
  20-01-2010  20:52    <DIR>                       .
  20-01-2010  20:52    <DIR>                       ..
  06-01-2011  10:30    <DIR>          ACCESS~1     Access Connections
  18-08-2009  14:11    <DIR>          ACTIVE~1     Active Update
  18-08-2009  14:19    <DIR>                       Dipmon
  18-08-2009  14:17    <DIR>                       FPIRPOn
  06-01-2011  10:25    <DIR>                       PkgMgr
  25-10-2009  19:14    <DIR>          SYSTEM~1     System Update
  15-10-2009  15:56            11.264              TVSU_TPC.DLL
  Notice the SYSTEM~1 shortname, if installed using no short names, that place will be blank.
  As an update i can tell i 'fixed' the machine having problems by enabling the short name generation and renaming, then copying the "system update" catalog, thus generating the short name for it - everything works again :-)
  PS: as a side notice on a machine with short names disabled and running as a user with a space in the user name TVSU will not even install, as it messes up with the space in the temp directoy (in the users home catalog)
  But somebody really should fix this, as it is very normal to read in tuning guides for SSD drives (Thinkpads with SSD anyone to disable this short name generation among other things...
  regards,
  Jesper

• Server 2012 freezes during setup at the "installing updates" step

  I'm trying to install server 2012 standard on an IBM blade HS22V "7871".  Server has SAN attached storage.  Server freezes during installation setup at the "installing updates" step.  I have tried install booting off of
  a USB drive and DVD drive with the same results. 

  Im unable to boot in safemode because windows has not completed the OS install.  The install is stuck in the setup at the installing updates step.  It will sit there for days or until you crash the server.  This is what I have done so far:
  installed 2008r2 on the same LUN/SAN without issue
  Updated Blade to the latest BIOS/Firmware.
  Using the most current IBM ServerGuide "9.51" for hardware drivers.
  Attempted install in both UEFI and Legacy mode
  Attempted 3 separate install medias "cd and usb"made from ISO not cd copy
  Verified we only have 1 LUN 1 Volume Group and 1 Path
  Attempted 4 different blades and 3 different chassis. Same results.
  We have a HP/3Par T400 SAN that I can successfully install server 2012 on.  This is our old Test SAN.  We  have our new 3par 7400 SAN that is now our production SAN that we are unable to build server2012 on.

• Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site

  I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
  I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Send failed with hr = 80072ee2.
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: Send request failed, hr:0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
  error 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-04-30 11:05:09:739
   828 da8
  SLS FATAL: GetResponse failed with hresult 0x80072ee2...
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
  2014-04-30 11:05:09:739
   828 da8
  Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
  2014-04-30 11:05:09:739
   828 da8
  Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
  2014-04-30 11:05:09:739
   828 da8
  SLS Retrieving SLS response from server...
  2014-04-30 11:05:09:739
   828 da8
  SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Send failed with hr = 80072ee2.
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: Send request failed, hr:0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
  error 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
  2014-04-30 11:05:30:742
   828 da8
  SLS FATAL: GetResponse failed with hresult 0x80072ee2...
  2014-04-30 11:05:30:742
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
  2014-04-30 11:05:30:742
   828 da8
  EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
  2014-04-30 11:05:30:742
   828 da8
  Agent   * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
  2014-04-30 11:05:30:742
   828 da8
  Agent   * WARNING: Exit code = 0x80248014
  2014-04-30 11:05:30:742
   828 da8
  Agent *********
  2014-04-30 11:05:30:742
   828 da8
  Agent **  END  **  Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)  Id = 9]
  2014-04-30 11:05:30:742
   828 da8
  Agent *************
  2014-04-30 11:05:30:742
   828 da8
  Agent WARNING: WU client failed Searching for update with error 0x80248014
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr Decremented PDC RefCount for Network to 0
  2014-04-30 11:05:30:742
   828 da8
  IdleTmr Decremented idle timer priority operation counter to 0
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI   - Updates found = 0
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80248014
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI ---------
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI --  END  --  COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
  2014-04-30 11:05:30:743
   576 12c0
  COMAPI -------------
  2014-04-30 11:05:30:743
   576 1254
  COMAPI WARNING: Operation failed due to earlier error, hr=80248014
  2014-04-30 11:05:30:743
   576 1254
  COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
  The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
  Regards, Evan Mills - Systems Administrator

  Every two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
  up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
  So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
  1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200)    WUAHandler    4/30/2014 6:49:33 AM    11080 (0x2B48)
  Async installation of updates started.    WUAHandler    4/30/2014 6:49:34 AM    11080 (0x2B48)
  Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
  Async install completed.    WUAHandler    4/30/2014 6:50:23 AM    8664 (0x21D8)
  Installation of updates completed.    WUAHandler    4/30/2014 6:50:23 AM    11032 (0x2B18)
  It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates.