SCEP 2012 R2

I'm migrating from SCCM 2007 to SCCM 2012 R2.  So far I've tested manually pushing a client which worked successfully.  CCM and SCEP 2012 install just fine.
However, SCEP isn't automatically updating immediately after install, and doesn't appear to be updating based on the settings in my antimalware policy.  If I manually update it works fine.  I have the updates configured to only pull from Configuration
manager and to only pull every 8 hours.
Should clients automatically update after install?  If so, where can I look to determine why mine aren't updating?  I can see in the logs they see the definitions but aren't installing them.

Hi,
Please check "Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial definition update on client computers" in client settings.
For more information: http://support.microsoft.com/kb/2688242
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Similar Messages

  • SCEP 2012 Client in Windows 8 / 2012 - in Windows 2008 Domain- Not Syncing -/ Not Compatiable

    Dear All ,
    With lots of Hardship I had installed SCEp 2012 in Windows 2012 Virtual machine in WIndows 2008 Domain.
    SCCM 2012 Server in Windows 2008 Server with Sql 2008 was - performing well and there was no issues until our COmpany planned to Convert the Windows 2008 Server to  Windows 2012 Server ( AD is 2008)
    WSUS is not Fully synching with SCCM 2012 ( previously it was )
    Software Updates not pushing properly and to top all the SCEP client is not compatible with win 8.1 pro or win 2012 server
    Error: Failed to download content id 16787046. Error: Access is denied.
    Package:
      Success: The software updates were placed in the existing package:
    •     Deployment Package(JUN2014)
    Software updates that will be downloaded from the internet
      Error: Update for Forefront Endpoint Protection 2010 Client - 4.1.522.0 (KB2780435)
    Errors
        Failed to download content id 16787046. Error: Access is denied.
    Language Selection:
     English
    But the service account has full access - administrative rights and the administrator of the system
    please advise on this

    Hi,
    All the software updates downloaded failed?
    Are there any errors in PatchDownloader.log? If you use Automatic deployment rule, please also check ruleengine.log.
    Please add the account with Full rights to the source share (both NTFS and Share permissions) where the Deployment Package is located.
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • CAVA integration with MS SCEP 2012 R2 ?

       EMC CAVA is a storage antivirus which connects to a single remote windows machine with compatible antivirus. (McAfee, Symantec....).
      Can SCEP 2012 be used instead because we are replacing McAfee with System Center End Point Protection 2012.
    Shahid Roofi

    Endpoint Protection is just that, protection for the endpoint (and only the endpoint). If you need or require protection beyond the endpoint, SCEP is not going to help you and Microsoft does not have a solution for you for this particular need/requirement.
    It's simply not part of what they have chosen to focus on.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • SCEP 2012 manual definitions update for use in OSD

    So I am setting up to deploy SCEP 2012 4.5.0216.0 during my OSD task sequence. I am following the guidelines laid out by the blog post: 
    http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx.  I have created a package with the scepinstall.exe, EPAMPolicy.xml, and Install.cmd. 
    Note:  I got the EPAMPolicy.xml from a client I let install SCEP the "normal way" by deploying client settings that said to install and manage the client. 
    I added to the EPAMPolicy.xml file:
    <AddValue Name="DisableUpdateOnStartupWithoutEngine" Disabled="false" Type="REG_DWORD">1</AddValue>
    Added it between:
    <AddValue Name="AuGracePeriod" Type="REG_DWORD" Disabled="false">4320</AddValue>"I ADDED THE CODE RIGHT HERE"<AddValue Name="SignatureUpdateInterval" Type="REG_DWORD" Disabled="false">8</AddValue>
    The "Install.cmd" contains:
    "%~dp0scepinstall.exe" /s /q /NoSigsUpdateAtInitialExp /policy "%~dp0EPAMPolicy.xml"
    So these things together install SCEP 2012 version 4.5.0216.0 and
    cancels any definition updates when done installing and when the service first starts up.  When the install finishes the client is RED since I cancelled all updates.  This is WORKING FINE.
    Now I have a package that contains the definition updates "mpam-fe.exe" and "nis_full.exe" as described in the linked blog.  Running the proper 32/64 version of the mpam-fe.exe effectively updates the client Anti-malware definitions
    to the version I have downloaded for that day.  The client now turns GREEN.  This is WORKING FINE.
    The part that is not working is running the Network Inspection Service definitions, "nis_full.exe".  It goes right through like it was fine when run manually, but when you check event log you see it put two errors in Event
    Log.  It also is causing my Task Sequence to fail.
    I questioned how valid the nis_full.exe was anymore since the blog post is not real new...so I found: 
    http://support.microsoft.com/kb/935934.  It is titled, "How to manually download the latest antimalware definition updates for Microsoft Forefront Client Security, Microsoft Forefront Endpoint
    Protection 2010 and Microsoft System Center 2012 Endpoint Protection".  I verified by downloading using the links given in that article that my files matched hash for hash. 
    In that article it does say if running SCEP 2012 to also install the nis_full.exe as administrator. 
    This is not working!
    Any assistance is appreciated.  Any better way to deploy SCEP during task sequence and definitions WITHOUT scanning for updates during "Install Software Updates" task or letting client go to
    internet?
    Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

    Using the supplied EPAMPolicy2.xml did not resolve the issue. I still get an "0x80004005" error when I try to deploy the "nis_full.exe" during my task sequence. The client and malware definitions work as intended and install successfully. The NIS definitions
    fail though.
    Snippet of my SMSTS.LOG:
    <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:37:58.886+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:804">
    <![LOG[Successfully completed the action (Install SCEP 2012 Anti-malware Defs) with the exit win32 code 0]LOG]!><time="09:37:58.886+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:830">
    <![LOG[MP server https://SCCMSRV.domain.local. Ports 80,443. CRL=false.]LOG]!><time="09:37:58.886+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5881">
    <![LOG[Setting authenticator]LOG]!><time="09:37:58.901+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5903">
    <![LOG[Set authenticator in transport]LOG]!><time="09:37:58.901+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:7734">
    <![LOG[Sending StatusMessage]LOG]!><time="09:37:58.917+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:4023">
    <![LOG[Setting message signatures.]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1295">
    <![LOG[Setting the authenticator.]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1325">
    <![LOG[CLibSMSMessageWinHttpTransport::Send: URL: SCCMSRV.domain.local:443 CCM_POST /ccm_system_AltAuth/request]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8604">
    <![LOG[In SSL, but with no client cert]LOG]!><time="09:37:58.932+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8738">
    <![LOG[Request was successful.]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:8939">
    <![LOG[Set a global environment variable _SMSTSLastActionRetCode=0]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Set a global environment variable _SMSTSLastActionSucceeded=true]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Clear local default environment]LOG]!><time="09:37:58.964+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:807">
    <![LOG[Updated security on object C:\_SMSTaskSequence.]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:1704">
    <![LOG[Set a global environment variable _SMSTSNextInstructionPointer=15]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Set a TS execution environment variable _SMSTSNextInstructionPointer=15]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:386">
    <![LOG[Set a global environment variable _SMSTSInstructionStackString=10 12]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Set a TS execution environment variable _SMSTSInstructionStackString=10 12]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:414">
    <![LOG[Save the current environment block]LOG]!><time="09:37:59.026+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:833">
    <![LOG[Successfully save execution state and environment to local hard disk]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="engine.cxx:254">
    <![LOG[Start executing an instruction. Instruction name: Install SCEP 2012 NIS Defs. Instruction pointer: 15]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="engine.cxx:116">
    <![LOG[Set a global environment variable _SMSTSCurrentActionName=Install SCEP 2012 NIS Defs]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Set a global environment variable _SMSTSNextInstructionPointer=15]LOG]!><time="09:37:59.182+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Set a local default variable _SMSSWDProgramName]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:700">
    <![LOG[Set a global environment variable _SMSTSLogPath=C:\Windows\CCM\Logs\SMSTSLog]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Expand a string: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:782">
    <![LOG[Expand a string: ]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:782">
    <![LOG[Command line for extension .exe is "%1" %*]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="commandline.cpp:228">
    <![LOG[Set command line: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="commandline.cpp:731">
    <![LOG[Start executing the command line: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:722">
    <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:751">
    <![LOG[Expand a string: FullOS]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:782">
    <![LOG[Executing command line: smsswd.exe /pkg:PR100043 /install /basevar: /continueOnError:]LOG]!><time="09:37:59.197+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="commandline.cpp:827">
    <![LOG[[ smsswd.exe ]]LOG]!><time="09:37:59.587+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:289">
    <![LOG[PackageID = 'PR100043']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:318">
    <![LOG[BaseVar = '', ContinueOnError='']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:319">
    <![LOG[ProgramName = 'Install NIS Definitions']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:320">
    <![LOG[SwdAction = '0002']LOG]!><time="09:37:59.618+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="main.cpp:321">
    <![LOG[GetExecRequestMgrInterface successful]LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:187">
    <![LOG[Retrieving value from TSEnv for '_SMSTSPolicyPR100043_Install NIS Definitions']LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:85">
    <![LOG[::DecompressBuffer(65536)]LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="ccmzlib.cpp:739">
    <![LOG[Decompression (zlib) succeeded: original size 3059, uncompressed size 39008.]LOG]!><time="09:37:59.650+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="ccmzlib.cpp:651">
    <![LOG[ADV_AdvertisementID=PR120019]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:1151">
    <![LOG[PKG_PSF_ContainsSourceFiles=TRUE]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:1170">
    <![LOG[ResolveSource flags: 0x00000000]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3201">
    <![LOG[SMSTSPersistContent: . The content for package PR100043 will be persisted]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3212">
    <![LOG[The package PR100043 is found locally in the cache C:\_SMSTaskSequence\Packages\PR100043]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3242">
    <![LOG[SMS PkgID 'PR100043' resolved to location 'C:\_SMSTaskSequence\Packages\PR100043']LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:145">
    <![LOG[Start to compile TS policy]LOG]!><time="09:37:59.712+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:3066">
    <![LOG[Policy complied successfully in WMI 'root\ccm\policy\defaultmachine\requestedconfig' namespace]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="utils.cpp:3167">
    <![LOG[End TS policy compilation]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:3171">
    <![LOG[getPointer()->ExecQuery( BString(L"WQL"), BString(pszQuery), lFlags, pContext, ppEnum ), HRESULT=80041017 (e:\nts_sccm_release\sms\framework\core\ccmcore\wminamespace.cpp,463)]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="wminamespace.cpp:463">
    <![LOG[Failed to query CCM_SoftwareDistribution]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="2" thread="2136" file="installsoftware.cpp:729">
    <![LOG[Get Install Directory for SMS Client]LOG]!><time="09:37:59.837+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:4215">
    <![LOG[Start to evaluate TS policy with lock]LOG]!><time="09:38:00.024+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:10966">
    <![LOG[Locked policy transaction lock successfully]LOG]!><time="09:38:00.039+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8021">
    <![LOG[Updating settings in \\.\root\ccm\policy\machine\actualconfig]LOG]!><time="09:38:00.039+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:8024">
    <![LOG[RequestedConfig policy instance(s) : 437]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
    <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:Client:Default:{8864FB91-94EE-4F16-A144-0D82A232049D} successfully]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
    <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "SMS:Client:Default:{8864FB91-94EE-4F16-A144-0D82A232049D}") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
    <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
    <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:Client:Default:{8864FB91-94EE-4F16-A144-0D82A232049D} successfully]LOG]!><time="09:38:00.086+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
    <![LOG[RequestedConfig policy instance(s) : 0]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
    <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:PR1 successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
    <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "SMS:PR1") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
    <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
    <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source SMS:PR1 successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
    <![LOG[RequestedConfig policy instance(s) : 0]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
    <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmPortal successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
    <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "CcmPortal") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
    <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
    <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmPortal successfully]LOG]!><time="09:38:00.102+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
    <![LOG[RequestedConfig policy instance(s) : 0]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
    <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source Local successfully]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
    <![LOG[RequestedConfig policy instance(s) : 9]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
    <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source Local successfully]LOG]!><time="09:38:00.117+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
    <![LOG[RequestedConfig policy instance(s) : 15]LOG]!><time="09:38:00.133+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7653">
    <![LOG[Locked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmTaskSequence successfully]LOG]!><time="09:38:00.133+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7463">
    <![LOG[Namespace: \\.\ROOT\ccm\Policy\Machine\RequestedConfig, Query: SELECT PolicyID FROM CCM_Policy_Policy5 WHERE (PolicySource = "CcmTaskSequence") AND (PolicyState = "Active") AND (PolicyType = "Machine")]LOG]!><time="09:38:00.258+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7511">
    <![LOG[There is no ccm_policy_policy instance, skipping addition to realinst map]LOG]!><time="09:38:00.258+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:7512">
    <![LOG[Unlocked \\.\ROOT\ccm\Policy\Machine\RequestedConfig for source CcmTaskSequence successfully]LOG]!><time="09:38:00.258+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:7660">
    <![LOG[Total RequestedConfig policy instance(s) : 461]LOG]!><time="09:38:00.336+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8186">
    <![LOG[Locked ActualConfig successfully]LOG]!><time="09:38:00.336+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8199">
    <![LOG[New/Changed ActualConfig policy instance(s) : 1]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8278">
    <![LOG[[1] Added/updated setting 'ccm_softwaredistribution:adv_advertisementid=it120019:pkg_packageid=it100043:prg_programid=install nis definitions'.]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8307">
    <![LOG[Unlocked ActualConfig successfully]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8333">
    <![LOG[Unlocked policy transaction lock successfully]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="policyutil.cpp:8339">
    <![LOG[Raising event:
    instance of CCM_PolicyAgent_SettingsEvaluationComplete
    ClientID = "GUID:d69a4ca6-a93a-479d-89aa-c85113eaef67";
    DateTime = "20140530133800.382000+000";
    PolicyNamespace = "\\\\.\\root\\ccm\\policy\\machine\\actualconfig";
    ProcessID = 1084;
    ThreadID = 2136;
    ]LOG]!><time="09:38:00.382+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="event.cpp:715">
    <![LOG[Successfully submitted event to the Status Agent.]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="event.cpp:733">
    <![LOG[End TS policy evaluation]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="policyutil.cpp:10969">
    <![LOG[Policy evaluation initiated]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="utils.cpp:4253">
    <![LOG[Waiting for policy to be compiled in 'root\ccm\policy\machine' namespace ]LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:383">
    <![LOG[Query path = 'CCM_SoftwareDistribution.ADV_AdvertisementID="PR120019",PRG_ProgramID="Install NIS Definitions",PKG_PackageID="PR100043"']LOG]!><time="09:38:00.398+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:414">
    <![LOG[Verified policy is compiled in 'root\ccm\policy\machine' namespace]LOG]!><time="09:38:00.445+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:439">
    <![LOG[content location count = 1]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:231">
    <![LOG[Checking if the active request handle: {66096B8A-60B8-4CC3-ABBA-D0CD624938C4} is valid.]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:5052">
    <![LOG[CoCreateInstance succeeded]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:5074">
    <![LOG[Active request handle: {66096B8A-60B8-4CC3-ABBA-D0CD624938C4} is valid.]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="utils.cpp:5082">
    <![LOG[Invoking Execution Manager to install software ]LOG]!><time="09:38:00.507+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:246">
    <![LOG[Installing software for PackageID='PR100043' ProgramID='Install NIS Definitions' AdvertID='PR120019' has started, jobID='{F528EBD4-1270-44E5-9539-5B5346BAE5A4}']LOG]!><time="09:38:00.803+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:268">
    <![LOG[Setting TSEnv variable 'SMSTSInstallSoftwareJobID_PR100043_PR120019_Install NIS Definitions'='{F528EBD4-1270-44E5-9539-5B5346BAE5A4}']LOG]!><time="09:38:00.803+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:52">
    <![LOG[Waiting for installation job to complete..]LOG]!><time="09:38:00.803+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:873">
    <![LOG[CompleteExecution received]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="1524" file="installsoftware.cpp:580">
    <![LOG[CompleteExecution processed]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="1524" file="installsoftware.cpp:593">
    <![LOG[Received job completion notification from Execution Manager]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:923">
    <![LOG[Installation completed with exit code 0x80004005]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:940">
    <![LOG[Installation failed with error (0x80004005)]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="3" thread="2136" file="installsoftware.cpp:967">
    <![LOG[Setting TSEnv variable 'SMSTSInstallSoftwareJobID_PR100043_PR120019_Install NIS Definitions'='']LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:52">
    <![LOG[GetExecRequestMgrInterface successful]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:187">
    <![LOG[Releasing job request, jobID='{F528EBD4-1270-44E5-9539-5B5346BAE5A4}']LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="installsoftware.cpp:339">
    <![LOG[Releasing of Job Request successful]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:348">
    <![LOG[CompleteJob successful]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="installsoftware.cpp:997">
    <![LOG[ReleaseSource() for C:\_SMSTaskSequence\Packages\PR100043.]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3564">
    <![LOG[reference count 1 for the source C:\_SMSTaskSequence\Packages\PR100043 before releasing]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3574">
    <![LOG[Released the resolved source C:\_SMSTaskSequence\Packages\PR100043]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="1" thread="2136" file="resolvesource.cpp:3612">
    <![LOG[pInstall->Install(sPackageID, sProgramName), HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\main.cpp,361)]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="0" thread="2136" file="main.cpp:361">
    <![LOG[Install Software failed, hr=0x80004005]LOG]!><time="09:38:03.033+240" date="05-30-2014" component="InstallSoftware" context="" type="3" thread="2136" file="main.cpp:361">
    <![LOG[Process completed with exit code 2147500037]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="commandline.cpp:1123">
    <![LOG[!--------------------------------------------------------------------------------------------!]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="instruction.cxx:804">
    <![LOG[Failed to run the action: Install SCEP 2012 NIS Defs.
    Unspecified error (Error: 80004005; Source: Windows)]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="3" thread="540" file="instruction.cxx:895">
    <![LOG[MP server https://SCCMSRV.domain.local. Ports 80,443. CRL=false.]LOG]!><time="09:38:03.049+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5881">
    <![LOG[Setting authenticator]LOG]!><time="09:38:03.064+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="utils.cpp:5903">
    <![LOG[Set authenticator in transport]LOG]!><time="09:38:03.064+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:7734">
    <![LOG[Sending StatusMessage]LOG]!><time="09:38:03.080+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:4023">
    <![LOG[Setting message signatures.]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1295">
    <![LOG[Setting the authenticator.]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:1325">
    <![LOG[CLibSMSMessageWinHttpTransport::Send: URL: SCCMSRV.domain.local:443 CCM_POST /ccm_system_AltAuth/request]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8604">
    <![LOG[In SSL, but with no client cert]LOG]!><time="09:38:03.096+240" date="05-30-2014" component="TSManager" context="" type="1" thread="540" file="libsmsmessaging.cpp:8738">
    <![LOG[Request was successful.]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="libsmsmessaging.cpp:8939">
    <![LOG[Set a global environment variable _SMSTSLastActionRetCode=-2147467259]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Set a global environment variable _SMSTSLastActionSucceeded=false]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:668">
    <![LOG[Clear local default environment]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="executionenv.cxx:807">
    <![LOG[Let the parent group (Install Endpoint Protection) decides whether to continue execution]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="instruction.cxx:1004">
    <![LOG[Let the parent group (Setup Operating System) decide whether to continue execution]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="0" thread="540" file="instruction.cxx:254">
    <![LOG[The execution of the group (Setup Operating System) has failed and the execution has been aborted. An action failed.
    Operation aborted (Error: 80004004; Source: Windows)]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="3" thread="540" file="instruction.cxx:217">
    <![LOG[Failed to run the last action: Install SCEP 2012 NIS Defs. Execution of task sequence failed.
    Unspecified error (Error: 80004005; Source: Windows)]LOG]!><time="09:38:03.111+240" date="05-30-2014" component="TSManager" context="" type="3" thread="540" file="engine.cxx:213">
    Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

  • SCEP 2012 and VDI offline servicing

    I've seen this question being asked before in another thread (Best practice to run Microsoft Endpoint Protection client in VDI environment) however the answer doesn't provide enough information (for me at least)
    We are planning to use a Citrix XenDesktop environment with Provisioning services providing VDI clients. As far as I know the SCCM client will be installed in the VDI golden image and after some adjustments SCCM client registration will go well. We will
    also use SCCM 2012 and deploy SCEP 2012 for anti-malware scanning.
    SCCM 2012 provides offline servicing for Software Updates in WIM images, but what is a best practice in keeping the VDI's up-to-date? I can't find any good information about this, so maybe the answer is very simple?... Is there a way to offline service the
    VDI image so Software Updates and Anti-Malware updates are injected in the image?
    Or do the VDI's get updated as physical systems, at the time they are logged in to the network, discarding all changes when logging off. This doesn't seem the right way to go.
    Any help would be appreciated.
    thx. Niels

    I struggled with this same problem for a while, and likewise didn't find a great answer anywhere. In our case, this is for an RDS VDI environment, but the solution I ended up employing should work anywhere.
    First, set up SCCM/WSUS to download the updates to a UNC share (if you haven't already; here's a helpful guide:
    http://blog.thesysadmins.co.uk/sccm-2012-scep-unc-definition-updates-automation-powershell.html). Also, create an antimalware policy for the VDI machines with the definition updates source set to UNC only, and set the UNC Path section accordingly.
    Here's the key part: create a scheduled task in your master image to run based on boot or resume (RDS puts the VDI VMs in a Saved state rather than Off). Here are the settings I used for the task:
    General tab: I set it to run as the SCCM Network Access Account; Run whether user is logged on or not
    Triggers tab: Begin the task On an event; Basic; Log: System; Source: Kernel-General; Event ID: 1 (this pops up on a startup or resume event); Delay task for: 5 minutes (during VM creation, it boots the machine for just a couple minutes, and I
    didn't want this task to be interrupted by a shutdown halfway through); Enabled
    Actions tab: Action: Start a program; Program/script: "C:\Program Files\Microsoft Security Client\MpCmdRun.exe"; Add arguments: -SignatureUpdate
    I left the other tabs with their defaults
    In RDS, the VMs on creation are spun up briefly and then put into a Saved state. It then spins up just a few, waiting for users to connect. By the time a user logs in, the machine should have the latest updates, but even if it doesn't, it should be
    no more than ~5 minutes before it does.
    Hope this helps!
    Ryan

  • Deploying SCEP 2012 over existing FEP 2010

    I need to upgrade FEP 2010 to SCEP 2012 through SCCM. FEP was installed via SCCM 2007, and machines will not upgrade to the SCEP client. New builds pick up SCEP without incident from Config Manager.
    I've read about a migration process from 2007 to 2012, but the docs aren't clear.
    I have build an Application using FEPInstall.exe, then used the Supersedence option to uninstall. The Application deploys to the workstation, but sits in a "Waiting for content" category under Monitoring with a status of "In Progress"
    Does anyone have any experience with this process, and can you share the steps involved with migrating?

    Hi,
    >>You mentioned the Forefront Endpoint Policy. Are you referring to SCCM policy, or a group policy?
    He is referring to SCCM Policy. SCCM Console->Administration -> Client Settings -> properties -> Endpoint Protection.
    >>As of this morning, the Software Center is now showing an Installation Status of Downloading. Sitting at 0%.
    Please check CAS.log, LocationServices.log, ContentTransferManager.log and DataTransferService.log on the client. (C:\Windows\CCM\Logs)
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • SCEP 2012 System Center Monitoring Pack for Linux v4.5.10.1 Problem

    Hi Everyone!
    We are having a problem with OpsMgr 2012 R2 and the System Center Monitoring Pack for SCEP 2012 for Linux v4.5.10.1.  We have successfully deployed the Linux OpsMgr 2012 R2 agent to our test CentOS 6.5 VM as well as SCEP 2012 v4.5.10.1.  We have
    imported the System Center Monitoring Pack for SCEP 2012 for Linux management packs into OpsMgr 2012 R2 which is successfully discovering SCEP on our Linux VM, but when looking at the details for the monitor, it indicates that SCEP is "not found"
    as seen in the following screen shot...
    As seen in the following screen shots, everything else seems to be installed, configured, and working properly...
    Any assistance or guidance would be greatly appreciated!
    Regards,
    JJ

    Magnus_001 (big ups) and I were able to get discovery to stop failing on the Linux side of things, but the SCOM MP is still highly problematic.  Their pdf guides for SCEP implementation on Linux has a bunch of typos and errors -- for example, listing
    '/bin/sh' instead of '/bin/bash', and one of the lines (the one that includes "export LANG=C" won't run no matter what.  When we disassembled the SCOM MP, we found that there's an extraneous space at the end of the command, current thought is
    that that's causing a regex to fail within sudo.  All of their commands, from what I can tell, need to be specified as NOPASSWD within sudo; if you see errors about ssh-askpass with that you can confirm that there are likely typos in their guide sourced
    from the pdf.  We eventually allowed '/bin/bash' to get the programs to run since we couldn't get a regex match to catch their command (which should be in a script).  We are out of failures that we can discover with logging on the Linux side; it's
    likely to be an error within the MP at this point.
    When we look at the powershell script in the MP library, the "not found" error is the default state, set immediately after stdout is captured from the discovery script.  I'm guessing that there's some problem interaction between that script
    and the parsing thereof, as when we run the script locally as root we see the output that we'd expect. For all I know that's a line ending or locale problem.
    Troubleshooting on the linux end is problematic, as instead of distributing a script to check on the linux side (which makes the sudo part of things much easier), the script is hard-coded within the MP.  From what I understand it would need to be disassembled
    and recompiled to change.
    The snippet below may be of use to someone for use in their sudoers file, it will make the checks work on the linux side at least.  I wouldn't recommend this for anything beyond testing, as specifying that an account can run a full bash shell as root
    without a password is a terrible idea.
    #replace scomactionaccount with whatever your scom action account is called
    User_Alias SCOM = scomactionaccount
    Runas_Alias SCOM = root
    SCOM ALL = (SCOM) NOPASSWD: /opt/microsoft/scx/bin/scxlogfilereader -p
    SCOM ALL = (SCOM) NOPASSWD: /bin/bash

  • SCEP 2012

    I tried to install SCEP 2012 on a brand new Windows Server 2012 R2 Essentials but it fails, telling me it cannot be installed on my operating system...
    (Found an image from someone with a similar problem: http://db.tt/ODUZzmr9)
    Is Essentials not a supported OS? Installation works fine on Standard and Datacenter...

    Hi,
    As Essentials is not a supported operating system for beeing managed by Configuration Manager I would assume that the same goes for SCEP.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCEP 2012 for Mac 10.10

    Cannot seem to find SCEP 2012 for Mac 10.10. I only see old versions. Any help?

    http://blogs.technet.com/b/configmgrteam/archive/2014/12/16/support-for-mac-os-x-10-10-in-configuration-manager.aspx
    Looking at the comment in the Blog it looks like it's in the CM12 R2 download. Thanks for your help Mike!
    Bob
    26 Jan 2015 6:32 PM
    A note to anyone like George who is looking for the updated Endpoint Protection installer, it IS updated in the disk image in the System Center 2012 R2 download, even though the date on the VLSC page for it has not changed since 2013.

  • Wsus + Scep 2012 Defenition Updates

    Hi 
    Im using Wsus to manage Pattern file updates for my scep 2012 clients an my proplem is that most Pattern files do get applied to my machines but like today my computers had
    Pattern file (1.185.908.0)  but when I check on Microsoft website they say the latest pattern file is (1.185.926.0) so I
    synced my wsus to see if there where any new files available and it return with nothing new... so I manualy ran "mpam-feX64" and my client got update to (1.185.933.0)  so it seems that my Wsus server is missing every other updates,,
     Can it be that MS is slow to update there Wsus Store or is something wrong with my wsus.. it is configured to check for updates every hour..  I also tested to let my workstation check online for updates and the result was the same "no new pattern
    files"  
    Best Regards 
    Jon G
    Jón G Sævarsson

    Can it be that MS is slow to update there Wsus Store or is something wrong with my wsus.. it is configured to check for updates every hour..
    Configured for "every hour" is probably a bit excessive, but much more likely is that you've not properly configured your WSUS server and your WSUS clients to be able to get Definition Updates in a timely manner.
    In addition to synchronizing WSUS at least 3x daily (every 8 hours), you also need to do the following:
    Create an Automatic Approval rule for the Definition Updates update classification for the "All Computers" target group.
    Enable the policy setting "Allow Automatic Updates immediate installation".
    Set the CLIENT Detection Interval to 6 hours.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • SCEP 2012 and the TeslaCrypt virus

    Hello!
    A user on one of our terminal servers was attaced my the TeslaCrypt virus (ransomware). The terminal server had SCEP 2012 running, with engine version 1.1.11502.0 and definition 1.195.2385.0. Policyname: Anitimalware Policy. Realtime protection: On
    Is SCEP 2012, with these versions of engine and definition, expected to stop the TeslaCrypt virus?
    If not, would any version of SCEP2012 or other antivirus Application stop it?
    Regards
    Trond Burud

    It appears that Microsoft products categorize this malware family as Win32/Tescrypt
    http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fTescrypt
    If your system got hit with a variant that didn't get detected, you should submit the sample to Microsoft so they can add it to their definitions.
    https://www.microsoft.com/security/portal/submission/submit.aspx

  • SCEP 2012 and GP Update

    SCEP 2012 Client settings currently have "Install Endpoint Protection client on computers" set to Yes. This is deployed to quite a few machines. The client installs just fine, everything updates, and we are set. In the Endpoint Protection Agent
    log shows periodic checks for if SCEP needs to be installed. Which technically isn't an issue and eventually I'll flip this setting to No and leave it Manage only.
    However, around the times it checks the client I notice a GP Update kicking off. Does anyone know if installing SCEP or having the client check to see if it is installed kicks off a GP Update?

    Interesting. I didn't think to check that specific log. I do see activity in there for other GP objects besides SCEP. Perhaps it runs the equivalent of gpupdate /target:computer
    I don't think I see any user items in there.
    This reminds me of an issue I ran into before. Take the scenario of a domain joined machine that is currently connecting via the Internet. You have an IBCM server set up, so Internet connected machines are able to receive policy and software. You would think
    that would include changes to SCEP policy too. However, if you make a change to SCEP policy and then try to update policy on the client, it won't actually apply the SCEP policy changes until it's back on the domain. I guess that's because whatever ConfigSecurityPolicy.exe
    is doing requires a connection to be made to a domain controller and even though the SCEP content is stored locally in an XML file, it can't finish the process of getting it into Registry.pol and then into the Registry itself until it can connect to the DC
    again.
    Seems like it would make more sense to just import it directly into the Registry and bypass the GP client entirely. Anyway, I don't mean to hijack the thread but it would be nice to see Microsoft clarify exactly what's going on in both cases :-)

  • SCEP 2012 client in captured WIM image

    I screwed up. I forgot to uninstall SCEP 2012 from my image as I normally do and then install during the task sequence with updated definition install tasks as described:
    http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx. 
    The image I captured is 20 GB with some hefty software and don't want to capture it again.  At the bottom of that article it mentions some registry keys and that I should delete them if it is embedded, but it says during SYSPREP.  I don't know
    how to do that?  Has anyone done this?  Can I just add a command line step to the task sequence and import a REG to delete the entries?
    HELP!
    Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

    I tried manually deleting the InstallTime entry and it said Access Denied.  Are these protected?  Will an import actually work since I can't delete them?  I am afraid there may be something to the article saying "during SYSPREP", but I don't
    know if/how to do that.
    Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.

  • SCEP 2012 R2 - Remote Distribution Point

    Can I set up a SCEP 2012 web site or portal located in my DMZ that my remote users can connect to if their definition files are out of date.
    I would like the portal to be made accessible so that updates can be applied by the end user manually when there AV is out of date and they can not connect to services because of the out of date files.

    Apologies Jeff - The following two options look good
    Updates distributed from Microsoft Update – This method allows computers to connect directly to Microsoft Update in order to download definition and engine updates. This method can be useful for computers that are not often connected to the business
    network.
    Updates distributed from Microsoft Malware Protection Center – This method will download definition updates from the Microsoft Malware Protection Center.
    Looking at them though there looks like to  much for a user to do  - We all know what users are like. I want something more like this to be hosted so once advised the AV files are out of data by the gateway devices the user is redirected to a page
    that will present a screen like the extract below and then all user has to do is click "update"

  • SCEP 2012 clients kicking off random scans

    We have an SCCM 2012 environment with SCEP 2012 recently deployed. We have a policy in place that does weekly full scans on Tuesdays at 12AM.  The client machines are 64 bit Windows 7.  We are seeing some random computers kicking off Full scans
    at various points in the day.  We thought that initially there were viruses on these machines and that was causing the scans, but according to the EP console, they do not have any type of virus or malware.
    Any ideas?

    Here is the way MS does such things. (Update works this way too) It is STUPID, of course, but then "SMART" is not a word that fits Microsoft very well. Just look at Windows 8 for an example or to the fact you can't even find a simple link to the
    SCEP client for what ever happens to be the latest greatest version.
    As for the auto scanning, it will occur REGARDLESS of the time set shortly after you start your PC if it was not able to do it at the appointed time. So if it is set for 12am, and if the system, for whatever reason was not on, it will kick off shorty after
    it is booted, REGARDLESS of the current time. (It is supposed to wait until the system is idle, but MS uses lack of keyboard or mouse action to decide if a system is active instead of actually looking to see if its. For example watching a movie. MS would say
    after five minutes, it is inactive, then run the scan, screen save, update, or whatever. Maybe you were just reading a long email, letter, or article online, doesn't matter MS will kick off the scheduled event. Of course this will cause problems for the movie
    etc, but MS won't care. Bottom line is if the MS AV is doing its job, or anyone's Av for that matter, and was installed on a 100% clean PC, then one should NEVER need to do a blind system scan. Common sense really. Of course MS AV is not very good at preventing
    the more destructive of the evils out there such as the Ransomewares and things like the ASK or the Google toolbar or the many fake "fix your PC" popups that are out there etc. etc.
    Best just to keep it disabled.
    Ralph

Maybe you are looking for

  • HP LaserJet CM1410 Series Firmware Enhancements and Fixes

    In the "More Info" section of the following firmware update for the LaserJet Pro CM1415nfw File name: CM1410_MFP_Series_FW_Update-20120629.dmg [1/1, 56.67M] System requirements: This utility is for use on Mac OS X 10.5, Mac OS X 10.6, Mac OS X 10.7,

  • Dropping internet when I get a call on my vonage telephone system

    Every time I get or make a call through my voip (vonage) I lose my wireless connection..I have a wrt150n router. I use a corless phone with my vonage system. Is there any way to stop this from happening?

  • Preparing document for reading

    How do I defeat this from happening when opening any pdf doc for reading? Preparing the document for reading sometimes takes minutes to complete. Thanks

  • Can't See My Second HD

    My new mac pro is suppose to have two HDs but i only see one on my desktop. I went into my Activity Monitor and it shows that there are two. Does anyone know how i can display the other HD on my desktop?

  • Clicking menu Administer-- User Access get failed error

    Environment:      Primavera P6 EPPM (web tool) V8.2.2.8      Windows 2008 R2 SP1 server      Oracle 11g database      Window 7 using IE 9 or Firefox 24 Problem:      When I click on the Administer-->User Access a dialog display saying "Failed to load