Updating Endpoint Protection definitions via SCCM 2012 R2

Similar Messages

• System Center Endpoint Protection Definition Updates

  Hi can anyone advise deploying definitions via SCCM 2012 and selecting the source as being "Updates distributed from Configuration Manager" does that mean each client will go to the Primary Site to get updates? Or by using ADR will it ensure that
  definitions come via distribution points?
  Also another question, as sccm 2012 is not rolled out to all sites yet, and will be deploying unmanaged clients, when I deploy the SCEP client offline un-managed with a policy file, is there a way then later to change policy on the client by command line?

  You could configure updating SCEP in many ways, including:
  Updates distributed from Configuration Manager – This method uses Configuration Manager software updates to deliver definition and engine updates to computers in your hierarchy.
  Updates distributed from Windows Server Update Services (WSUS) – This method uses your WSUS infrastructure to deliver definition and engine updates to computers.
  Updates distributed from Microsoft Update – This method allows computers to connect directly to Microsoft Update in order to download definition and engine updates. This method can be useful for computers that are not often connected to the business network.
  Updates distributed from Microsoft Malware Protection Center – This method will download definition updates from the Microsoft Malware Protection Center.
  Updates from UNC file shares – With this method, you can save the latest definition and engine updates to a share on the network. Clients can then access the network to install the updates.
  For more details, please refer to:
  http://technet.microsoft.com/en-us/library/jj822983.aspx

• Log file for manual download Endpoint Protection Definition Updates

  Hi,
  I am downloading manually endpoint protection definition updates from SCCM 2012 R2, which log file I have to check for download progress.
  Regards,
  Manzoor Ahmed

  If you are downloading updates manually you will need to have an alternate source other than ConfigMgr for definition updates.
  https://support.microsoft.com/en-us/kb/2831244?wa=wsignin1.0
  Here is a list of the logs for SCEP.
  http://chadstech.net/scep-2012-client-log-files/
  The logs depend on which sources you have set for updates, if you have updates coming from windows update or WSUS then you could look at WindowsUpdate.log

• Trouble Deploying Windows updates via SCCM 2012

  Hello
  I'm testing Windows updates via SCCM 2012 - I have successfully deployed updates to 4 test PC's.
  I then added another 15 Test PC's into the same group - Not one of them receive updates (they're all within the same Domain and even in the same room)
  I reviewed "UpdatesDeployment.log -
  1. I highlighted some points that stood out to me
  2. I have the Maintenance window set to 24hours for this test
  From the Server side and Clients side - What are the best .logs to look at.
  CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  Suspend activity in presentation mode is selected    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode.    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  Proceeding to non-business hours activites as presentation mode is off.    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  Auto install during non-business hours is disabled or never set, selecting only scheduled updates.    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  A user-defined service window(non-business hours) is available. We will attempt to install any scheduled updates.    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  Attempting to install 0 updates    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  No actionable updates for install task. No attempt required.    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)
  Updates could not be installed at this time. Waiting for the next maintenance window.    UpdatesDeploymentAgent    22/08/2014 10:00:00 PM    4604 (0x11FC)

  Hi,
  You could also check Windowsupdate.log on the client.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Lync 2013 x64 silent client deployment via SCCM 2012 SP1

  Greetings everyone!
  I ran into a problem with Lync 2013 x64 silent deployment.
  I need to provide every workstation with Lync 2013 client, so i decided to use deployment via SCCM 2012 sp1.
  I created 2 msp files with OCT, one based on x86 Office 2013 Proplus, and other based on x64 Office 2013 Proplus.
  Added them as applications to sccm software library.
  Deployment of Lync 2013 x86 application was a success with over than 80% compliance. 
  But all Lync 2013 x64 automatic installations finish with different errors.
  I created special device collection for workstations with office 2010 x64 and 2013 x64, because i can't install other architecture products once it has x64 product installed.
  My membership query-rules for this collection:
  Office 2013 x64
  select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_INSTALLED_SOFTWARE on SMS_G_System_INSTALLED_SOFTWARE.ResourceId
  = SMS_R_System.ResourceId where UPPER(SMS_G_System_INSTALLED_SOFTWARE.SoftwareCode) = "{90150000-0011-0000-1000-0000000FF1CE}"
  Office 2010 x64
  select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_INSTALLED_SOFTWARE on SMS_G_System_INSTALLED_SOFTWARE.ResourceId
  = SMS_R_System.ResourceId where UPPER(SMS_G_System_INSTALLED_SOFTWARE.SoftwareCode) = "{90140000-0011-0000-1000-0000000FF1CE}"
  My application deployment type points to setup.exe in office 2013 x64 installation folder, where i created msp file in updates folder via OCT and edited config.xml file in proplus.ww folder.
  So my installation program looks like this setup.exe /adminfile updates\1lync.msp /config proplus.ww\config.xml
  The same configuration works with Lync 2013 x86 deployment, except other setup folders.
  When i try running installation program setup.exe with /adminfile and /config parameters locally, it installs successfully without errors or warnings.
  I'm trying to find out problem source, does anyone have ideas what I am doing wrong?
  Also i'm trying to reduce office 2013 installation folder size, what subfolders are necessary for Office 2013 proplus installation (still installing only lync with common files and tools)? Because now 3.5 GB package is quite hard to distribute to sccm secondary
  sites with deployment point.
  Thanks in advance.

  Hi,
  Here are some tips and tricks for your reference.
  Tips and Tricks: Deploying Lync 2013 client using SCCM 2012 | Lync 2013 Client Customization for SCCM 2012 Deployment Package
  http://zahirshahblog.com/2014/01/08/tips-and-tricks-deploying-lync-2013-client-using-sccm-2012-lync-2013-client-customization-for-sccm-2012-deployment-package/
  Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Handling of pending reboot, exclusive updates for patch management with SCCM 2012

  Hello,
  Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
  Assuming I have the following:
  - A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
  - A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
  - Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
  --> when the maintenance window will be reached:
  - will the server first be restarted to clean the pending reboot ?
  - will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
  Another scenario on workstation side:
  - can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
  would have the following behavior. For instance:
  - patches are automatically installed on Monday at 10 AM
  - as soon as deployment is done, warning message is displayed to ask users to reboot
  - then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
  --> Can such a scenario be managed by SCCM 2012 ?
  Regards.

  Hi,
  I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012.  Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked?  There seems to
  be only 2 different options for reboots, Suppress them all or don't suppress them at all.  We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
  a notification that their machine needs to be rebooted (at their convenience). 
  We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
  option to postpone or delay.
  This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
  For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
  Please tell me there is a way to achieve our desired result.
  Thanks,
  Dan 

• Latitude E6330 BSOD via SCCM 2012 R2 OSD

  Hi All,
  I'm currently struggling to build some Latitude E6330 laptops via SCCM 2012 R2 CU3 OSD . I'm getting a BSOD with error code 0000007E after the drivers are applied and the laptop reboots.
  I've built nearly 100 OptiPlex desktops without issue from the same server. I've tried both the A09 and A10 E6330 driver CABs, and both have the same issue. I was having an issue even building the boot image with these drivers, but removed a faulty driver
  before importing them into SCCM (Conexant USB Modem driver) which resolved that issue. I'm assuming that the removal of this driver wouldn't be causing the BSOD - but I'm currently trying to find a replacement driver to see if that resolves it anyway.
  I've tried using 'Auto Apply Drivers' and 'Apply Driver Package' in the task sequence, using a WMI query and also without a WMI query to no avail. I've blown away all previous drivers, imported only the A09 and then blew away + imported only the A10
  drivers, rebuilt the driver packages and re-added to the boot image numerous times. Yep I've been distributing/updating distribution points each time too :)
  Unfortunately I can't get onto the laptop to check the smsts/setupact/etc etc logs because it blue screens even in safe mode.
  My last resort will be to add just the network+HDD drivers, and then slowly add drivers until I figure out what driver is causing the BSOD. Unfortunately this would be quite a lengthy procedure, so I'm hoping that someone has had a similar problem and
  may know which driver could be causing me this grief.. Or perhaps could point me in a different direction as to what may be causing this issue....
  Thanks for your time.

  Are you trying to deploying Windows 7 to the laptops?
  If so does your WIM file include the platform update (how long has it been since you created / updated it)? If not then you may need to update / capture a new wim and try again. 
  A lot of newer drivers will cause this sort of problem if you try and inject them into an older wim file.
  If this isn't the case, then I have had this happen to me a long time ago with a webcam driver so maybe exclude these drivers first? A long shot though.
  Cheers
  Damon

• Deploy Lync 2013 Via SCCM 2012

  Dear,
  I wants to deploy Microsoft Lync 2013 via SCCM 2012, I have created a new deployment package based on MSI file to install Microsoft Lync 2013 for company machines, during the installation package will install for clients computer perfectly but instead of
  install automatically to users, every time message coming user should do it manually for example user should accept the terms of the agreement, kindly I need a way to solve this issue, I need Lync 2013 automatically install without users doing anything, please
  see attached snapshot.

  Make sure that you are using the right command line using your newly created MSP
  ex: setup.exe /adminfile "Lync_Updated.msp"
  As proposed, update your DP so that your MSP gets distributed.
  You can also follow this guide if you're still experiencing difficulties.
  http://systemcentersynergy.com/lync-2013-silent-or-unattended-install/
  Benoit Lecours | Blog: System Center Dudes

• App-V 5.0 SP2 user applications published via SCCM 2012 to VDI workstations with roaming only

  Hi,
  The environment consists of App-V 5.0 SP2 (KB2956985) user based applications published via SCCM 2012 to Windows 7 VDI snapshotted workstations that are reset at user logoff.
  When a user logs on the SCCM 2012 client initiates App-V client package publishing.  After a couple of minutes after logon the shortcuts appear and the user can launch their applications.
  The issue is that at logoff, even with roaming enabled, the publishing information disappears.  This causes the next logon process for that user to repeat, the applications are not available until the SCCM client has completed it's publishing cycle. 
  Roaming profiles are implemented. %APPDATA% is redirected to a UNC path.  The following registry key is set
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Integration\PreserveUserIntegrationsOnLogin=1
  U-EV, global publishing of applications, and AppLocker rules are not an option.  Also, I have read this already - http://technet.microsoft.com/en-us/library/dn659478.aspx#BKMK_PE
  I do not want to wait for the SCCM client to kick in prior to the user applications being available.  What do I need to roam or run to create a seamless transition for the user between sessions? 
  Eddie.

  Hi Tywin (bad username considering the last GoT Episode ;))
  If you ask Microsoft, they always recommend using SCCM for deploying App-V packages and reuse your current SCCM infrastructure if that is already in place. Problem is, as you now experience, is that there is some big caveats both in regards to publishing
  time and to roaming of settings.
  As Nické states I would suggest looking into the Full Infrastructure Model for App-V 5.x, which gives you much better performance in what I call "from no apps" to "being able to click the shortcut" - the add and publishing phase. If you don't have the time/budget/whatever
  to start looking into that, you could look into some community tools like App-V Scheduler which is developed specific by Citrix guys to ease the publishing and management in a Citrix world.
  Microsoft have a great article about Performance Guidelines, which you have read, but it mostly presumes you work with Full Infrastructure. Have you looked into Steve Thomas' session from TechEd NA? It talks about "implementation trends".
  Senior Consultant at Atea Denmark - http://Atea.dk Atea Technical Evangelist for App-V NoLightPeople - http://NoLightPeople.com Access Director - http://www.nolightpeople.com/index.aspx#accessdirector

• Shockwave 12.0.0.112 MSI errors when installing via SCCM 2012

  I am experiencing the same type of issue i have entered a bug report for Flash Player.
  Upon pushing the vendor provided MSI via SCCM 2012, the uninstall of the older version 11.6.8.638 which is pushed enterprise wide, is removed from the machine, but the installation of the new 12.0.0.112 is not actually installing.  The log file that was on the machine from the command line we use shows this error:
  MSI (s) (A8:FC) [08:02:03:374]: Product: Adobe Shockwave Player 11.5 -- Error 2753.The File 'swhelper_1159620.exe' is not marked for installation.
  Anyone else seeing this happening or getting the same issue when installing Shockwave 12.0.0.112 with the vendor provided MSI for distribution?

  JVENGLEY wrote:
  MSI (s) (A8:FC) [08:02:03:374]: Product: Adobe Shockwave Player 11.5 -- Error 2753.The File 'swhelper_1159620.exe' is not marked for installation.
  Anyone else seeing this happening or getting the same issue when installing Shockwave 12.0.0.112 with the vendor provided MSI for distribution?
  I didn't have any installation issue on Windows XP 32 bit and Windows 7 64 bit.
  You didn't say anything about your OS, btw.
  And that swhelper_1159620.exe is a legacy (it's not related to the previous v11.6 or the current v12 installations).
  For future, to get rid of installation issues, use the UNinstaller first of all:
  http://www.adobe.com/shockwave/download/alternates/#sp
  cheers

• Trying to deploy a VB Script via sccm 2012 R2

  Hello All
  This is my first attempt at deploying a script via SCCM 2012 R2 and I seem to be stuck. Essentially what this script does is map a printer. The script on its own works fine. Meaning it works when I double click it and also running it from the command
  line. Its  when I try to use in sccm things go down hill. I have tried the following from the command line in the package properties.
  \\my-sccm-server\Sources\Applications\VBSripts\cscript.exe Impact.vbs
  \\my-sccm-server\Sources\Applications\VBSripts\Impact.vbs 
  Phil Balderos

  looks good :)
  You can check execmgr.log on the client to monitor the install as it is running.
  Thank Richk,
  Still no luck. Here is the output from execmgr.log. Its saying that is completed but nothing ever happens. I am about ready to throw in the towel on this one but I just feel like that is should work because its such a simple script.
  Set WshNetwork = CreateObject("WScript.Network")
  WshNetwork.AddWindowsPrinterConnection "\\srv-gtt-papercut\followme"
  WshNetwork.SetDefaultPrinter "\\srv-gtt-papercut\followme"
  Phil Balderos
  Is the script running as an Admin ,if so then you likely set the printer up for the local system user account and not anyone else.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• ThinkPad X1 Carbon 2nd+OneLinkPro Dock = No IP Address During Imaging (OSD) via SCCM 2012 R2

  I'm trying to image a second generatoin X1 Carbon that also has a OneLinkPro dock attached via SCCM 2012 R2.
  The USB stick is plugged into the dock, as is Ethernet & power.
  When I boot into the preinstallation environment, I don't have an IP address.
  The USB stick is fine - works on all 26 other devices here
  The network cable is fine - I'm able to get an IP & image from other systems
  I tried two OneLinkPro docks, same problem on both
  If I use the Ethernet adapter, it works fine
  I'm convinced its a driver issue at this point.
  I was directed to www.lenovo.com/onelinkdrivers to locate OneLink dock drivers, and I've downloaded the package.
  The downloaded EXE (tp_onelink_dock.exe) extracts to C:\SWTOOLS\DRIVERS\Dock by default
  In C:\SWTOOLS\DRIVERS\Dock you have another EXE Setup_OneLink_Dock_Lenovo_v10826.exe
  This immediately launches an installshield setup (run from %temp%)
  There no options to extract the drivers - it just installs the drivers, and none of the switches I've thrown at it have yielded any results.
  I found a data1.cab file but I can't seem to extract anything with 7Zip or expand
  How are folks with second gen X1 Carbons who use SCCM for OSD successfully imaging those machines with the OneLinkPro dock? (without the use of the Ethernet adapter of course.)
  Solved!
  Go to Solution.

  Fauxlution:
  Install drivers on an x86 machine
  Navigate to C:\Program Files\Lenovo\Onelinkdock (or something like that)
  Grab the driver directories & save them elsewhere
  Repeat process for x64 machine because the installer will only install drivers for the architecture of the system its run on.  (x86 system = x86 drivers; x64 system = x64 drivers)
  Clean up the drivers (extra non-essential files in there)
  Import both sets of drivers into SCCM
  Bake architecture specific Realtek drivers into boot image
  Couldn't be simpler.  

• Lync 2013 client deployment via SCCM 2012 forcing restart

  All, 
  I am attempting to deploy the Lync 2013 x86 client via SCCM 2012 to 158 machines running the Office 2010 suite. My package runs, and the installs complete but they are forcing a restart after the install even though I have gone in to everything that I can
  think of to tell the install not to force a restart. I am a newb in the ways of SCCM so I have been self teaching, and I may have missed something. 
  I have gone into the config.xml and changed the value SETUP_REBOOT to NEVER. 
  In the program properties I have RUN set as HIDDEN, and AFTER RUNNING set to NO ACTION REQUIRED. 
  Is there something that I am missing to stop the users machine from restarting after the install completes?

  Great, unfortunately it will be because files (usually shared DLLs) are in use as Office is opened, despite it being an older version. 
  Agree it's not optimal, I usually just tell clients that they will need to reboot, or that it will push out overnight (when I schedule it) and their computer will restart, so make sure they save everything.
  If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"
  Georg Thomas | Lync MVP
  Blog www.lynced.com.au | Twitter
  @georgathomas
  Lync Edge Port Check (Beta)

• How to deploy MS Visio & MS Project via SCCM 2012

  Dear friend,
     Please let me know the How to deploy MS Visio & MS Project via SCCM 2012, step by step
  Thanks

  You need to utilize Office Customize Tooltik to build config.xml, then distribute the config.xml with setup file. Below are some documents talking about this.
  http://blogs.msdn.com/b/visio/archive/2011/02/04/more-on-visio-2010-volume-deployment.aspx
  http://blogs.technet.com/b/odsupport/archive/2010/12/03/volume-license-editions-of-visio-2010-install-premium-edition-by-default.aspx
  Juke Chou
  TechNet Community Support

• Forefront Endpoint Protection Definitions Not Updated via SCCM (SCCM 2012 SP1)

  Hi All
  We have an issue of FEP definitions not updating correctly.
  1. Clients getting definitions updates from the internet, not SCCM. Any solution?
  2. Currently, we have around 20 workstations installed with FEP but having more than 7 different definitions versions within those. Waited for a couple of days but still not updating.. kind of random.
  Any advice where to check or what is to be done?
  Regards,
  Xavier

  (Assuming you are using ConfigMgr 2012)
  Part of the Antimalware policy is the tab Definition Updates, in this tab you can define the update location(s). Also, in the normal client settings you can disable the client from going online for their initial definitions.
  Make sure you are deploying the latest updates via ConfigMgr (either via an ADR, or a custom Software Update Group).
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude