Why is System Center Endpoint Protection 2012 SP1 inconsistent in applying antimalware policies?
Posted on 2013-06-14
I've recently created a new Client Settings Profile and Antimalware Policy within SCCM 2012 SP1. I've created a collection with test machines (including some XP clients and some Windows 7 clients). I deployed the Client Settings and Antimalware Policy to that collection. My old antivirus software (Forefront Client Security) was removed and SCEP 2012 SP1 was layed down in its place.
The installation went fine on all my test machines, however, I'm noticing significant inconsistencies in the application of the antimalware policy.
Here are some bullet points of inconsistency:
- SCEP on Windows 7 machines do not receive the file extension or file path exclusion lists.
- The "Disable the client user interface" setting does not dynamically apply. Only the setting that existed upon the client's first install takes effect. If you change this later in the antimalware policy, the client UI will not reappear/disappear.
- If real-time protection is turned off by an administrator on the client (by unchecking it and providing a credential through the UAC prompt), it will never get reenabled even though it is required by the Antimalware Policy.
Has anyone else seen this? Am I looking at an extremely buggy client? Or am I missing something? There's more to the list but these are some examples I found within only 30 minutes of testing.
The latest April 2013 update for the client (KB 2831316) has been distributed via our WSUS infrastructure and makes no difference to these items.