Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Why is System Center Endpoint Protection 2012 SP1 inconsistent in applying antimalware policies?

Posted on 2013-06-14
9
2,387 Views
Last Modified: 2013-07-13
Folks -

I've recently created a new Client Settings Profile and Antimalware Policy within SCCM 2012 SP1.  I've created a collection with test machines (including some XP clients and some Windows 7 clients).  I deployed the Client Settings and Antimalware Policy to that collection.  My old antivirus software (Forefront Client Security) was removed and SCEP 2012 SP1 was layed down in its place.

The installation went fine on all my test machines, however, I'm noticing significant inconsistencies in the application of the antimalware policy.

Here are some bullet points of inconsistency:
- SCEP on Windows 7 machines do not receive the file extension or file path exclusion lists.

- The "Disable the client user interface" setting does not dynamically apply.  Only the setting that existed upon the client's first install takes effect.  If you change this later in the antimalware policy, the client UI will not reappear/disappear.

- If real-time protection is turned off by an administrator on the client (by unchecking it and providing a credential through the UAC prompt), it will never get reenabled even though it is required by the Antimalware Policy.

Has anyone else seen this?  Am I looking at an extremely buggy client?  Or am I missing something?  There's more to the list but these are some examples I found within only 30 minutes of testing.

The latest April 2013 update for the client (KB 2831316) has been distributed via our WSUS infrastructure and makes no difference to these items.
0
Comment
Question by:amendala
  • 5
  • 2
9 Comments
 
LVL 4

Expert Comment

by:TechOps07
ID: 39248599
I came across this as well during my lab testing of SCCM 2012 with EndPoint. I realized that the policy will take affect within 24hrs unless you force a policy update via the Configuration Manager option in Control Panel on target machine.

If you think about it that would be normal as you make the changes on the Server for the said policy it will take a while for all the clients to report to the SCCM for any changes in policies.
0
 

Author Comment

by:amendala
ID: 39248772
Unfortunately, that isn't my experience.  The SCEP clients I've deployed have been active for over a week.

I know policy is updating as some features work, but the fact that some work and some don't bothers me.  I'm very close to opening a Premiere case with Microsoft.

It just doesn't make sense that some policy attributes work, some don't, and of all things, some don't work on Windows 7 but they work on XP.  Wow.  :)
0
 
LVL 4

Expert Comment

by:TechOps07
ID: 39248937
That is very odd needless to day. I wish I had an answer for you in this case but the only thing I can think of is conflicting policies but they are labeled by priority so that cannot be the case.

If you find a solution please post back on here because I am very curious on why and how this occurred.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:amendala
ID: 39249105
I'll post back when I know something.  These machines had FCS on them before which obtains its settings via GPO.  I'm wondering if tatoo'd GPO settings from the prior AV client, which obviously carries the same executable name (msmpeng.exe), implying significant similarity, are part of the problem.

I denied application of the FCS GPO to my workstation and allowed numerous SCCM policy refresh cycles to pass with no difference in behavior.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 39308000
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 

Author Comment

by:amendala
ID: 39307996
I have determined the cause of this problem.

SCEP relies on Local Group Policy Processing in order to apply its policy settings.  In organizations that have deployed a domain-global GPO to disable Local Group Policy Processing, such as my own, SCEP policy settings cannot be properly compiled and applied.

Upon removing this global GPO setting from all computers in my domain, SCEP began accurately and consistently applying policy.
0
 

Accepted Solution

by:
amendala earned 0 total points
ID: 39308001
I have determined the cause of this problem.

SCEP relies on Local Group Policy Processing in order to apply its policy settings.  In organizations that have deployed a domain-global GPO to disable Local Group Policy Processing, such as my own, SCEP policy settings cannot be properly compiled and applied.

Upon removing this global GPO setting from all computers in my domain, SCEP began accurately and consistently applying policy.
0
 

Author Closing Comment

by:amendala
ID: 39323033
I determined the problem and fixed it.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question