Solved

Microsoft Forefront Endpoint Protection killig old machines

Posted on 2014-03-28
3
1,704 Views
Last Modified: 2014-04-30
Hey

We have some IBM L520 (approx 2-3 years old) laptops.

When we install MFEP it takes about x3 more time to startup (before logon screen is shown)

We use the "Performance" schema from SCCM to configure the clients...

Any ideas? (why this happens)

Mike
0
Comment
Question by:mikeydk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39963379
Some old article highlighted

FEP 2010 with pre-6903 engines may cause boot and logon delays. To check engine version, click Help, and then click About in Forefront Endpoint Protection. Ensure that FEP and other Microsoft security software is configured to receive monthly updates.
also good to check the event viewer for any errors pertaining to FEP. here is one on Client Security slow logon issue. there is even in the forum discussing and some has some relief by disabling network file scan (disable alleviate the slowness), real root cause not known.
0
 

Author Comment

by:mikeydk
ID: 39998615
Running the latest version
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39998866
I supposed this update is applied as well

KB2735855 - Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

May be good to check out log files from FEP then.

 MPLog - primary client side log, . It will contain information on almost every aspect of a client.  Esp pulling of update from multiple update sources. It is located in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default).

NisLog.txt - If you've enabled the Network Inspection System (NIS) component of in your policy, then it will append data to NisLog.txt. NIS is the network monitoring component of FEP. Its service starts during bootup, and creates log entries. NIS will inspect traffic at the network level and will block any attempt to exploit known vulnerabilities in MS network protocols like SMB and RPC. Generally speaking, on patch Tuesdays. The NIS engine will also review the hotfixes applied to the system. If a system is patched for a particular vulnerability the signature will not be loaded to memory so increasing performance. It is located at C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\nislog.txt

Also to view a FEP event, specifically the below pertaining to FEP client

Event ID: 1001 - Forefront Endpoint Protection client failed to apply security policy: <Policy name>. Error: <Error description>. Error Code: <Error number>.

Event ID: 1005 - Forefront Endpoint Protection client scan has encountered an error and stopped.

Event ID: 1118 - The Forefront Endpoint Protection client has encountered a non-critical error when taking action on malware or other potentially unwanted software.

Event ID: 1119 - Forefront Endpoint Protection client has encountered a critical error when taking action on malware or other potentially unwanted software.

Event ID: 2001 - Forefront Endpoint Protection client has encountered an error trying to update signatures.

Event ID: 2003 - Forefront Endpoint Protection client has encountered an error trying to update the engine.

Event ID: 2004 - Forefront Endpoint Protection client has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Event ID: 2012 - Forefront Endpoint Protection client has encountered an error trying to use Dynamic Signature Service.

Event ID: 3002 - Endpoint Protection client Real-Time Protection feature has encountered an error and failed.

Event ID: 5008 - Forefront Endpoint Protection client engine has been terminated due to an unexpected error.

Lastly, there can be exclusion of virus scan for optimal scanning resources
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question