Solved

Microsoft Forefront Endpoint Protection killig old machines

Posted on 2014-03-28
3
1,593 Views
Last Modified: 2014-04-30
Hey

We have some IBM L520 (approx 2-3 years old) laptops.

When we install MFEP it takes about x3 more time to startup (before logon screen is shown)

We use the "Performance" schema from SCCM to configure the clients...

Any ideas? (why this happens)

Mike
0
Comment
Question by:mikeydk
  • 2
3 Comments
 
LVL 61

Expert Comment

by:btan
ID: 39963379
Some old article highlighted

FEP 2010 with pre-6903 engines may cause boot and logon delays. To check engine version, click Help, and then click About in Forefront Endpoint Protection. Ensure that FEP and other Microsoft security software is configured to receive monthly updates.
also good to check the event viewer for any errors pertaining to FEP. here is one on Client Security slow logon issue. there is even in the forum discussing and some has some relief by disabling network file scan (disable alleviate the slowness), real root cause not known.
0
 

Author Comment

by:mikeydk
ID: 39998615
Running the latest version
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39998866
I supposed this update is applied as well

KB2735855 - Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

May be good to check out log files from FEP then.

 MPLog - primary client side log, . It will contain information on almost every aspect of a client.  Esp pulling of update from multiple update sources. It is located in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default).

NisLog.txt - If you've enabled the Network Inspection System (NIS) component of in your policy, then it will append data to NisLog.txt. NIS is the network monitoring component of FEP. Its service starts during bootup, and creates log entries. NIS will inspect traffic at the network level and will block any attempt to exploit known vulnerabilities in MS network protocols like SMB and RPC. Generally speaking, on patch Tuesdays. The NIS engine will also review the hotfixes applied to the system. If a system is patched for a particular vulnerability the signature will not be loaded to memory so increasing performance. It is located at C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\nislog.txt

Also to view a FEP event, specifically the below pertaining to FEP client

Event ID: 1001 - Forefront Endpoint Protection client failed to apply security policy: <Policy name>. Error: <Error description>. Error Code: <Error number>.

Event ID: 1005 - Forefront Endpoint Protection client scan has encountered an error and stopped.

Event ID: 1118 - The Forefront Endpoint Protection client has encountered a non-critical error when taking action on malware or other potentially unwanted software.

Event ID: 1119 - Forefront Endpoint Protection client has encountered a critical error when taking action on malware or other potentially unwanted software.

Event ID: 2001 - Forefront Endpoint Protection client has encountered an error trying to update signatures.

Event ID: 2003 - Forefront Endpoint Protection client has encountered an error trying to update the engine.

Event ID: 2004 - Forefront Endpoint Protection client has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Event ID: 2012 - Forefront Endpoint Protection client has encountered an error trying to use Dynamic Signature Service.

Event ID: 3002 - Endpoint Protection client Real-Time Protection feature has encountered an error and failed.

Event ID: 5008 - Forefront Endpoint Protection client engine has been terminated due to an unexpected error.

Lastly, there can be exclusion of virus scan for optimal scanning resources
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now