Solved

Microsoft Forefront Endpoint Protection killig old machines

Posted on 2014-03-28
3
1,662 Views
Last Modified: 2014-04-30
Hey

We have some IBM L520 (approx 2-3 years old) laptops.

When we install MFEP it takes about x3 more time to startup (before logon screen is shown)

We use the "Performance" schema from SCCM to configure the clients...

Any ideas? (why this happens)

Mike
0
Comment
Question by:mikeydk
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39963379
Some old article highlighted

FEP 2010 with pre-6903 engines may cause boot and logon delays. To check engine version, click Help, and then click About in Forefront Endpoint Protection. Ensure that FEP and other Microsoft security software is configured to receive monthly updates.
also good to check the event viewer for any errors pertaining to FEP. here is one on Client Security slow logon issue. there is even in the forum discussing and some has some relief by disabling network file scan (disable alleviate the slowness), real root cause not known.
0
 

Author Comment

by:mikeydk
ID: 39998615
Running the latest version
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39998866
I supposed this update is applied as well

KB2735855 - Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

May be good to check out log files from FEP then.

 MPLog - primary client side log, . It will contain information on almost every aspect of a client.  Esp pulling of update from multiple update sources. It is located in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default).

NisLog.txt - If you've enabled the Network Inspection System (NIS) component of in your policy, then it will append data to NisLog.txt. NIS is the network monitoring component of FEP. Its service starts during bootup, and creates log entries. NIS will inspect traffic at the network level and will block any attempt to exploit known vulnerabilities in MS network protocols like SMB and RPC. Generally speaking, on patch Tuesdays. The NIS engine will also review the hotfixes applied to the system. If a system is patched for a particular vulnerability the signature will not be loaded to memory so increasing performance. It is located at C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\nislog.txt

Also to view a FEP event, specifically the below pertaining to FEP client

Event ID: 1001 - Forefront Endpoint Protection client failed to apply security policy: <Policy name>. Error: <Error description>. Error Code: <Error number>.

Event ID: 1005 - Forefront Endpoint Protection client scan has encountered an error and stopped.

Event ID: 1118 - The Forefront Endpoint Protection client has encountered a non-critical error when taking action on malware or other potentially unwanted software.

Event ID: 1119 - Forefront Endpoint Protection client has encountered a critical error when taking action on malware or other potentially unwanted software.

Event ID: 2001 - Forefront Endpoint Protection client has encountered an error trying to update signatures.

Event ID: 2003 - Forefront Endpoint Protection client has encountered an error trying to update the engine.

Event ID: 2004 - Forefront Endpoint Protection client has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Event ID: 2012 - Forefront Endpoint Protection client has encountered an error trying to use Dynamic Signature Service.

Event ID: 3002 - Endpoint Protection client Real-Time Protection feature has encountered an error and failed.

Event ID: 5008 - Forefront Endpoint Protection client engine has been terminated due to an unexpected error.

Lastly, there can be exclusion of virus scan for optimal scanning resources
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question