Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Microsoft Forefront Endpoint Protection killig old machines

Posted on 2014-03-28
3
Medium Priority
?
1,760 Views
Last Modified: 2014-04-30
Hey

We have some IBM L520 (approx 2-3 years old) laptops.

When we install MFEP it takes about x3 more time to startup (before logon screen is shown)

We use the "Performance" schema from SCCM to configure the clients...

Any ideas? (why this happens)

Mike
0
Comment
Question by:mikeydk
  • 2
3 Comments
 
LVL 65

Expert Comment

by:btan
ID: 39963379
Some old article highlighted

FEP 2010 with pre-6903 engines may cause boot and logon delays. To check engine version, click Help, and then click About in Forefront Endpoint Protection. Ensure that FEP and other Microsoft security software is configured to receive monthly updates.
also good to check the event viewer for any errors pertaining to FEP. here is one on Client Security slow logon issue. there is even in the forum discussing and some has some relief by disabling network file scan (disable alleviate the slowness), real root cause not known.
0
 
LVL 1

Author Comment

by:mikeydk
ID: 39998615
Running the latest version
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39998866
I supposed this update is applied as well

KB2735855 - Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

May be good to check out log files from FEP then.

 MPLog - primary client side log, . It will contain information on almost every aspect of a client.  Esp pulling of update from multiple update sources. It is located in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default).

NisLog.txt - If you've enabled the Network Inspection System (NIS) component of in your policy, then it will append data to NisLog.txt. NIS is the network monitoring component of FEP. Its service starts during bootup, and creates log entries. NIS will inspect traffic at the network level and will block any attempt to exploit known vulnerabilities in MS network protocols like SMB and RPC. Generally speaking, on patch Tuesdays. The NIS engine will also review the hotfixes applied to the system. If a system is patched for a particular vulnerability the signature will not be loaded to memory so increasing performance. It is located at C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\nislog.txt

Also to view a FEP event, specifically the below pertaining to FEP client

Event ID: 1001 - Forefront Endpoint Protection client failed to apply security policy: <Policy name>. Error: <Error description>. Error Code: <Error number>.

Event ID: 1005 - Forefront Endpoint Protection client scan has encountered an error and stopped.

Event ID: 1118 - The Forefront Endpoint Protection client has encountered a non-critical error when taking action on malware or other potentially unwanted software.

Event ID: 1119 - Forefront Endpoint Protection client has encountered a critical error when taking action on malware or other potentially unwanted software.

Event ID: 2001 - Forefront Endpoint Protection client has encountered an error trying to update signatures.

Event ID: 2003 - Forefront Endpoint Protection client has encountered an error trying to update the engine.

Event ID: 2004 - Forefront Endpoint Protection client has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Event ID: 2012 - Forefront Endpoint Protection client has encountered an error trying to use Dynamic Signature Service.

Event ID: 3002 - Endpoint Protection client Real-Time Protection feature has encountered an error and failed.

Event ID: 5008 - Forefront Endpoint Protection client engine has been terminated due to an unexpected error.

Lastly, there can be exclusion of virus scan for optimal scanning resources
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question