Solved

Microsoft Forefront Endpoint Protection killig old machines

Posted on 2014-03-28
3
1,651 Views
Last Modified: 2014-04-30
Hey

We have some IBM L520 (approx 2-3 years old) laptops.

When we install MFEP it takes about x3 more time to startup (before logon screen is shown)

We use the "Performance" schema from SCCM to configure the clients...

Any ideas? (why this happens)

Mike
0
Comment
Question by:mikeydk
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39963379
Some old article highlighted

FEP 2010 with pre-6903 engines may cause boot and logon delays. To check engine version, click Help, and then click About in Forefront Endpoint Protection. Ensure that FEP and other Microsoft security software is configured to receive monthly updates.
also good to check the event viewer for any errors pertaining to FEP. here is one on Client Security slow logon issue. there is even in the forum discussing and some has some relief by disabling network file scan (disable alleviate the slowness), real root cause not known.
0
 

Author Comment

by:mikeydk
ID: 39998615
Running the latest version
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39998866
I supposed this update is applied as well

KB2735855 - Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2

May be good to check out log files from FEP then.

 MPLog - primary client side log, . It will contain information on almost every aspect of a client.  Esp pulling of update from multiple update sources. It is located in the “C:\ProgramData\Microsoft\Microsoft Antimalware\Support” directory. (Note: This directory is hidden by default).

NisLog.txt - If you've enabled the Network Inspection System (NIS) component of in your policy, then it will append data to NisLog.txt. NIS is the network monitoring component of FEP. Its service starts during bootup, and creates log entries. NIS will inspect traffic at the network level and will block any attempt to exploit known vulnerabilities in MS network protocols like SMB and RPC. Generally speaking, on patch Tuesdays. The NIS engine will also review the hotfixes applied to the system. If a system is patched for a particular vulnerability the signature will not be loaded to memory so increasing performance. It is located at C:\ProgramData\Microsoft\Microsoft Antimalware\Network Inspection System\Support\nislog.txt

Also to view a FEP event, specifically the below pertaining to FEP client

Event ID: 1001 - Forefront Endpoint Protection client failed to apply security policy: <Policy name>. Error: <Error description>. Error Code: <Error number>.

Event ID: 1005 - Forefront Endpoint Protection client scan has encountered an error and stopped.

Event ID: 1118 - The Forefront Endpoint Protection client has encountered a non-critical error when taking action on malware or other potentially unwanted software.

Event ID: 1119 - Forefront Endpoint Protection client has encountered a critical error when taking action on malware or other potentially unwanted software.

Event ID: 2001 - Forefront Endpoint Protection client has encountered an error trying to update signatures.

Event ID: 2003 - Forefront Endpoint Protection client has encountered an error trying to update the engine.

Event ID: 2004 - Forefront Endpoint Protection client has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Event ID: 2012 - Forefront Endpoint Protection client has encountered an error trying to use Dynamic Signature Service.

Event ID: 3002 - Endpoint Protection client Real-Time Protection feature has encountered an error and failed.

Event ID: 5008 - Forefront Endpoint Protection client engine has been terminated due to an unexpected error.

Lastly, there can be exclusion of virus scan for optimal scanning resources
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question