A few days ago we released three new Endpoint Protection reports. Together these reports give you a great insight into how well your Endpoint Protection clients are doing. Endpoint Protection – Dashboard System Health – Endpoint Protection System Health – Malware Detection (System Health reports are sold together) These reports are also available bundled together with Jonathan Lefebvre Endpoint Protection Management Guide at a discounted price. SCCM Endpoint Protection Dashboard This report shows you useful information about endpoint protection on a single page. The boxes at the top show current status as well as a trend for the last 30 days for each of the 5 categories a client can be in (Protected-Inactive-At Risk-Unprotected-Infected) . The two At Risk and Unprotected categories shows a breakdown of the subcategories that make up the these two states. If you bought the System Health – Endpoint Protection reports you can click on a number and it will drill-trough to a filtered … Read More
List of SCCM Endpoint Protection Agent Versions
We have compiled a list of SCCM Endpoint Protection agent versions, build numbers and cumulative updates. Anti-Malware platform updates are cumulative, meaning that the latest one includes the previous one. If you are new to System Center Endpoint Protection, see our complete guide which covers it all. We documented a few years back… since the SCCM 2012 RTM release. If we missed some versions, please let us know and we will update this post. This post will be updated as new releases are made available. **Updated 2017/04/10** How to get your SCCM Endpoint Protection Agent Version Numbers An easy and built-in way to evaluate Endpoint Protection version of the agent is to use the Software Update Compliance information: Open the SCCM console, go to Software Library / Software Update / All Software Updates Click on Add Criteria and check: Product & Update classification Select Product: Forefront Endpoint Protection 2010 Update Classification: Critical Updates … Read More
SCCM Endpoint Protection Management Guide
SCCM Endpoint Protection is not the simplest SCCM tasks to put in place. Over the years, we trained many SCCM administrator using a simple approach and deployment strategy. We created this complete SCCM Endpoint Protection Guide based on our knowledge and experience. This e-book is a best-practice guide on how to plan, configure, manage and deploy Endpoint Protection with SCCM. This e-book aims to help SCCM administrator understand the basic concept of each part of the Endpoint Protection management. Many Endpoint Protection settings require customization based on your environment, this document describes a typical case that can be used in any organization as a good starting point for efficient malware protection. The guide will help you achieve theses tasks: Install Endpoint Protection point role Setup your SCCM server to respond to your Endpoint Protection clients Configure Software Update point to support Endpoint Protection Enable the right product in your software update … Read More
Managing Windows 10 Endpoint Protection with SCCM 2012
Windows 10 is out since July 29th, now you want to manage Windows 10 Endpoint Protection with SCCM 2012. You have probably noticed that Windows 10 comes natively with Windows Defender. Instead of Endpoint Protection, it is now the default anti-malware managed by SCCM 2012. Actually, the Endpoint Protection agent is installed locally in Programs & Features but it’s using the Windows Defender UI with a thin layer of Endpoint Protection to manage policies and malware definitions. If you have already deployed Windows 10 in your environment, you might have encountered an issue where your Endpoint Protection policies are applied but the malware definitions are not updated. Some have found a way to work around this problem by extracting the Endpoint Protection installer and make Endpoint Protection malware definitions automatically update. Unfortunately, this TechNet article is the only official documentation but it’s mentioning only Windows 10 Technical Preview, no word about Windows 10 RTM. Might only be a matter of updating their documentation. For … Read More
How to install Endpoint Protection Point in SCCM 2012 R2
In this part of SCCM 2012 and SCCM 1511 blog series, we will describe how to install SCCM 2012 R2 or SCCM 1511 Endpoint Protection Point (EPP). Role Description The Endpoint Protection Point provides the default settings for all antimalware policies and installs the Endpoint Protection client on the Site System server to provide a data source from which the SCCM database resolves malware IDs to names. When you install this Site System Role, you must accept the license terms for System Center 2012 R2 Endpoint Protection. This is not a mandatory Site System but you need to install a EPP if you’re planning to use SCCM as your anti-virus management solution (using Endpoint Protection). Site System Role Placement in Hierarchy This Site System is a hierarchy-wide option. SCCM supports a single instance of this site system role in a hierarchy and only at the top-level site in the hierarchy. It’s supported to install this role on a Central Administration Site … Read More
Endpoint Protection Policy is not Applied
This post explains what to do when Endpoint Protection policy not applied Symptom The policy was applied to a specific collection and all members of the collection were failing to apply the policy Monitoring / Endpoint Protection Status / System Center 2012 R2 Endpoint Protection Status / Operational State 12 clients are failing to apply the custom policy. Clicking on the “Antimalware policy application failed” brings us to the list of machine. On the bottom, clicking on the “Antimalware Policy” tab shows the error : 0x80004005 – Failed to generate Antimalware policy file Let’s look at the EndpointProtectionAgent.log on one of the affected client. Failed to generate AM policy XML with error code 0x80004005 State 2 and ErrorCode -2147467259 and ErrorMsg Failed to generate Antimalware policy file You can see that my policy “Endpoint Protection CTX 4.5, 6.0 & 6.5” is failing. Error 4005 would make me think about “Access Denied” error … Read More
Configuration Manager 2012 Client Command List
I recently found in our infrastructure that a lot of new Windows Server 2012 Core Edition were installed for specific reason. This edition can cause some problems to administrators that are not aware of SCCM commands. Here is the list of actions that will be covered in this post: Configuration Manager client services and properties Configuration Manager agent scan trigger EndPoint Protection client installation and properties Logs directory There’s a lot of commands that can be execute but I will give you the minimum to remember. From ‘cmd’, type those commands for configuration manager. Configuration Manager Client Scan Trigger with WMI You can also trigger agent from WMI command line if you don’t want to open the configuration manager properties. Troubleshooting Make sure to run those commands as administrator else you will receive an access denied error message. If the execution is successful, you should see something like this. Configuration … Read More