Saturday, January 21, 2012 7:21 PM
We are using SCCM 2007 R3 with FEP 2010 Integration.
Many of our clients want us to disable FEP notifications. Is there any way by which we can disable this notification. Any configuration with policy or Registry. Any thing to avoid this notification? Anything scripts, registry tweaks or a work around to disable this notification????
I have tried the GPO tool but it does not provide the way to disable this notification.
Saturday, January 21, 2012 9:58 PM
I don't think it possible either the only setting you have is this one: "Display notifications to clients when they need to perform actions" and that is just for when a scan is needed, update required e.tc.
-- My System Center blog ccmexec.com -- Twitter @ccmexec
Saturday, January 21, 2012 11:10 PM
Yes, the only way i came to know for disabling this notification is by disabling the Access protection. But this will be useless as it will disable the on access feature. Hope that anyone know a way to disable this.
Can this be done by some script? or a registry key? I need that badly......
Sunday, January 22, 2012 9:19 AM
As I've already answered you on ConfigMgr forum, these notifications are related to FEP real time protection and as far as I know there is no way to disable them except if you disable the real time feature and this is not recommanded.
Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1
Sunday, January 22, 2012 10:02 AM
Yes you answerd the same on ConfigMgr forum, then i was asked by other members of that forum to post this question on FEP forum for more answers. So here i am looking for a registry tweak or any work around to disable this notification as its been a real pain for me.
Tuesday, January 24, 2012 6:26 AM
So if I'm reading this right there is no way to silently delete malware using real-time scanning on a machine such as a file server? That's mind boggling if true.
Tuesday, January 24, 2012 8:54 AM
Looks like its true Wayne. And there is no work around either i guess.
What a blunder.
Thursday, January 26, 2012 12:06 AM
If that's true (and it appears so) I seriously hope this has changed in FEP2012. For now I'm forced to deploy McAfee 8.8 which I wanted to migrate away from on our new file server cluster. And trust me, I was trying to avoid McAfee at all costs.
Thursday, January 26, 2012 1:13 PM
Belive me or not Wayne I have the same situation were i forced to use FEP in place of McAfee but now i think i was wrong.
This notification is a real headache for me these days.
Wednesday, February 01, 2012 12:46 AM
I will open a case at microsoft to clarify if its really not possible to disable the popups. I keep you updated as soon as I get a feedback. We also checked fep 2012 beta, it seems to be the same. No way to disable realtime scanner popups via gpo and sccm policies. In both versions there is a option in the gpo policy to disable client notification but this seems to have no effect for real time scanner notifications.
- Edited by mediasyst Wednesday, February 01, 2012 12:49 AM
Monday, February 06, 2012 8:42 AM
Mediasyst: Any updates????
Whats ur email address?
Monday, February 06, 2012 10:27 AM
after a call with the microsoft support I can tell with guarantee, there is no way to disable the popup notification.
There is a way however to completely disable the UI on the client pcs by deleting the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide –runkey
Thats the only solution the support could give me. I put in a request for a feature to disable the notification via gpo or policy, but the guy from support told that its highly unlikely this will be changed, so yeah...300 € well spent :)
Edit: This is also true for FEP 2012...
Monday, February 06, 2012 3:48 PM
That pretty much makes FEP useless on servers for us. No default action without user interventions? ridiculous. Did MS do this to appease the 3rd party AV vendors?
In our case, it looks like we are stuck with McAfee.
Monday, February 06, 2012 4:15 PM
you can define default actions via sccm policies which will be executed automatically after 10 minutes i think. My post is just about the popup for clients.
Monday, February 06, 2012 4:20 PM
I'll have to test that out. I've set the default actions to delete; I just never waited 10 minutes. I wonder how that will interact with DPM2010 (our backup system) where DPM states that malware should be deleted and not cleaned due to data corruption possibilities in the replicas. I wonder how the deny-access behavior during that 10 minutes will interact with DPM syncs.
Wednesday, February 08, 2012 10:17 AM
I don't know that, I just can say that the default action to be executed is hard coded to 10 minutes and can't be modified to be executed earlier.
I'm starting to get really annoyed with this. Why doesn't MS allow admins to decide, how long it should take to delete a file or if clients should see a freakin' popup.
Monday, February 13, 2012 1:30 PM
The workaround provided by microsoft by delting the registry key is Equivalent to disabling on access Scan, which is a real security hole. I will not suggest any one to delete that key.
- Marked As Answer by Sccmnb Monday, February 13, 2012 1:31 PM
Thursday, March 15, 2012 8:44 AM
Msseces.exe is only the Microsoft Client Security User Interface. Disabling this will not stop the realtime protection of the server.
I've just tested this on 2 of our RDS servers, killed all the msseces processes , then created an EICAR test file. The file was blocked immediately and it showed up in SCOM aswell.