none
Disable FEP Virus detect Notification

    Question

  • Hi All,

    We are using SCCM 2007 R3 with FEP 2010 Integration.

    Many of our clients want us to disable FEP notifications. Is there any way by which we can disable this notification. Any configuration with policy or Registry. Any thing to avoid this notification? Anything scripts, registry tweaks or a work around to disable this notification????

     

    I have tried the GPO tool but it does not provide the way to disable this notification.

     

    Thanks

    Saturday, January 21, 2012 7:21 PM

Answers

  • Hi mediasyst,

    The workaround provided by microsoft by delting the registry key is Equivalent to disabling on access Scan, which is a real security hole. I will not suggest any one to delete that key.


    • Marked as answer by Sccmnb Monday, February 13, 2012 1:31 PM
    Monday, February 13, 2012 1:30 PM

All replies

  • Hi,

    I don't think it possible either the only setting you have is this one: "Display notifications to clients when they need to perform actions" and that is just for when a scan is needed, update required e.tc.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec
    • Proposed as answer by Rick TanModerator Tuesday, January 24, 2012 3:45 AM
    • Marked as answer by Rick TanModerator Monday, February 06, 2012 2:35 AM
    • Unmarked as answer by Sccmnb Monday, February 13, 2012 7:53 AM
    Saturday, January 21, 2012 9:58 PM
  • Yes, the only way i came to know for disabling this notification is by disabling the Access protection. But this will be useless as it will disable the on access feature. Hope that anyone know a way to disable this.

    Can this be done by some script? or a registry key? I need that badly......

    Saturday, January 21, 2012 11:10 PM
  • As I've already answered you on ConfigMgr forum, these notifications are related to FEP real time protection and as far as I know there is no way to disable them except if you disable the real time feature and this is not recommanded.


    Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1
    Sunday, January 22, 2012 9:19 AM
  • Yes you answerd the same on ConfigMgr forum, then i was asked by other members of that forum to post this question on FEP forum for more answers. So here i am looking for a registry tweak or any work around to disable this notification as its been a real pain for me.

     

    Sunday, January 22, 2012 10:02 AM
  • So if I'm reading this right there is no way to silently delete malware using real-time scanning on a machine such as a file server?  That's mind boggling if true. 

    Tuesday, January 24, 2012 6:26 AM
  • Looks like its true Wayne. And there is no work around either i guess.

    What a blunder.

    Tuesday, January 24, 2012 8:54 AM
  • If that's true (and it appears so) I seriously hope this has changed in FEP2012.  For now I'm forced to deploy McAfee 8.8 which I wanted to migrate away from on our new file server cluster.  And trust me, I was trying to avoid McAfee at all costs.

     

    Thursday, January 26, 2012 12:06 AM
  • Belive me or not Wayne I have the same situation were i forced to use FEP in place of McAfee but now i think i was wrong.

    This notification is a real headache for me these days.

    Thursday, January 26, 2012 1:13 PM
  • Hi,

     

    I will open a case at microsoft to clarify if its really not possible to disable the popups. I keep you updated as soon as I get a feedback. We also checked fep 2012 beta, it seems to be the same. No way to disable realtime scanner popups via gpo and sccm policies. In both versions there is a option in the gpo policy to disable client notification but this seems to have no effect for real time scanner notifications.

     

    stefan


    • Edited by mediasyst Wednesday, February 01, 2012 12:49 AM
    Wednesday, February 01, 2012 12:46 AM
  • Mediasyst: Any updates????

    Whats ur email address?

    Monday, February 06, 2012 8:42 AM
  • Hi there,

    after a call with the microsoft support I can tell with guarantee, there is no way to disable the popup notification.
    There is a way however to completely disable the UI on the client pcs by deleting the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide –runkey

    Thats the only solution the support could give me. I put in a request for a feature to disable the notification via gpo or policy, but the guy from support told that its highly unlikely this will be changed, so yeah...300 € well spent :)

    Edit: This is also true for FEP 2012...

    Regards



    • Edited by mediasyst Monday, February 06, 2012 10:37 AM
    • Marked as answer by Sccmnb Monday, February 13, 2012 7:53 AM
    • Unmarked as answer by Sccmnb Monday, February 13, 2012 1:31 PM
    • Proposed as answer by Rum Fanatic Thursday, March 15, 2012 8:45 AM
    Monday, February 06, 2012 10:27 AM
  • That pretty much makes FEP useless on servers for us.  No default action without user interventions?  ridiculous.  Did MS do this to appease the 3rd party AV vendors? 

    In our case, it looks like we are stuck with McAfee. 

    Monday, February 06, 2012 3:48 PM
  • you can define default actions via sccm policies which will be executed automatically after 10 minutes i think. My post is just about the popup for clients.

    Monday, February 06, 2012 4:15 PM
  • I'll have to test that out.  I've set the default actions to delete; I just never waited 10 minutes.  I wonder how that will interact with DPM2010 (our backup system) where DPM states that malware should be deleted and not cleaned due to data corruption possibilities in the replicas.  I wonder how the deny-access behavior during that 10 minutes will interact with DPM syncs. 

    Monday, February 06, 2012 4:20 PM
  • I don't know that, I just can say that the default action to be executed is hard coded to 10 minutes and can't be modified to be executed earlier.

    I'm starting to get really annoyed with this. Why doesn't MS allow admins to decide, how long it should take to delete a file or if clients should see a freakin' popup.

    Wednesday, February 08, 2012 10:17 AM
  • Hi mediasyst,

    The workaround provided by microsoft by delting the registry key is Equivalent to disabling on access Scan, which is a real security hole. I will not suggest any one to delete that key.


    • Marked as answer by Sccmnb Monday, February 13, 2012 1:31 PM
    Monday, February 13, 2012 1:30 PM
  • Msseces.exe is only the Microsoft Client Security User Interface. Disabling this will not stop the realtime protection of the server.

    I've just tested this on 2 of our RDS servers, killed all the msseces processes , then created an EICAR test file.  The file was blocked immediately and it showed up in SCOM aswell.

    Thursday, March 15, 2012 8:44 AM
  • Is there a way we can get a notification for FEP scans when the scans are running ?

    Like a pop up as soon as the scans are initiated to notify the users that the scans re running on the system ?

    Wednesday, October 16, 2013 6:31 PM