locked
New Endpoint Version Causing Erroneous Virus Detections RRS feed

  • Question

  • Ever since the new endpoint protection introduced in KB3036437, our network is having problems with java based websites as well as downloading PDF files from any source. It seems to be targeting all PDF files as viruses. Has anyone else had a problem with this update? We narrowed it down to that version by incrementally updating FEP. Any suggestions on how to mass roll back FEP or any thing else, please let me know. THanks a lot. 
    Wednesday, February 11, 2015 6:13 PM

Answers

All replies

  • Hello,

    We are also having issues with this update. I first noticed the issue when trying to download and .msi file, and noticed the problem with .pdf and other file types as well. Turning off Realtime protections seems to have no affect. As TacP Luke said, any suggestions or workarounds on this issue would be appreciated.

    Thanks.

    Wednesday, February 11, 2015 7:15 PM
  • Having same issues. All downloading is broken as soon as KB3036437 is applied. I started with Antimalware Client Version: 4.7.205.0, which wasn’t working.  After the fresh install, I had 4.3.220.0.  Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0.  Then it wanted to install KB3036437, which brought it back to 4.7.205.0.  and it broke again. But on a few systems the reinstall corrected the issue. But roughly 80% of the computers on our network are not affected.
    Wednesday, February 11, 2015 9:03 PM
  • We have the same problem.

    (System Center Endpoint Protection)

    Thursday, February 12, 2015 2:35 PM
  • Thanks Jhowland. I tried a reinstall on a few machines and that seemed to resolve the issue. I've left it uninstalled on the remaining machines for the short-term and will reinstall on those a bit later. Hopefully this works for all of them.
    Friday, February 13, 2015 9:12 PM
  • No Problem. We've also found that renaming the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
    • Edited by Jhowland Monday, February 16, 2015 1:52 PM
    Monday, February 16, 2015 1:44 PM
  • Ok. So we have found a common factor so far…

    Devices that run the windows 8 to 8.1 upgrade are showing the fault. Any exceptions to file types etc do not work!  Going back to Client 4.6 solves this issue but means we are behind on the client version.

    Any machine that has been built from 8.1 as scratch do not have this fault. so far as we have seen so far

    We also upgraded to SCCM 2012R2 CU4 in a vein effort in case the policy xml’s changed but this did not solve anything. We have stopped rolling out 4.7 for now.

    Tuesday, February 17, 2015 1:56 PM
  • Thanks - I found that worked

    - Rename C:\Program Files\Windows Defender to Windows Defender.old

    I had to kill some handles in explorer.exe

    It seems that the same Dlls are in Microsoft Security Client - (MpOAv) but the Windows Defender version (now incompatible) are still loaded if a machine was upgraded from Win 8 to 8.1 (or was using Defender originally before System Center) ?

    Downloads still say they are being scanned - they are just not blocked from the start now !

    Thanks Again !!


    Mark Jones - Envision IT http://www.envisionit.com/


    Tuesday, February 17, 2015 3:11 PM
  • FYI - Microsoft has now acknowledged the issue and has finally pulled the bad update from Microsoft update.  A new update is coming soon.  More info: http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx
    • Marked as answer by Joyce L Thursday, February 26, 2015 10:07 AM
    Friday, February 20, 2015 1:37 PM