Endpoint Protection Policy not apply on new SCCM 2012 client 5.00.77.43

All replies

• 

  

  0

  Sign in to vote

  Hi,

  Thank you for the post.

  Microsoft has found this issue and the workaround is just to create new policies.

  Cause: The problem here is SP1 site will generate/update policy only if the custom AM policy is changed, if the AM policy is not change, no policy for SP1 client will be generated.

  Workaround: Create new Antimalware policies from a Customer Technology Preview site, and not use the antimalware policies you may have had defined in a ConfigMgr 2012 site.

  If there are more inquiries on this issue, please feel free to let us know.
   
  Regards

  ---

  Rick Tan

  TechNet Community Support

  

  Friday, June 29, 2012 5:24 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hy Rick,

  Thank you very much for your reply

  Could i import the policy and reapply on CTP site or need to create a new policy?

  now i put my laptop to new collection and do a new custom client policy (not import), but i need to use the same policy due to an exclusion for DC, FileServer, etc

  I give u an update in a couple of hour

  Zeno

  EDIT

  Rick i made a new policy and put my laptop and xp test client to a new collection and deploy to it, but nothing , always ANTIMALWARE POLICY was applied

  • Edited by ZenoDJ Friday, June 29, 2012 2:02 PM

  Friday, June 29, 2012 12:44 PM
• 

  

  0

  Sign in to vote

  Hi,

  Other suggestion is to change the policy (name or description) on SCCM console.

  If your clients do still show antimalware policy, I'd like suggest that you contact Microsoft Customer Service and Support (CSS) for this issue.

  How and when to contact Microsoft Customer Service and Support
  http://support.microsoft.com/kb/295539
  Regards

  ---

  Rick Tan

  TechNet Community Support

  

  • Marked as answer by Rick TanModerator Friday, July 6, 2012 2:12 AM

  Monday, July 2, 2012 2:37 AM

  Moderator
• 

  

  0

  Sign in to vote

  Hy Rick,

  unfortunately does not work

  Probably need to wait MS to resolve it

  Thank you for your cooperation!

  Zeno

  Thursday, July 5, 2012 1:56 PM
• 

  

  0

  Sign in to vote

  Hi,

  Hi have the same issue, since SP 1, the policy name is antimalware policy.

  Any feedback?

  Tahnks in advance.

  Tuesday, December 11, 2012 9:35 PM
• 

  

  0

  Sign in to vote

  Dear Manu Be

  It seems that "antimalware policy" is only a pure label

  Please look at your exclusion set and check if you find your custom exclusion

  in my environment my clients reports "antimalware policy" but they apply correctly our custom policy

  Let us know

  Zeno

  Wednesday, December 12, 2012 10:48 AM
• 

  

  0

  Sign in to vote

  Hi ZenoDJ,

  Right, the good exclusions are applied but without SP1, it was the real name of policy apllied.  It was very nice and very faster to check if good policy was applied...

  Now, you have to check exclusions to be sure...

  Cheers,

  Wednesday, December 12, 2012 12:59 PM
• 

  

  2

  Sign in to vote

  From What's New in Configuration Manager 2012 SP1 (http://technet.microsoft.com/en-us/library/jj591552.aspx):

  "Multiple antimalware policies that are deployed to the same client computer are now merged on the client. When two settings conflict, the highest priority option is used. Some settings are also merged, such as exclusion lists from separate antimalware policies. Client-side merge also honors the priority you have configured for each antimalware policy."

  In an environment that I'm currently working in, which uses a default EP policy as well as several additional policies based on the server/workstation function, some of the SCCM clients would receive up to 3 different EP policies based on different collection queries that the policies were deployed to. These policies become merged at the client level and I believe they are just represented as "Antimalware Policy" in the SP1 Endpoint Protection client.

  The best way that I've found to locally check what policies are actually applied to the client (besides looking in the SCCM console) is checking this registry key: HKLM\Software\Microsoft\CCM\EPAgent\LastAppliedPolicy

  • Proposed as answer by Josh Heffner Friday, January 11, 2013 6:09 PM

  Wednesday, January 2, 2013 8:02 PM
• 

  

  0

  Sign in to vote

  Hi ZendoDJ,

        Please check PolicyAgentProvider.log after refreshing Machine policies. If EP is the only changed policy you should see something like:

  --- Processing 1 settings change(s).	PolicyAgentProvider	16/05/2013 9:19:12 AM	21484 (0x53EC)
  --- [1] __InstanceModificationEvent settings change on object CCM_AntiMalwarePolicyClientConfig.SiteSettingsKey="{A9BF08A7-F25F-4CD0-9121-F6978FBB0A2F}/200_201_201".	PolicyAgentProvider	16/05/2013 9:19:12 AM	21484 (0x53EC)
  --- Begin Indicating 1 settings change(s).	PolicyAgentProvider	16/05/2013 9:19:12 AM	21484 (0x53EC)

  
  

  Here is what I have observed, even though the Policy Name is set to Antimalware Policy, the settings on the policy are applied correctly. Can you confirm this ?

  If I manually apply the policy with command line:  

  "C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" "C:\Temp\<MY POLICY>.xml"

  it shows the correct name and settings.

  --Pranav

  
  

  • Edited by Pranav Holavanahalli Wednesday, May 15, 2013 11:31 PM

  Wednesday, May 15, 2013 11:30 PM
• 

  

  0

  Sign in to vote

  Hi,

  I'm experiencing this issue also, except my settings are not getting applied.  See this thread:

  http://social.technet.microsoft.com/Forums/en-US/configmanagersecurity/thread/2ac7d2b8-0907-4dd3-8fe3-22eb83892171

  Has anyone seen anything like this?  I've got a case open with PSS but so far no luck. 

  Friday, June 7, 2013 1:22 AM
• 

  

  0

  Sign in to vote

  Hy Pranav,

  Sorry for no quick response

  Well ... i followed your step and have the same situation, manually applied my xml and all was applied correctly 

  My situation before your step is that policy was succesfully applied and "antimalware policy" was only a pure label. All exclusion succesfully update ... now i have label correct

  i update all my client to 5.00.7804.1202 

  
  

  Friday, June 7, 2013 9:06 AM
• 

  

  0

  Sign in to vote

  Hy jfergus

  thank you for your reply 

  As you read in my case settings are applied and "antimalware policy" is only a label .... 

  you find/have a very good guide to troubleshoot FEP policy!!!! Good shot!!!

  Zeno

  Friday, June 7, 2013 9:08 AM