none
System Center Endpoint Protection 4.7.205.0 ignoring MAPS-Setting from Antimalware Policy

    Question

  • Hi,

    since the February 2015 Endpoint Protection update it seems that EP is ignoring the MAPS Setting in the Antimalware Policy.

    Users Keep getting Messages like:

    Before the update this message never came up.

    The Policy is set to "Do not join MAPS" and not allow User to Change MAPS Setting:

    Does anybody know how to bring EP to NOT ignore those Settings?

    Thanks!

    Christian

    Thursday, February 12, 2015 11:29 AM

Answers

All replies

  • Hi,

    We got the same message here after the last februari update in our environment.

    Thursday, February 12, 2015 12:19 PM
  • Hi,

    As the documentation for the Update states that the ADMX files are updated, a GPO could be one option.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Thursday, February 12, 2015 1:06 PM
  • Hi Jörgen,

    thought of that too. But i don´t find a new Setting.

    I assume that the policysettings Administrative Templates\Windows Components\Windows Defender\MAPS

    - Join Microsoft MAPS and

    - Configure local Setting override for reporting to Microsoft MAPS

    configure the registry Settings

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet\SpyNetReporting and HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet\LocalSettingOverrideSpyNetReporting

    Both are set to 0x00000000 which should stop MAPS.

    I cannot find any new ADMX file, do you have a hint where to find it?

    Thanks

    Christian

    Thursday, February 12, 2015 1:20 PM
  • I actually think that Forefront Endpoint Protection 2010 Tools still work for SCEP2012, if you fancy that: http://www.microsoft.com/en-gb/download/details.aspx?id=13088

    Though I also think, that the .admx files for FEP2010 does the same thing as the policies for Windows Defender.

    I have updated the SCEP client too, but haven't had the pleasure of any malware yet to see if the MAPS settings no longer work.

    Ps. there are no new settings for MAPS in the policies, but I think Jörgen just meant that policies was an another option to disable MAPS.


    Martin Bengtsson | www.imab.dk



    Thursday, February 12, 2015 2:18 PM
  • Hi Martin,

    yes they do. That´s the way I set how deep archives should be scanned.

    The Thing is, that the Software which is alarmed to be suspicious is not malware...

    I think we´ll have to wait... Maybe the next Definition update helps...

    Thanks

    Christian

    Thursday, February 12, 2015 2:25 PM
  • I have had the first few users calling our helpdesk with the same issue. Sigh..

    Martin Bengtsson | www.imab.dk

    Friday, February 13, 2015 11:25 AM
  • Hi,

    The KB article is updated with information about this. See this post. https://social.technet.microsoft.com/Forums/en-US/cbad16fe-94df-46f6-a38b-38489cdfb02a/endpoint-protection-popups?forum=configmanagersecurity

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Friday, February 13, 2015 7:04 PM