locked
Endpoint Protection not installing with default client RRS feed

  • Question

  • I am testing pushing out clients now with the default policy for both the client and endpoint. When the client finishes from the push install I only see system center 2012 installed on the computer. Endpoint protection is not installed. I can verify on the local disk that the ccmsetup folder does have all the contents of the package but endpoint doesn't seem to be installing. Am I missing somthing here? Thanks.
    Friday, April 26, 2013 7:09 PM

Answers

  • Endpoint Protection is not enabled in by default. You should eitehr edit the default client settings policy to have endpoint protection enabled. A better option would actually be to create a custom machine policy and deploy that custom one to systems and enable Enpoint on that policy. Once this poicy is enable to EP client will be installed on next machine poicy refresh 60 minutes by default.

    Justin Chalfant | Blog: setupconfigmgr.com | SCUP Catalog: patchmypc.net/scup | Please mark as helpful/answer if this resolved your issue

    Friday, April 26, 2013 7:24 PM

All replies

  • Endpoint Protection is not enabled in by default. You should eitehr edit the default client settings policy to have endpoint protection enabled. A better option would actually be to create a custom machine policy and deploy that custom one to systems and enable Enpoint on that policy. Once this poicy is enable to EP client will be installed on next machine poicy refresh 60 minutes by default.

    Justin Chalfant | Blog: setupconfigmgr.com | SCUP Catalog: patchmypc.net/scup | Please mark as helpful/answer if this resolved your issue

    Friday, April 26, 2013 7:24 PM
  • Hi,

    To add to Justin's answer you can troubleshoot the Endpoint Protection client installation in the "EndpointProtectionAgent.log" file on the client.

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Friday, April 26, 2013 7:58 PM
  • Hi Justin,

    Under my default client settings I do have "install endpoint protection client on client computers" option set to Yes. I did notice that the column labeled deployments has 0 listed under it for "Default Client Settings". Is it possible the default settings are not getting pushed out during the install?

    Friday, April 26, 2013 8:34 PM
  • No, default client settings are by default applicable to all systems. Note that until the client downloads policy for the first time, it does not know about these settings though. Thus, is the system properly communicating with the site and downloading policy.

    Additionally, just like with Group Policy, its bad form to edit the default settings; you should always create new settings packages to modify the default settings.


    Jason | http://blog.configmgrftw.com


    Saturday, April 27, 2013 4:02 AM
  • Here is an output from the endpointprotectionagent.log file. How can I test that the client is communicating properly with the primary site? I do see the client showing up under the collection with the client status "yes" the required site code, and the client activity set to "Active". One thing I did notice is that if i manually install endpoint it will install but it will not be detected under the endpoint status under monitoring.

    <![LOG[Service startup notification received]LOG]!><time="09:13:52.389+420" date="04-29-2013" component="EndpointProtectionAgent" context="" type="1" thread="3436" file="fepsettingendpoint.cpp:291">
    <![LOG[Endpoint is triggered by CCMTask Execute.]LOG]!><time="09:13:52.405+420" date="04-29-2013" component="EndpointProtectionAgent" context="" type="1" thread="3064" file="fepsettingendpoint.cpp:265">
    <![LOG[Deployment WMI is NOT ready.]LOG]!><time="09:13:52.436+420" date="04-29-2013" component="EndpointProtectionAgent" context="" type="1" thread="3064" file="epagentimpl.cpp:725">

    Monday, April 29, 2013 7:25 PM