locked
Help with Application for Endpoint Protection RRS feed

  • Question

  • I created an application to install System Center Endpoint Protection, because we are using Symantec Endpoint Protection 12.1.3, which is unsupported for SCEP to remove.  With the application I set it to supersede our SEP 12.1 client and remove any previous software. I created a previous thread, located here: http://social.technet.microsoft.com/Forums/en-US/38a476b3-0e71-4e80-b348-81143fa5cefe/creating-an-application-for-sc-endpoint-protection?forum=configmanagergeneral.

    The initial test works, our SEP is removed and SCEP is installed, however the client takes anywhere from 3-5 hours before SCEP pulls down the correct Anti-Malware policy and applies the latest definitions.  The time frame for this is longer then we want, rebooting the computer or going into the SCCM client and running the actions does not seem to speed up the process.

    At the moment, the command that works is "scepinstall.exe" /s /q,  what I attempted to do was export the current anti-malware policy and run the command "scepinstall.exe" /s /q /policy "Malware.xml", however this does not seem to work, in SCCM or running the command via a command prompt.  The only way it would is if I fully defined the path the of the xml such as, scepinstall.exe /s /q /policy C:\Windows\CCMCache\2\malware.xml, but this command does not work in SCCM, only via the command prompt.  As well defining the policy doesn't seem to do anything, when I open SCEP, I cannot enter the history or settings tab. Even if it did I could not guarantee that the path would remain constant. 

    1. It seems odd that it can take 3-5 hours before SCEP pulls down its policy, is this normal when installing without a defined policy?
    2. Is there a setting that I need to change somewhere that is defining when the client can check in for a new Anti-malware policy? The SCCM client is checking the default time of 60 mins.
    3. Is there a way to define the policy on the install any other way?
    4. Is there something I am missing? 
    • Moved by TorstenMMVP Monday, March 3, 2014 3:11 PM moved
    Monday, March 3, 2014 2:59 PM

Answers

All replies

  • Hi,

    I normally use a custom task sequence when swithing the antivirus, here is a great way of doing it solving the initial download of the definition updates as well from a package works great for OSD as well. http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/

    using the cache\2 is not a really good idea as it will not be same between computer, put the command line in a .cmd file and use the %~dp0 variable for current directory "scepinstall.exe /s /q /policy %~dp0EPAMPolicy2.xml" .

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Monday, March 3, 2014 3:39 PM
  • The way Jörgen is using is what I recommend you do.

    2. The only way is to change the Client Setting polling interval.


    Juke Chou

    TechNet Community Support

    Tuesday, March 4, 2014 2:08 PM