locked
Notification of disabled Endpoint Protection clients RRS feed

  • Question

  • We're running Configuration Manager 2012 SP1. I've discovered that Endpoint Protection became disabled on one of our clients. (There are errors in the Windows Application event log with Event ID 2002 saying "There was an error 0x8050800d in creating the Antimalware Health State WMI instance" and "There was an error 0x8050800d in creating the Antimalware Infection State WMI instance".) 

    I'm not particularly concerned about trying to repair this client as I suspect it will be easier to reimage the machine. However, I am concerned that I did not get any notification that the client was disabled. In the "System Center 2012 Endpoint Protection Status" view, the client is listed under "Active clients protected with Endpoint Protection" as if it is working fine.

    How do I ensure that I get notified when the Endpoint Protection client stops working?

    • Changed type Ryan G. Steele Wednesday, September 25, 2013 4:25 PM I'm unable to perform any further troubleshooting of the issue
    • Changed type Garth JonesMVP Saturday, September 28, 2013 4:28 PM it is a question
    Monday, September 16, 2013 7:07 PM

Answers

  • Hi Garth,

    As I mentioned, the client was appearing under "Active clients protected with Endpoint Protection", not under any of the other categories.

    Unfortunately (or fortunately, depending on your point of view), after two months of being broken the client seems to have magically repaired itself, which will preclude any further troubleshooting. 

    I see that Microsoft has just released a cumulative update for Configuration Manager which includes an update of the SCEP client, so perhaps this issue has been resolved. In the meantime, others may want to double-check the logs on their clients. They may not be protected, despite what the CM12 console reports.

    • Proposed as answer by Garth JonesMVP Saturday, September 28, 2013 4:28 PM
    • Marked as answer by Garth JonesMVP Saturday, October 5, 2013 2:20 PM
    Wednesday, September 25, 2013 4:25 PM

All replies

  • Have you look at the Active Client at risk within the SCEP selection of CM12 Console or the SCEP report?


    http://www.enhansoft.com/

    Saturday, September 21, 2013 2:37 PM
  • Hi Garth,

    As I mentioned, the client was appearing under "Active clients protected with Endpoint Protection", not under any of the other categories.

    Unfortunately (or fortunately, depending on your point of view), after two months of being broken the client seems to have magically repaired itself, which will preclude any further troubleshooting. 

    I see that Microsoft has just released a cumulative update for Configuration Manager which includes an update of the SCEP client, so perhaps this issue has been resolved. In the meantime, others may want to double-check the logs on their clients. They may not be protected, despite what the CM12 console reports.

    • Proposed as answer by Garth JonesMVP Saturday, September 28, 2013 4:28 PM
    • Marked as answer by Garth JonesMVP Saturday, October 5, 2013 2:20 PM
    Wednesday, September 25, 2013 4:25 PM