none
Revert an EndPoint 2012 definition update RRS feed

  • Question

  •  

    Folks,

    We are testing out the ConfigMgr 2012 EndPoint Protection client. One of my peers has asked a good "If" question. "If Microsoft releases a bad definition, how easy is it to revert to the last one"? A bad definition being a blue screen or eating files it should not.

     

    I found a command line switch to revert the definition for the 2010 client.

    MpCmdrun –RemoveDefinitions

    Is that switch still valid? Also, how could we revert a large number of clients at one time?

    Regards,

    SCCM Ranger

    Wednesday, May 16, 2012 7:29 PM

Answers

  • Hello SCCM Ranger,

    All "MpCmdRun.exe" commands which are available in Forefront Endpoint Protection (FEP) will also apply to System Center Endpoint Protection (SCEP). 

    The setting for "RemoveDefinitions" is documented at the System Center Endpoint Protection Technet site under "Troubleshooting Update Issues" :  http://technet.microsoft.com/en-us/library/ff823818.aspx  (Updated: April 1, 2012)

    The location for the MpCmdRun.exe is at: C:\Program Files\Microsoft Security Client

    Usage:
    MpCmdRun.exe [command] [-options]


       -RemoveDefinitions [-All]                  Restores the installed
                                                  signature definitions
                                                  to a previous backup copy or to
                                                  the original default set of
                                                  signatures
                          [-DynamicSignatures]    Removes only the dynamically
                                                  downloaded signatures
        -RemoveDefinitions
          Restores the last set of signature definitions

          [-All]
          Removes any installed signature and engine files. Use this
          option if you have difficulties trying to update signatures.

          [-DynamicSignatures]
          Removes all Dynamic Signatures.


    There may also be options to create a StartUp or Logon script via a GPO, as well as being able to include a script into a package via the Configuration Manager, as well as Windows Management Instrumentation Command-line (WMIC), which uses the power of Windows Management Instrumentation (WMI) to enable systems management from the command line

    The following 2 links give you a decent overview of what is achievable using wmic:

    http://technet.microsoft.com/en-us/magazine/2006.09.wmidata.aspx
    http://technet.microsoft.com/en-us/library/bb742610.aspx

     

    Regards,

    Al

    Al Knecht, MCSE 2008, MCTS Server 2008 & FCS, MCITP Server 2008, MCSA 2003, CISSP®

    Microsoft Security Support Engineer

     

     

     

    • Proposed as answer by Al Knecht Tuesday, May 22, 2012 12:42 AM
    • Marked as answer by Rick TanModerator Thursday, May 24, 2012 1:24 AM
    Tuesday, May 22, 2012 12:42 AM

All replies

  • Hello,
     
    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Regards,


    Rick Tan

    TechNet Community Support

    Friday, May 18, 2012 4:49 AM
    Moderator
  • Hello SCCM Ranger,

    All "MpCmdRun.exe" commands which are available in Forefront Endpoint Protection (FEP) will also apply to System Center Endpoint Protection (SCEP). 

    The setting for "RemoveDefinitions" is documented at the System Center Endpoint Protection Technet site under "Troubleshooting Update Issues" :  http://technet.microsoft.com/en-us/library/ff823818.aspx  (Updated: April 1, 2012)

    The location for the MpCmdRun.exe is at: C:\Program Files\Microsoft Security Client

    Usage:
    MpCmdRun.exe [command] [-options]


       -RemoveDefinitions [-All]                  Restores the installed
                                                  signature definitions
                                                  to a previous backup copy or to
                                                  the original default set of
                                                  signatures
                          [-DynamicSignatures]    Removes only the dynamically
                                                  downloaded signatures
        -RemoveDefinitions
          Restores the last set of signature definitions

          [-All]
          Removes any installed signature and engine files. Use this
          option if you have difficulties trying to update signatures.

          [-DynamicSignatures]
          Removes all Dynamic Signatures.


    There may also be options to create a StartUp or Logon script via a GPO, as well as being able to include a script into a package via the Configuration Manager, as well as Windows Management Instrumentation Command-line (WMIC), which uses the power of Windows Management Instrumentation (WMI) to enable systems management from the command line

    The following 2 links give you a decent overview of what is achievable using wmic:

    http://technet.microsoft.com/en-us/magazine/2006.09.wmidata.aspx
    http://technet.microsoft.com/en-us/library/bb742610.aspx

     

    Regards,

    Al

    Al Knecht, MCSE 2008, MCTS Server 2008 & FCS, MCITP Server 2008, MCSA 2003, CISSP®

    Microsoft Security Support Engineer

     

     

     

    • Proposed as answer by Al Knecht Tuesday, May 22, 2012 12:42 AM
    • Marked as answer by Rick TanModerator Thursday, May 24, 2012 1:24 AM
    Tuesday, May 22, 2012 12:42 AM
  • Thanks for the reply. Very helpful.
    Thursday, May 24, 2012 6:58 PM