FEP client issue


  • Here I was, thinking that my install went so smoothly, and everything was working.  Ah well, that's Microsoft for ya ;)

    I have 2 of my FEP clients that are having issues.  On the machines themselves, FEP is saying "Forefront Endpoint Protection isn't monitoring your computer because the program's service stopped.  You should restart it now."  Well, thank you for letting me know that.  I'll just click this huge Start now button.  Click - new error message:  "Couldn't start the Forefront Endpoint Protection service.  It is illegal to call out while inside message filter.  Click Help for more information about this problem."  Support info:  Error code:  0x80010005.  Clicking Help just takes you to Technet's FEP pages.

    Looking at my services, I don't see any Forefront Endpoint Protection service.  Not even on my machines that are not having an issue.  I do, however, see a Microsoft antimalware service, which is Started on the problem box.

    Anyone have any ideas on how to get this box working properly?  I've already tried simply rebooting, with no effect.

    Tuesday, January 11, 2011 8:43 PM

All replies

  • Hi!

    There should be 2 services, Microsoft Antimalware Service and Microsoft Network Inspection.

    Any clues in the eventlog?. if you clear the log and try to start the service again, both from the FEP UI and right clicking the service in services.msc. doyou have any clues in the eventlog?

    have you tried to reinstall the FEP client?


    MCSE, forefront spec |
    Wednesday, January 12, 2011 4:30 PM
  • Johan,

    Thanks for the reply.  Sorry for my delay, I was out yesterday.

    There are 2 services, the Microsoft Antimalware Service is showing in a Started state, and Automatic startup.  The Microsoft Network Inspection is in a Stopped state, with a Manual startup.

    I cleared the logs, and when I click the button from the UI, the only thing I get in the event logs is an Informational note in the Application log:  Event ID: 1001, Category: None, Source: Windows Error Reporting.

    I have not tried reinstalling the FEP client.  Would you recommend a manual install, or simply uninstall, and push a deployment again?

    Thursday, January 13, 2011 9:11 PM
  • So this morning I come into work, and log into the SCCM box.  I open up Collections -> FEP Collections -> Definition Status, and see that all my clients, including the two that are having the above error issue, are listed under Up to Date.

    So I then RDP into one of the affected clients.  The FEP UI is still red, and still says that the service is stopped and I should restart it.  I still get the same error if I click on the big red button.  Looking at services.msc, I see that the Microsoft Antimalware service is indeed started.  I decide to test something, so I stop the service manually, go back into the FEP UI and click the big red button.  I still get the same error message, but it takes a lot longer to come up, and when I go back into services, the Microsoft Antimalware service is in the Started state again.

    So, it looks like this client is actually running FEP, and apparently with up to date definitions, but the FEP UI is not showing this.

    Friday, January 14, 2011 5:34 PM