Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager

Let’s analyze the options to Fix SCCM SCEP Related Issues. In this post, I will try to cover the knowledge acquired from the field to fix different issues of Windows Defender or Endpoint Protection client (a.k.a SCEP?).

Don’t get confused between SCEP and Windows Defender or Endpoint Protection clients. All these are the same from an IT Professional perspective. Microsoft changed the name of SCEP to Windows Defender or Endpoint Protection client.

In this post, I’m sharing the information for Endpoint protection (defender) clients that are managed through Configuration Manager (a.k.a SCCM). Let me know in the comments section if you have any queries/concerns.

Patch My PC

Issue

Endpoint Protection manages antimalware policies and Windows Firewall security for client computers in our Configuration Manager hierarchy. Till here the statement is absolutely correct and SCEP does what it’s supposed to do but there are cases of offenders who refuse to get the regular definition updates from SCCM and make our entire infrastructure itself vulnerable.

We started this SCEP (Windows Defender or Endpoint Protection client) Remediation project early in 2019 and the task was simple. We just had to make sure all the clients in the infrastructure are running the latest definitions if they are connected to the network.

Sounds simple but when we did our hands dirty and started seeing different errors then we saw limited articles and fixes to help us achieve the goal.

There is not much information available on google too apart from the generic MS article https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/troubleshoot-endpoint-client and the one from Henrik Hoe https://blog.ctglobalservices.com/configuration-manager-sccm/heh/configuration-items-and-baselines-example-scep-client-compliance/

So finally we reached home to HTMD: https://forum.howtomanagedevices.com/ and tried.

Important – Read more about the question here: https://forum.howtomanagedevices.com/endpointmanager/configuration-manager/scep-definitions-not-updating-mecm-2002-adr/

If you are done reading the question then you noticed the HOD – Anoop C Nair Suggested opening a case with MS because of the complexity of the question.

Note: Most of the points explained in this blog are from several Microsoft forums and the data was collected from those including several other websites like CTGLOBAL (Link already given in the block above) MANAGE ENGINE, COMPARITECH, BERKELEY, SEARCHSECURITY TECH, TRUSTRADIUS, and REDDIT.

So without further delay let’s deep dive from page 1.

Objectives:

  1. The evolution of malware
  2. Overview of System Center Endpoint Protection
  3. Management + Security
  4. Overview of the Endpoint Protection client
1. In 1991, 1000 known threats, in 2001 there were 60,000
2. Today there are millions, and it’s growing every day
3. Sophistication and production rates continue to evolve
4. Anybody can do it—full malware suites available online
5. Your stuff is worth money, and they want it!

The below figure shows the current reprehensible entities

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

WHY SCEP?

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 1

Mgmt + Security In Configuration Manager

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 2
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Infrastructure Changes from FEP 2010

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Simplified Deployment of AM Policies

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 3

Signature Update Distribution

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 4

Simplified Client Setup

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 5

Client Deployment

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Single Interface For Management And Security

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 6

Monitoring Client Security

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 7

Rich Reporting And Analysis

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 8

Management and Real-time Monitoring

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 9

Real-time Administrative Actions

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 10

Real-time Administrative Actions in Endpoint Protection

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 11

Comprehensive Protection Stack

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 12

Dynamic Translation With Heuristics

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 13

Behavior Monitoring And Dynamic Signatures

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 14

Protect Clients With Reduced Complexity

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 15

Summary

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Managing Endpoint Protection client with Command Line Interface – MpCmdRun.exe

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Managing Definitions:

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Collecting SCEP support logs:

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 16

Endpoint Protection Log Files

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 17

WMI Namespace and Classes for System Center Endpoint Protection

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 18

AntiMalware Health Status

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 19

AntiMalware Infection Status

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager 20

Force State Message for SCEP on SCCM Client

Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender
Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender

Disclaimer – The information provided on site is for general informational purposes only. All information on the site is provided in good faith, however, we make no representation or warranty of any kind, express or implied regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the website.

Resources

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a logger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

2 thoughts on “Fix SCCM SCEP Related Issues | Client Side | ConfigMgr | Defender | Configuration Manager | Endpoint Manager”

  1. Hi Anoop. We have a problem in our environment where around 3k machines are still stuck on the anti malware engine version that’s shipped with 1909. Despite all efforts it’s not updating to latest anti malware version. Have already tried a few solutions posted on technet, but no joy so far. These machines however are up to date with virus definitions. Could you please advise, what are we not doing to fix aforementioned issue?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.