I recently needed to add some directory exclusions to my Endpoint Protected clients. I made the change to the malware policy "FEP10 Std Desktop" in the SCCM R2 console but my clients never get/applies the update the info. When looking at the "EndpointProtectionAgent.log" I see the following...
-----------------------------------------------------------------------------------------------------------------------------------
Endpoint is triggered by message. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
File C:\windows\ccmsetup\SCEPInstall.exe version is 4.3.220.0. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP version 4.5.216.0 is already installed. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP 4.5.216.0 is installed, version is higher than expected installer version 4.3.220.0. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Check and enforce EP Deployment state. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Sending message to external event agent to test and enable notification EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP Policy Default Client Antimalware PolicyFEP10 Std Desktop is already applied. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Firewall provider is installed. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Installed firewall provider meet the requirements. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
----------------------------------------------------------------------------------------------------------------------------------
This blob of log messages repeats every 2hrs.
There are only two policies configured "Default Client Antimalware Policy" Order 10000 and "FEP10 Std Desktop" Order 1.
Any ideas on how to troubleshoot this?
I thank you all in advance.