How do you troubleshoot SCCM Endpoint client?

I recently needed to add some directory exclusions to my Endpoint Protected clients. I made the change to the malware policy "FEP10 Std Desktop"  in the SCCM R2 console but my clients never get/applies the update the info. When looking at the "EndpointProtectionAgent.log" I see the following...

-----------------------------------------------------------------------------------------------------------------------------------

Endpoint is triggered by message. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
File C:\windows\ccmsetup\SCEPInstall.exe version is 4.3.220.0. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP version 4.5.216.0 is already installed. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP 4.5.216.0 is installed, version is higher than expected installer version 4.3.220.0. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Check and enforce EP Deployment state. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP Client is already installed, will NOT trigger reinstallation. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Sending message to external event agent to test and enable notification EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Sending message to endpoint ExternalEventAgent EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
EP Policy Default Client Antimalware PolicyFEP10 Std Desktop is already applied. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Firewall provider is installed. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Installed firewall provider meet the requirements. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
start to send State Message with topic type = 2001, state id = 3, and error code = 0x00000000 EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)
Skip sending state message due to same state message already exists. EndpointProtectionAgent 4/1/2015 9:11:00 AM 11984 (0x2ED0)

----------------------------------------------------------------------------------------------------------------------------------

This blob of log messages repeats every 2hrs.

There are only two policies configured "Default Client Antimalware Policy" Order 10000 and "FEP10 Std Desktop" Order 1.

Any ideas on how to troubleshoot this?

I thank you all in advance.

April 1st, 2015 1:52pm
Verify that you have actually deployed the "FEP10 Std Desktop" policy to a collection containing the device(s) that you are troubleshooting.
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2015 4:42pm
Verify that you have actually deployed the "FEP10 Std Desktop" policy to a collection containing the device(s) that you are troubleshooting.
April 1st, 2015 8:40pm
Verify that you have actually deployed the "FEP10 Std Desktop" policy to a collection containing the device(s) that you are troubleshooting.
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2015 8:40pm
Verify that you have actually deployed the "FEP10 Std Desktop" policy to a collection containing the device(s) that you are troubleshooting.
April 1st, 2015 8:40pm
Verify that you have actually deployed the "FEP10 Std Desktop" policy to a collection containing the device(s) that you are troubleshooting.
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2015 8:40pm

Hi,

What's the version of your SCCM? If that is SCCM 2012, check the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy and see which policies are applied.

System Center Configuration Manager 2012 SCEP Policy behavior

Best Regards,

Joyce

April 3rd, 2015 4:03am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics