So, we deploy Endpoint Protection in our business.
This will in my experience run very smooth, with very little complications.
I've worked with lots of different Malware products since 1993, more and more experience with this great malware product from Microsoft over the past 4 years. I would recommend all that now run FEP 2010 to head for SCEP 2012 included and totally integrated into SCCM 2012.
It more easy to handle, it still uses very little resources compared to others, and even grater protection than before. All in the same smooth running SCCM 2012 console, and benefits from the power of SCCM functions, like ensuring that the Malware agent is working and healthy, built in policys for AD, Exchange, SQL, SCOM, SCCM, File Servers, etc.. And with combining the power of SCCM you could then automatically apply the correct policy for each of these kind of servers, with using AD OU or Group Collections membership or inventory.
It also gives you even better visable controll in the Console now.
You will discover that deploying Endpoint Protection to your business will be very easy.
Now some of your clients will have issues, that need to be resolved.
But way do we have these kinds of error now, and not when I was running FEP?
We I think you did, but it was hard to discover in the SCCM 2007.
And why not run a different Malware product? Well, yes you could run a different Malware and Management product. But that would only conceal these kinds of errors that are related to basic funtions of the OS. Microsoft integrate product and use functions that is allready there in the OS, like Policy, Windows Update, etc.. And yes for Endpoint Protection also the great management product Configuration Manager to handle it, and make sure its working well.
Anyway, we look further into the few clients marked Critical and how we can resolv some issues:
We click in Monitoring - System Center 2012 Endpoint Protection Status
And click on Active Clients at Risk....
This will open a Collection for you containing the machines that have issues with either the SCCM Client Agent or the SCEP Malware agent.
In this example is the error: Failed to open the local machine Group Policy.
Now, why this happens to some clients we dont know yet, but could be a corrupt file, resulting in that even Group Policys will be having difficulties applying correctly.
Anyway, we have to resolve this.
How to fix this?
Browse to the Clients Windows\System32\GroupPolicy\Machine\
And delete the file: Registry.pol
The restart the Clients Service : SMS Agent..
In the log you will now see that its Applying the Policy fine:
And eventually in the Console, when its reported back. It will tell you this status.
In some cases I have Uninstall the SCCM Client, and reinstalled it.
If you want to automate the deletion of the Registry.pol file, just create a Program in SCCM and deploy it With this command:
cmd /c DEL "C:\Windows\system32\grouppolicy\machine\Registry.pol" /Q /S>NUL