cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
System Center Endpoint Protection Client reporting issues after installing KB3025417 on Windows 8.1
By
Yvette O'Meally
Published Oct 16 2018 07:16 PM 842 Views
Yvette O'Meally
Microsoft
‎Oct 16 2018 07:16 PM

System Center Endpoint Protection Client reporting issues after installing KB3025417 on Windows 8.1

‎Oct 16 2018 07:16 PM
First published on TECHNET on Jun 18, 2015
Author:  Brian Huneycutt, Software Engineer, Enterprise Client and Mobility

Several customers have reported that the System Center 2012 Endpoint Protection (SCEP) client stops reporting any status to System Center 2012 Configuration Manager sites when the following update is installed on Windows 8.1 clients:
KB3025417 March 2015 antimalware platform update for Windows Defender in Windows 8.1 and Windows...

Clients will record errors that resemble the following in the ExternalEventAgent.log file.

WMI callback for machine notification (SELECT * FROM __InstanceOperationEvent WITHIN 30 WHERE TargetInstance ISA "MSFT_MpComputerStatus") in scope (\.rootMicrosoftProtectionManagement) for group 'EndpointProtection' is not registered.

And

Failed to get the wmi query result for error = 80041055

To prevent this issue from continuing we have revised the detection logic for KB3025417; as of Friday June 12, 2015 it is no longer offered to clients that are also running System Center Endpoint Protection.

Uninstalling KB3025417 from affected computers, followed by reinstalling the SCEP client, resolves the reporting issue. As an alternative to uninstalling the update, run the following command on the client to restore reporting functionality. Restart the computer afterward for the provider change to take effect.

Register-CimProvider.exe -ProviderName ProtectionManagement -Namespace rootmicrosoftProtectionManagement -Path "C:Program FilesMicrosoft Security ClientProtectionMgmt.dll" -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate

This interoperability issue between Windows Defender and System Center Endpoint Protection will be resolved in future platform updates for Windows Defender.

--Brian Huneycutt

Configuration Manager Resources

Documentation Library for System Center 2012 Configuration Manager

System Center 2012 Configuration Manager Forums

System Center 2012 Configuration Manager Survival Guide

System Center Configuration Manager Support

Submit Configuration Manager Product Ideas

Report Configuration Manager Product Issues

This posting is provided "AS IS" with no warranties and confers no rights.

0 Likes
Like
Version history
Last update:
‎Oct 16 2018 07:16 PM
Updated by:
Labels