Skip to content

Enterprise Mobility + Security


Author:  Brian Huneycutt, Software Engineer, Enterprise Client and Mobility

Several customers have reported that the System Center 2012 Endpoint Protection (SCEP) client stops reporting any status to System Center 2012 Configuration Manager sites when the following update is installed on Windows 8.1 clients:
KB3025417 March 2015 antimalware platform update for Windows Defender in Windows 8.1 and Windows 8

Clients will record errors that resemble the following in the ExternalEventAgent.log file.

WMI callback for machine notification (SELECT * FROM __InstanceOperationEvent WITHIN 30 WHERE TargetInstance ISA “MSFT_MpComputerStatus”) in scope (\.rootMicrosoftProtectionManagement) for group ‘EndpointProtection’ is not registered.

And

Failed to get the wmi query result for error = 80041055

To prevent this issue from continuing we have revised the detection logic for KB3025417; as of Friday June 12, 2015 it is no longer offered to clients that are also running System Center Endpoint Protection.

Uninstalling KB3025417 from affected computers, followed by reinstalling the SCEP client, resolves the reporting issue. As an alternative to uninstalling the update, run the following command on the client to restore reporting functionality. Restart the computer afterward for the provider change to take effect.

Register-CimProvider.exe -ProviderName ProtectionManagement -Namespace rootmicrosoftProtectionManagement -Path “C:Program FilesMicrosoft Security ClientProtectionMgmt.dll” -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate

This interoperability issue between Windows Defender and System Center Endpoint Protection will be resolved in future platform updates for Windows Defender.

–Brian Huneycutt

Configuration Manager Resources

Documentation Library for System Center 2012 Configuration Manager

System Center 2012 Configuration Manager Forums

System Center 2012 Configuration Manager Survival Guide

System Center Configuration Manager Support

Submit Configuration Manager Product Ideas

Report Configuration Manager Product Issues

This posting is provided “AS IS” with no warranties and confers no rights.