The article below describes an anti-malware platform update package for the following:
- Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients - Microsoft System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients - Microsoft Forefront Endpoint Protection 2010 clients
These packages update Endpoint Protection client services, drivers, and user interface (UI) components.
This anti-malware platform update contains the following improvements:
- Improved scanning for MBR/VBR detections and advanced bootkits- Dynamic registry key hardening to counter tampering from malware- Disk space optimization for Low end devices- Shortening fallback time to ADL for signatures
For complete details please see the following:
KB2998627 - October 2014 anti-malware platform update for Endpoint Protection clients (http://support.microsoft.com/kb/2998627)
J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division
Get the latest System Center news on Facebook and Twitter:
System Center All Up: http://blogs.technet.com/b/systemcenter/ System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/ System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/ System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/ System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
Windows Intune: http://blogs.technet.com/b/windowsintune/ WSUS Support Team blog: http://blogs.technet.com/sus/ The RMS blog: http://blogs.technet.com/b/rms/
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
ConfigMgr 2012 R2 SCEP 2012 R2
Forefront Endpoint Protection 2010 clients managed by System Center Configuration Manager 2007 may appear in the “Out of Date” deployment status collection after an anti-malware platform update is installed via Microsoft Update.
This issue occurs because the “Out of Date” collection checks for the version of the 'Microsoft Forefront Endpoint Protection 2010 Server Management' entry in Add/Remove programs data, however this data is not updated by anti-malware platform updates released to Microsoft Update.
For information about a hotfix that addresses this issue please see the following article in the Microsoft Knowledge Base:
KB2975384 - Up to date Forefront Endpoint Protection 2010 clients listed in the “Out of Date” collection (http://support.microsoft.com/kb/2975384)
Windows Intune: http://blogs.technet.com/b/windowsintune/ WSUS Support Team blog: http://blogs.technet.com/sus/ The AD RMS blog: http://blogs.technet.com/b/rmssupp/
Just wanted to let you know about a new KB article we published that outlines the supported usage of wildcard characters with exclusions for the following products:
- Microsoft Forefront Client Security (FCS)
- Microsoft Forefront Endpoint Protection (FEP) 2010
- Microsoft System Center 2012 Endpoint Protection (SCEP 2012)
- Microsoft System Center 2012 R2 Endpoint Protection (SCEP 2012 R2)
- Microsoft Antimalware for Azure
You can find the complete article here:
KB2962341 - Supported usage of wildcard characters with exclusions (http://support.microsoft.com/kb/2962341)
The KB article below describes an anti-malware platform update package for the following clients:
- Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients
- Microsoft System Center 2012 Configuration Manager Endpoint Protection Service Pack 1 (SP1) clients
- Microsoft Forefront Endpoint Protection 2010 clients.
These packages update Endpoint Protection client services, drivers, and UI components.
Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated March 2014.
For additional details as well as information on how to obtain the update, please see the following:
KB2952678 - March 2014 anti-malware platform update for Endpoint Protection clients (http://support.microsoft.com/kb/2952678)
When System Center 2012 Endpoint Protection (SCEP 2012) for Mac runs a scheduled weekly scan, it may unexpectedly scan all network mounted drives such as Server Message Block (SMB) share folders and Andrew File System (AFS) share folders. This may cause System Center 2012 to scan the files on hundreds of servers. This issue occurs because on Mac computers, all drives are mounted to the "/Volumes" path. The root path is mounted to the "/" path and has a symbolic link under the "/Volumes" path. Therefore, System Center 2012 Endpoint Protection for Mac cannot include or exclude drives from scanning.
For all the details and a workaround please see the following:
KB2937878 - Exclude mounted volumes from the weekly on-demand scan in System Center 2012 Endpoint Protection for Mac (http://support.microsoft.com/kb/2937878)
Starting April 8th, Microsoft will release all anti-malware platform updates for Forefront Endpoint Protection (FEP) and System Center 2012 Endpoint Protection (SCEP) through Microsoft Update (MU). To deliver the latest anti-malware platform updates to enterprise customers in a timely fashion, these updates will be made available approximately three times per year. For more details please see this post by Minfang Lv, Software Development Engineer in Test, Configuration Manager Sustained Engineering:
Anti-malware platform updates for Forefront Endpoint Protection/System Center Endpoint Protection will be released to Microsoft Update
Concerned about how SCEP 2012 and FEP 2010 will work when an OS reaches it’s end of life? Check out this post by Minfang Lv, Software Development Engineer in Test, for all the details:
FEP and SCEP anti-malware protection support after OSes reach end-of-life
This article describes an anti-malware platform update package for the following clients:
These packages update Endpoint Protection client services, drivers, and UI components. Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated November 2013.
For additional details and a link to the update, please see the following:
KB2907566 - November 2013 anti-malware platform update for Endpoint Protection clients (http://support.microsoft.com/kb/2907566)
Consider the following scenario. You log on to your system and notice a spinning icon for Microsoft Forefront Endpoint Protection 2010 (FEP 2010) or Microsoft System Center 2012 Endpoint Protection (SCEP 2012). You open the application UI and notice that a scan is running. In this scenario, the value that is displayed for Start time in the application UI may not reflect the actual start time of the scan in progress if the scan was started before you logged on.
For more information on this issue and instructions on how to determine when a scan in progress was started please see the following:
KB2896610 - Endpoint Protection client UI displays an incorrect "Start time" value for a scan in progress (http://support.microsoft.com/kb/2896610)
scvmm 2012
This article introduces the support policy for Microsoft System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection to manage server software in the Windows Azure Virtual Machine environment (infrastructure-as-a-service).
System Center 2012 Configuration Manager Service Pack 1 (SP1) or later versions and System Center 2012 Endpoint Protection SP1 or later versions support two specific scenarios to manage server software in the Windows Azure Virtual Machine environment.
For information on these scenarios please see the following:
KB2889321 - System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection support for Windows Azure Virtual Machines (http://support.microsoft.com/kb/2889321)
Configmgr 2012 scep 2012
This article describes an anti-malware platform update package for Microsoft Forefront Endpoint Protection 2010 clients. This package updates Endpoint Protection client services, drivers, and user interface components.
Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated August 2013.
For all the details including what’s fixed and a download link, please see the following:
KB2864366 - An anti-malware platform update for stand-alone Forefront Endpoint Protection 2010 clients is available from Microsoft Update (http://support.microsoft.com/kb/2864366)
We have a new Knowledge Base article out that describes an anti-malware platform update package for both Microsoft System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients and Microsoft Forefront Endpoint Protection 2010 clients. These packages update Endpoint Protection client services, drivers, and user interface components.
Note This update applies only to Endpoint Protection clients that are integrated with Microsoft System Center 2012 Configuration Manager or Microsoft System Center Configuration Manager 2007.
For details on what’s improved as well as a download link please see the following:
KB2865173 - An anti-malware platform update for Endpoint Protection clients is available from Microsoft Support (http://support.microsoft.com/kb/2865173)
Behavior Monitoring (BM) has been a vital part of finding new malware through our telemetry and sample collection processes since 2010. It’s also a protection feature, which I’ll discuss below. Our recent antimalware platform update has introduced network real-time inspection (NRI) to BM, giving much-needed network behavior coverage. NRI uses the same components as another feature in the platform, Network Inspection System (NIS), but does so in a significantly different way…
Read the complete post at http://blogs.technet.com/b/configmgrteam/archive/2013/06/24/enhancements-to-behavior-monitoring-and-network-inspection-system-in-the-microsoft-anti-malware-platform.aspx
As you may be aware, after our recent announcement regarding the Microsoft Anti-Malware Platform Update, the two stand-alone releases (KB2831312 and KB2831316) were temporarily removed from Microsoft Update on April 10. This was because of a detection logic issue that was discovered with the Windows Defender platform update made available to Windows 8 clients (see http://support.microsoft.com/kb/2781197). The Windows Defender update was being erroneously offered to clients that had the new FEP or SCEP platform updates applied, leading to installation failures of KB2781197 that were misleading as the update does not actually apply when FEP or SCEP have been updated to the latest platform.
This has been addressed and these updates will be restored on Wednesday April 17 (today).
The KB articles for these updates are as follows:
Stand-alone / Unmanaged Clients:
KB2831312 - An anti-malware platform update for stand-alone Forefront Endpoint Protection 2010 clients is available from Microsoft Update (http://support.microsoft.com/kb/2831312)
KB2831316 - An anti-malware platform update for stand-alone System Center 2012 Endpoint Protection Service Pack 1 clients is available from Microsoft Update (http://support.microsoft.com/kb/2831312)
Managed Clients (by Configuration Manager 2007 for FEP, or by System Center 2012 Configuration Manager for SCEP):
KB2827684 - An anti-malware platform update for Forefront Endpoint Protection 2010 clients is available from Microsoft Support (http://support.microsoft.com/kb/2827684)
KB2828233 - An anti-malware platform update for System Center 2012 Endpoint Protection Service Pack 1 clients is available from Microsoft Support (http://support.microsoft.com/kb/2828233)
As noted in the KB articles, these updates may require reboots during installation.
Note that managed customers (using Configuration Manager 2007 or System Center 2012 Configuration Manager) may also see failures when installing update KB2781197 on Windows 8 clients that have the FEP or SCEP platform update applied. These failures can be ignored and should cease now that the update KB2781197 detection logic has been revised.
J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division
A file quarantined by Forefront Endpoint Protection 2010 (FEP 2010) or System Center 2012 Endpoint Protection (SCEP 2012) may be restored to an alternative location by using the MPCMDRUN command-line tool. The syntax is explained in the article below:
KB2834037 - How to restore files quarantined by Endpoint Protection to an alternative location (http://support.microsoft.com/kb/2834037)
App-V Team blog: http://blogs.technet.com/appv/ MED-V Team blog: http://blogs.technet.com/medv/ Server App-V Team blog: http://blogs.technet.com/b/serverappv
We just published a new KB article that explains an issue where you receive error 0x80248014 when trying to manually update the antimalware definitions on a Win8 computer running FEP 2010 or SCEP 2012 installed. You can find the complete article here:
KB2832355 - Updating the antimalware definitions in FEP/SCEP fails with error 0x80248014 (http://support.microsoft.com/kb/2832355)
The anti-malware platform will be updated Tuesday April 9, 2013 across multiple products. These products include Forefront Endpoint Protection 2010 and System Center 2012 Endpoint Protection SP1 standalone clients, and the managed versions of both. For all the details please see the following:
Announcement: Microsoft Anti-Malware Platform Update (http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/announcement-microsoft-anti-malware-platform-update.aspx)
Just a quick note on a new Knowledge Base article we just published on SCEP 2012. This article discusses an issue where in a very specific scenario, clicking the Update button in the System Center 2012 Endpoint Protection client user interface fails with error 0x8024402c. See the KB article below for details:
KB2831244 - Clicking the Update button in the System Center 2012 Endpoint Protection client user interface fails with error 0x8024402c (http://support.microsoft.com/kb/2831244)
J.C. Hornbeck | Knowledge Engineer | Microsoft CTS Management and Security Division
The mirror functionality is a feature to distribute definition updates to Linux clients running System Center 2012 Endpoint Protection (SCEP) that do not have an Internet connection. The procedure in this article outlines the steps to setup a mirror on a Linux server running System Center 2012 Endpoint Protection for Linux, as well as the steps to configure Linux clients to retrieve definition updates from the mirror.
KB2827654 - How to setup a mirror on a Linux server running System Center 2012 Endpoint Protection (http://support.microsoft.com/kb/2827654)
Just a quick note to let you know that we’ve completed app compatibility testing for the System Center Security Monitoring Pack for Endpoint Protection and it now officially supports System Center 2012 Operations Manager Service Pack 1. No updates or changes are required.
J.C. Hornbeck | Knowledge Engineer | Management and Security Division
Forefront Endpoint Protection 2010 now supports upgrading an existing Forefront Endpoint Protection database and reporting database to Microsoft SQL Server 2012 Service Pack 1.
To use SQL Server 2012 SP1 with Forefront Endpoint Protection 2010, you must upgrade the existing instance of SQL Server from SQL Server 2008, SQL Server 2008 R2 or SQL Server 2012. It is not supported to install new Forefront Endpoint Protection components on an existing or new instance of SQL Server 2012 or SQL Server 2012 SP1.
The following update is required to use Forefront Endpoint Protection with Microsoft SQL Server 2012 and 2012 SP1:
KB2683558 - Forefront Endpoint Protection data warehouse and reports fail to get new data on SQL Server 2012 (http://support.microsoft.com/kb/2683558)
Hi all, the following update was released towards the end of last year as a Critical (non-security) Update via Windows Update. The update addresses an issue with the Windows Filtering Platform that would cause the Network Inspection System (NIS) feature of System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) to drastically slow down network performance when actively protecting machines. The KB article can be found here:
KB2735855 - Network connection is slow when you run a WFP-based application on a computer that is running Windows 7 or Windows Server 2008 R2 (http://support.microsoft.com/kb/2735855)
If you have SCEP or FEP deployed, or any firewall/AV software that leverages the Windows Filtering Platform, it is strongly recommended that you deploy this update if you use NIS.
Just a quick heads up on a KB article we just published. This one talks about an issue where attempting to export an Antimalware policy in System Center 2012 Endpoint Protection 2012 (SCEP) fails with the error:
The specified settings failed to be exported!
In this case, the error occurred because the policy had an ampersand character (&) in the name but other characters such as ", ', < and > can cause it as well. You can read the entire article here:
2784157 - Attempting to export a Malware Policy in Endpoint Protection fails with "Specified Settings Failed to be Exported" (http://support.microsoft.com/kb/2784157)
Here’s a KB we just published that talks about a condition where the status displayed in the FCS Malware Summary report may be a little bit confusing:
=====
When viewing the Forefront Client Security (FCS) Malware Summary, it may not contain any data and instead simply report "There is no relevant information."
This occurs if no malware has been detected in the last 24 hours. This is by design.
When there is no malware that has been reported in the last 24 hours, the Malware Summary will not show a graph for 0. Instead it will say "There is no relevant information" as mentioned above.
For the most current version of this article please see the following:
2787508 - Forefront Client Security Malware Summary reports "There is no relevant information"
App-V Team blog: http://blogs.technet.com/appv/ ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/ DPM Team blog: http://blogs.technet.com/dpm/ MED-V Team blog: http://blogs.technet.com/medv/ Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ Operations Manager Team blog: http://blogs.technet.com/momteam/ SCVMM Team blog: http://blogs.technet.com/scvmm Server App-V Team blog: http://blogs.technet.com/b/serverappv Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/ The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/
This Knowledge Base article talks about an issue where installing System Center 2012 Endpoint Protection for Mac fails with “There were errors with the installation" :
When you try to install Microsoft System Center 2012 Endpoint Protection for Mac (SCEP), you receive an error message that resembles the following:
There were errors with the installation. You may want to try installing again. The Installation failed.
To resolve this issue, use the following methods. If Method 1 does not resolve the issue, go to Method 2:
Method 1 1. Click Close to close the error message window. 2. On the Go menu, click Applications. 3. Double-click System Center 2012 Endpoint Protection for Mac. 4. Verify that System Center 2012 Endpoint Protection for Mac starts as expected. To do this, click the System Center Endpoint Protection for Mac icon in the menu bar, and then click Open System Center 2012 Endpoint Protection.
Method 2
If System Center 2012 Endpoint Protection for Mac does not start as expected, follow these steps: 1. Restart the system into safe mode 2. Delete all SCEP applications bundles from /Application folder that you can found in it 3. Make a normal restart 4. Run 4.5.9X Uninstaller from 4.5.X dmg 5. execute from Terminal: rm -Rf ~/.scep/ 6. cd /Library/Application\ Support/Microsoft/ 7. sudo rm -Rf *scep/
NOTE: install.log can be found at /var/log/install.log
2695614 - Error message when you try to install System Center 2012 Endpoint Protection for Mac: "There were errors with the installation"