Endpoint client not updating dating from the hart
To configure an Endpoint Protection Anti-malware Policy: The Endpoint Protection Anti-malware policy is used to determine the behavior of the SCEP/Windows Defender client (scan schedule, on-demand settings, user restrictions, exceptions, etc.) Detailed explanation of policy elements can be found at: Deploying SCCM and SCEP Policies to endpoints: An SCCM deployment is the association of SCCM policies or content to the basic organizational unit of SCCM manageable objects, called a Collection.
Sometimes the deployment is of policies themselves (such as client settings or anti-malware policy) and other times the deployment itself is a policy to control the handling of content (such as applications or OS deployment task sequences).
I found out they did not have endpoint protection on them and after the Spectre/Meltdown patches it was required.
Easy enough to deploy it and we have to make sure all servers are protected in the near future for NIST compliance.
The SCEP installer can also uninstall prior AV products if that activity is enabled in the SCCM client policy.
If endpoints are already managed by SCCM, migrating to SCEP/Windows Defender is a straightforward process.
Then restart the sms service and re-run your cycle (software update, etc).
Monitoring / Endpoint Protection Status / System Center 2012 R2 Endpoint Protection Status / Operational State12 clients are failing to apply the custom policy.
If endpoints are not managed by SCCM, they will first have to be provisioned for the SCCM service (see 67714) before following these steps.
Clicking on the “Antimalware policy application failed” brings us to the list of machine.
On the bottom, clicking on the “Antimalware Policy” tab shows the error : You can see that my policy “Endpoint Protection CTX 4.5, 6.0 & 6.5” is failing.
This article applies to version 5.x and earlier ESET business products.
System Center Configuration Manager (SCCM) Current Branch University of Illinois IT Pros leveraging Technology Services Endpoint Service SCCM Current Branch The System Center Configuration Manager (SCCM) client policy can be used to install System Center Endpoint Protection (SCEP) in supported OSes prior to Windows 10, or to enable Windows Defender on Windows 10.
TL; DR : Do not use special character in Endpoint Policy Name.