Posts Tagged ‘SCEP’

Another “reminder where stuff is” post. This time for the Endpoint Protection logs. These should be the same for pretty much any version as far as I know, but I’m looking specifically at System Centre Endpoint Protection (SCEP) included as part of Config Manager 2012.

Log locations:

  • %allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
  • %allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
  • %windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
  • %windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
  • %windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
  • %windir%\temp\MpSigStub.log – Update progress for signature and Engine updates

References:

http://technet.microsoft.com/en-us/library/gg477022.aspx

Advertisements

This is one of those really simple and stupid problems that had me stuck for a while. I kept getting distracted with other things so it took a while before I got around to looking into it properly.

About a week after upgrading ConfigMgr 2012 to R2 I noticed some of the rebuilt servers didn’t have the Endpoint agent installed. The clients were working correctly, deploying windows updates and software deployments fine. Client Policy and inventory processing correctly, Endpoint Policy was assigned to machine in console and appearing on client (policyspy)

On new computers, Endpoint Protection did not install at all, and on computers when SCEP setup run manually, Endpoint policy never applies. Registry key indicates no policy is applied, even though “Generated Policy shows the correct values

(more…)