Forum Discussion

DMobley_232's avatar
DMobley_232
Copper Contributor
Aug 30, 2020

SCCM Client Settings - Endpoint Protection

Hello. Over 90% of our sccm clients are failing client check however, Client activity looks great. I think the issue is we use Crowdstrike, but in our SCCM Client settings, we have a Endpoint Protec...
system center
Michiel Overweel's avatar
Michiel Overweel
Former Employee
Sep 07, 2020

DMobley_232 What I meant was, you didn't mention which client checks fail. The Client Status dashboard (\Monitoring\Overview\Client Status) contains a Most Frequent Client Check Errors bar graph that should give you an idea which checks are failing most frequently.

 

As for the "Manage Endpoint Protection client on client computers" setting: this is set to "No" by default. Before you can even set this to "Yes", you need to install the Endpoint Protection point role in the site. None of this is required if you don't want to manage the Windows Defender using ConfigMgr, and both of these require a conscious decision by and effort from an administrator, so this is something that someone enabled in your site at some point in time.

 

More information:

DMobley232's avatar
DMobley232
Copper Contributor
Sep 07, 2020

Michiel Overweel 

Thank You. I see what you are saying now. It looks like it is failing the CcmEval task. 

We currently use Crowdstrike as our primary endpoint protection, however they still want Windows Defender in the event crowdstrike fails and defender would be the backup.

 

  1. We do have "endpoint protection point" configured under Site system Roles.
  2. There is a Desktop Policy under Assets and Compliance>Endpoint Protection>Antimalware policies
  3. There is also a policy set for endpoint protection under Administration> Client Settings>

 

As a test. I created a new collection of 15 computers. They were all Client Check=Failed in Client status> Client check.

I created a new client setting policy under Administration> Client settings that was deployed to the 15 computers with "NO" to Manage Endpoint Protection Client on client Computers. Within 24 hours, 75% of the test computers successfully passed client check.

 

I then changed the setting to "Yes" and 24 hours later, all the computers but 1 are back to "Failed Client Check". In the computers that failed, I did find this in the ccmeval

 

Evaluating health check rule {B89B8B51-369F-42E6-80BC-FF46B8963B0F} : Verify/Remediate Antimalware service status for Windows 10 or up.      CcmEval               9/6/2020 10:56:03 AM  39032 (0x9878)

Attempting to change service status for service 'WinDefend' to 'Running'.              CcmEval               9/6/2020 10:56:03 AM         39032 (0x9878)

Failed to start the service 'WinDefend', hr=80004005        CcmEval               9/6/2020 10:56:03 AM  39032 (0x9878)

 

Any ideas?

Resources