System Center Endpoint Protection Client reporting issues after installing KB3025417 on Windows 8.1
First published on CloudBlogs on Jun 18, 2015
Author: Brian Huneycutt, Software Engineer, Enterprise Client and Mobility
Several customers have reported that the System Center 2012 Endpoint Protection (SCEP) client stops reporting any status to System Center 2012 Configuration Manager sites when the following update is installed on Windows 8.1 clients:
KB3025417 March 2015 antimalware platform update for Windows Defender in Windows 8.1 and Windows...
Clients will record errors that resemble the following in the ExternalEventAgent.log file.
WMI callback for machine notification (SELECT * FROM __InstanceOperationEvent WITHIN 30 WHERE TargetInstance ISA "MSFT_MpComputerStatus") in scope (\.rootMicrosoftProtectionManagement) for group 'EndpointProtection' is not registered.
Failed to get the wmi query result for error = 80041055
To prevent this issue from continuing we have revised the detection logic for KB3025417; as of Friday June 12, 2015 it is no longer offered to clients that are also running System Center Endpoint Protection.
Uninstalling KB3025417 from affected computers, followed by reinstalling the SCEP client, resolves the reporting issue. As an alternative to uninstalling the update, run the following command on the client to restore reporting functionality. Restart the computer afterward for the provider change to take effect.
Register-CimProvider.exe -ProviderName ProtectionManagement -Namespace rootmicrosoftProtectionManagement -Path "C:Program FilesMicrosoft Security ClientProtectionMgmt.dll" -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate
This interoperability issue between Windows Defender and System Center Endpoint Protection will be resolved in future platform updates for Windows Defender.
Configuration Manager Resources
Documentation Library for System Center 2012 Configuration Manager
System Center 2012 Configuration Manager Forums
System Center 2012 Configuration Manager Survival Guide
System Center Configuration Manager Support
Submit Configuration Manager Product Ideas
Report Configuration Manager Product Issues
This posting is provided "AS IS" with no warranties and confers no rights.