Installation System Center Endpoint Protection on Standalone servers

Duchemin, Dominique 2,006 Reputation points
2022-11-04T00:13:50.317+00:00

Hello,

I am trying to install System Center Endpoint Protection on a Windows Server 2012 standalone:

I copied the files:

  1. scepinstall.exe
  2. Standalone.xml

then run
C:\source\scepinstall.exe /policy C:\source\standalone-Domain_Controller.xml
or
C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe C:\source\standalone-Domain_Controller.xml

but I could not see where to change the source of the Definition Updates which should be the WSUS server and no more the Configuration Manager Server with its software updates.

So when opening the GUI locally I have an error:
256983-2022-11-03-17-09-37-standalone-01.png

then if I click "Update definitions"

256984-2022-11-03-17-10-19-standalone-02.png

Where should I change the source of the definitions?

Thanks,
Dom

Microsoft Configuration Manager
0 comments

14 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Duchemin, Dominique 2,006 Reputation points
    2022-11-04T00:30:49.66+00:00

    Hello,

    I change the policy:
    256968-2022-11-03-16-50-24-antimalware-policy-01.png

    to
    257024-2022-11-03-16-50-24-antimalware-policy-02.png

    I have no more error but the update is not done... still out-of-date
    257025-2022-11-03-17-31-21-update-definitions-01.png

    the WSUS configuration is in place:
    257016-2022-11-03-17-31-21-update-definitions-03.png

    Thanks,
    Dom

    1 person found this answer helpful.
    0 comments
  2. CherryZhang-MSFT 6,481 Reputation points
    2022-11-04T02:50:31.62+00:00

    Hi @Duchemin, Dominique ,

    We need to configure the Software Update Point to enable the Endpoint Protection Definition updates. After that, we need to sync and deploy the updates to the client.
    The screenshots for your reference:
    257039-picture1.png

    1)For Windows 10 and later: Under Microsoft > Windows, select Microsoft Defender Antivirus.

    2)For Windows 8.1 and earlier: Under Microsoft > Forefront, select System Center Endpoint Protection.
    257018-picture2.png

    For more details, please refer to the following articles:
    Endpoint Protection malware definitions from WSUS - Configuration Manager | Microsoft Learn
    Install Endpoint Protection Role In SCCM - An Easy Guide (prajwaldesai.com)
    Note: Microsoft provides third-party contact information to help you understand the problem. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Looking forward to your feedback.

    Best regards,
    cherry

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  3. CherryZhang-MSFT 6,481 Reputation points
    2022-11-07T10:30:25.793+00:00

    Hi @Duchemin, Dominique ,

    Thank you for your feedback!

    1, There are something we need to confirm. Have you export and apply the new antimalware policy XML file to the client after you modify it? As mentioned in the article:
    Configure Endpoint Protection on a standalone client - Configuration Manager | Microsoft Learn

    2, I have done some research, if we have WSUS listed as an update source, we need to create an Automatic Approval rule for SCEP definitions. As shown in the screenshot:
    257864-1.png

    Besides, for registry about SCEP definitions update source, we can check the registry path with HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates.
    The screenshots for your reference:
    Before:
    257828-2.png

    257873-3.png

    After:
    257836-4.png

    257829-5.png

    For more details about list WSUS as SCEP definitions update source please refer to this link:
    Endpoint Protection Updates for Configuration Manager - Microsoft Community Hub

    Thank you for your time and patience!

    Best regards,
    Cherry

    1 person found this answer helpful.
    0 comments
  4. CherryZhang-MSFT 6,481 Reputation points
    2022-11-09T09:10:46.953+00:00

    Hi @Duchemin, Dominique ,

    1, I have tried your scenario according to the article you provided. The location of the WSUS server is specified to the standalone machine via GPO. I also using port 8530 because I don't have port 8531 configured for my WSUS server. Everything looks ok.

    However, If I disable the GPO, my machine lost connection and got an error similar to yours. The error code is 0x80070490. What is the error code you are getting? In the screenshot you provided, the client also failed to connect to the server. Therefore, we need to make sure that the WSUS server can connect with the client. The screenshots for your reference:
    258654-5.png

    258678-1.png

    258610-2.png

    258663-3.png

    258640-4.png

    Looking forward to your feedback.

    Best regards,
    Cherry

    1 person found this answer helpful.
  5. CherryZhang-MSFT 6,481 Reputation points
    2022-11-16T05:02:24.053+00:00

    Hi @Duchemin, Dominique ,

    Thanks for your feedback and sharing. We're glad that the question is fixed now. Here's a short summary for the problem, we believe this will help other users to search for useful information more quickly. It's appreciated that you could click "Accept Answer" to the reply.

    Problem/Symptom:
    Installation System Center Endpoint Protection on Standalone servers, the System Center Endpoint Protection could not be updated.

    Solution/Workaround:
    SCEPInstall /ForceClean
    SCEPInstall /Update
    Then the Client is showing green and up-to-date version for the definitions.
    Waiting 24 hours to confirm the definitions are continuing to update.

    Thanks again for your time and patience!

    Best regards,
    Cherry

    1 person found this answer helpful.
    0 comments