Share via

EndpointProtectionAgent.log Error

Duchemin, Dominique 2,011 Reputation points
2023-02-22T21:27:00.0966667+00:00

Hello,

In the EndpointProtectionAgent.log I have a repetitive error:

Defender detected 2/19/2023 10:09:00 PM 11160 (0x2B98)

Create Process Command line: "C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". 2/19/2023 10:09:00 PM 11160 (0x2B98)

Failed to create process C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe with error = 0x80070002. 2/19/2023 10:09:00 PM 11160 (0x2B98)

Failed to apply policy with error 0x80070002, retry number : 1 after 60 second. 2/19/2023 10:09:00 PM 11160 (0x2B98)

Where to look for details and resolution?

Thanks,

Dom

Microsoft Security | Intune | Configuration Manager | Other
Windows for business | Windows Server | User experience | Other
Microsoft System Center | Other
0 comments

Answer accepted by question author

CherryZhang-MSFT 6,511 Reputation points
2023-02-24T02:35:24.31+00:00

Hi @Duchemin, Dominique,

Thanks for your feedback. We're glad that the question is fixed now. It's appreciated that you could click "Accept Answer" to the helpful reply, this will help other users to search for useful information more quickly. Here's a short summary for the problem.

Problem/Symptom:
Endpoint Protection does not work on a few servers after installed and get repetitive error.

Solution/Workaround:

Uninstall and reinstalling Endpoint Protection and it worked. 

Thanks again for your time! Have a nice day!

Best regards,
Cherry

Was this answer helpful?

1 person found this answer helpful.
0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Duchemin, Dominique 2,011 Reputation points
    2023-02-24T01:21:04.49+00:00

    Hello,

    1. Yes Endpoint is working as just a few servers are failing 10-15 from 1500+
    2. No it never worked on this server After uninstalling everything and reinstalling it worked this time..

    Thanks,

    Dom

    Was this answer helpful?

    0 comments
  2. CherryZhang-MSFT 6,511 Reputation points
    2023-02-23T05:36:20.71+00:00

    Hi @Duchemin, Dominique

    1, Please help confirm that if you have enabled the Endpoint Protection use Custom Device Settings.

    For more details, please refer to this link:

    Install Endpoint Protection Role In SCCM - An Easy Guide (prajwaldesai.com)

    Note: Microsoft provides third-party contact information to help you understand the problem. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    2, Did Endpoint Protection work fine before that? If above operations you have already performed, please upload the full EndpointProtectionAgent.log for our reference.

    Looking forward to your reply.

    Best regards,
    Cherry

    Was this answer helpful?

    0 comments
  3. Duchemin, Dominique 2,011 Reputation points
    2023-02-22T22:27:59.87+00:00

    Hello,

    I was able to run the command manually:

    C:\Users\xxxxxx>"C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml"

    Microsoft Security Client successfully applied policy: "Default Client Antimalware Policy

    ISS - Servers - SCEP - YYYY".

    Any clue why it is not reporting to the Console? the installation of System Center Endpoint Protection & Windows Feature were done on 11/28/2022.

    Thanks,

    Dom

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.