Share via

Antimalware Agent Version versus System Center Endpoint Protection version?

Duchemin, Dominique 2,006 Reputation points
2023-02-26T23:59:32.91+00:00

The Definition Updates are flowing from a share…(UNC)

But the SCEP Agent is still old… most of them are 4.10.209... The servers are Windows Server 2008, 2012, 2016, 2019, 2022.

SCEP 4.10.209

CM Agent 5.00.9078.1000

=================================================

select distinct /*v_R_System.Name0, v_GS_ADD_REMOVE_PROGRAMS_64.DisplayName0, */

v_GS_ADD_REMOVE_PROGRAMS_64.Version0 from  v_R_System

Join v_GS_ADD_REMOVE_PROGRAMS_64 on v_GS_ADD_REMOVE_PROGRAMS_64.ResourceID = v_R_System.ResourceID

where v_R_System.Name0

in (

select distinct sys.Name0

from v_R_System sys

inner join v_GS_ADD_REMOVE_PROGRAMS_64 on v_GS_ADD_REMOVE_PROGRAMS_64.ResourceID = sys.ResourceId

inner join v_GS_ADD_REMOVE_PROGRAMS    on v_GS_ADD_REMOVE_PROGRAMS.ResourceID = sys.ResourceId

Join v_FullCollectionMembership fcm    on fcm.ResourceID = sys.ResourceID

where

fcm.CollectionID = 'UCP00020'

and

(v_GS_ADD_REMOVE_PROGRAMS_64.DisplayName0 like '%System Center Endpoint Protection%'

or v_GS_ADD_REMOVE_PROGRAMS.DisplayName0 like '%System Center Endpoint Protection%'

))

and

(v_GS_ADD_REMOVE_PROGRAMS_64.DisplayName0 = 'System Center Endpoint Protection')

Group by Version0

Order by Version0

=================================================

Version0

4.10.209.0

4.7.214.0

 

I checked in Software Updates (for Desktops) it should be 4.18.2302.xxx

1.       We are not using Software Update for Servers, so what is the option to update the Antimalware Agent?

2.       What is the options to upgrade the System Enter Endpoint Protection version?

 

I separated the two versions upgrades as I noticed that they are currently not matching …

3.       What is the Antimalware Agent version called in the Database??

 2023-02-26_15-16-07 VRPSCCMPR01 AM Client version.pdf

Thanks,

Dom

Microsoft Security | Intune | Configuration Manager | Other
0 comments
Accepted answer
  1. CherryZhang-MSFT 6,496 Reputation points
    2023-02-28T09:25:43.73+00:00

    Hi @Duchemin, Dominique

    To see the Antimalware client version please check the table v_GS_AntimalwareHealthStatus. This table lists information about the antimalware client installed on each Configuration Manager client computer. The screenshot for your reference:

    1

    For more information, please refer to this link:

    Endpoint protection views - Configuration Manager | Microsoft Learn

    Thanks for your time.

    Best regards,
    Cherry

     

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CherryZhang-MSFT 6,496 Reputation points
    2023-02-27T09:46:28.2+00:00

    Hi @Duchemin, Dominique

    We can upgrade SCEP and Antimalware client version by deploying definition updates. About how to deploy SCEP Updates from UNC, please refer to this link:

    How can I deploy System Center 2012 Endpoint Protection Definition Updates from a UNC file share - Configuration Manager 2012 - www.windows-noob.com

    Note: Microsoft provides third-party contact information to help you understand the problem. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

     I will be back if I have any update!

    Thanks for your time and patience!

    Best regards,
    Cherry

  2. Duchemin, Dominique 2,006 Reputation points
    2023-02-28T13:48:10.0166667+00:00

    Hello Cherry,

    I have several versions of Antimalware

    • 4.7.214.0
    • 4.10.14393.2999 ... 4.10.209
    • 4.18.18.7.18.75 ... 4.18.2301.6

    and for the AntivirusSignatureVersion

    • blank
    • 0.0.0.0
    • 1.221.14.0
    • 1.235.2287.0
    • 1.283.2084.0
    • 1.323.1154.0
    • 1.333.1602.0
    • 1.355.2637.0
    • 1.371.1525.0
    • 1.373.45.0
    • 1.375.1080.0 ... 1.375.1493.0
    • 1.383.786.0

    What are the current or almost current versions ...?

    Where to look to see why they are not updating?

    For each Client where is the list of Files and folders, File types and processes which were scanned? (Not the exclusions list)

    Thanks,

    Dom

  3. Duchemin, Dominique 2,006 Reputation points
    2023-03-01T16:56:36.27+00:00

    Hi @CherryZhang-MSFT

    Yes the patches are available on the share:

    2023-03-01_8-50-31 Share 01.pdf

    2023-03-01_8-51-33 Share 02.pdf

    Checking the logs again now...

    MpDCmdRun.log

    MpCmdRun: Command Line: MpCmdRun.exe -ValidateMpasConnection

    Start Time: ‎Wed ‎Mar ‎01 ‎2023 09:07:58

    MpEnsureProcessMitigationPolicy: hr = 0x1

    MpCmdRun: End Time: ‎Wed ‎Mar ‎01 ‎2023 09:07:58

    MPLog-Date-Time.log

    2023-03-01T17:06:41.682Z ProcessImageName: taskhostw.exe, Pid: 7296, TotalTime: 31, Count: 3, MaxTime: 31, MaxTimeFile: \Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll, EstimatedImpact: 18%

    2023-03-01T17:06:41.682Z ProcessImageName: rapid7_endpoint_broker.exe, Pid: 6316, TotalTime: 30, Count: 26, MaxTime: 15, MaxTimeFile: \Device\HarddiskVolume4\Program Files\Rapid7\Insight Agent\components\endpoint_broker\common\beacon_info.json, EstimatedImpact: 0%

    2023-03-01T17:06:41.682Z ProcessImageName: upfc.exe, Pid: 5636, TotalTime: 30, Count: 12, MaxTime: 15, MaxTimeFile: \Device\HarddiskVolume4\Windows\WaaS\services\20bbcadaff3e0543ef358ba4dd8b74bfe8e747c8.xml, EstimatedImpact: 7%

    2023-03-01T17:06:41.682Z ProcessImageName: svchost.exe, Pid: 7780, TotalTime: 30, Count: 5, MaxTime: 15, MaxTimeFile: \Device\HarddiskVolume4\Windows\System32\ngcrecovery.dll, EstimatedImpact: 0%

    2023-03-01T17:06:41.682Z ProcessImageName: ir_agent.exe, Pid: 9188, TotalTime: 15, Count: 31, MaxTime: 15, MaxTimeFile: \Device\HarddiskVolume4\Program Files\Rapid7\Insight Agent\components\bootstrap\common\ssl\cafile.pem, EstimatedImpact: 0%

    2023-03-01T17:06:41.682Z ProcessImageName: svchost.exe, Pid: 8620, TotalTime: 15, Count: 2, MaxTime: 15, MaxTimeFile: \Device\HarddiskVolume4\Windows\System32\WsmRes.dll, EstimatedImpact: 9%

    2023-03-01T17:06:49.724Z ReadConfigFileTime(.\SacEvalModeExpirationTime) failed, hr =  0x8007065d

    2023-03-01T17:07:15.452Z Processing new exclusion list (ID=1572)

    2023-03-01T17:07:15.453Z Finished processing new exclusion list (ID=1572)

    2023-03-01T17:07:17.128Z Processing new exclusion list (ID=1573)

    2023-03-01T17:07:17.129Z Finished processing new exclusion list (ID=1573)

    2023-03-01T17:07:19.743Z ReadConfigFileTime(.\SacEvalModeExpirationTime) failed, hr =  0x8007065d

    2023-03-01T17:07:28.457Z Processing new exclusion list (ID=1574)

    2023-03-01T17:07:28.458Z Finished processing new exclusion list (ID=1574)

    2023-03-01T17:07:28.880Z Processing new exclusion list (ID=1575)

    2023-03-01T17:07:28.881Z Finished processing new exclusion list (ID=1575)

    Thanks,
    Dom

    0 comments
  4. Duchemin, Dominique 2,006 Reputation points
    2023-03-01T17:22:00.4633333+00:00

    Another attempt:

    c:\Program Files\Windows Defender>MpCmdRun.exe -ValidateMapsConnection

    ERROR: ValidateMapsConnection failed (800705B4)

    CmdTool: Failed with hr = 0x800705B4. Check C:\Users\rmppqx\AppData\Local\Temp\MpCmdRun.log for more information

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.