This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 55.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Hello,
I have the following errors in EndpointProtectionAgent.log
Service startup notification received 3/6/2023 9:36:51 AM 5480 (0x1568) Endpoint is triggered by CCMTask Execute. 3/6/2023 9:36:51 AM 1968 (0x07B0) This machine is not a workstation, returning false for MDMIsExternallyManaged. 3/6/2023 9:36:51 AM 1968 (0x07B0) Not RS3+, this device is SCCM managed. 3/6/2023 9:36:51 AM 1968 (0x07B0) Endpoint protection workload is NOT migrated to Intune. SCCM will apply policy. 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) EP State and Error Code didn't get changed, skip resend state message. 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent 3/6/2023 9:36:51 AM 1968 (0x07B0) State 1, error code 0 and detail message are not changed, skip updating registry value 3/6/2023 9:36:51 AM 1968 (0x07B0) Defender detected 3/6/2023 9:36:51 AM 1968 (0x07B0)
Where to look for more information?
The CM agent seems working fine.
SCEP is running on the Client.
The definition updates are up-to-date.
But there is no report on the CM Console
2023-03-06_9-43-07 VIDDEWEb01 - SCEP.pdf
There is the registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\ExternalEventAgent which is missing...
I tried uninstalling the SCEP Agent rebooting the machine reinstalling and still the same issue...
Any idea?
Thanks,
Dom
1, Have you enabled the https in your environment?
2, We may need to confirm that if the account “VRPCALCLOUDCAP2$” has full permission. We may try to set a domain admin account.
Looking forward to your reply.
Best regards,
Cherry
I would like to provide also this information:
I saw 4 registries for SCEP:
As I saw some machines with only #1 & #2
Some other machines with only #1 #3 #4
Some machines with #1 #2 #3 #4
Which set of registries is correct?
Should all machines have the 4 registries? Are they some registries coming only after certain actions ... infections... ?
Thanks,
Dom
Hi,
1, I had installed a new client. By default, only ExternalEventAgent, ComputerStatusStatemessage, InfectionStatusStatemessage
exists on it.
2, ExternalEventAgent is a component of Microsoft System Center Configuration Manager (SCCM) that is responsible for processing events generated by SCCM clients. These events include:
• ATPHealthStatusStateMessage
• ComputerStatusStatemessage
• InfectionStatusStatemessage
3, ATPHealthStatusStateMessage and ComputerStatusStatemessage is the state message sent by Configuration Manager clients to report the current state of operations.
InfectionStatusStatemessage is not a state message sent by Configuration Manager clients. However, Configuration Manager clients send state messages to the fallback status point or the management point to report their current state of operations.
I will do more research; I will be sharing for you if I have any update.
Thanks for your time and patience!
Best regards,
Cherry
Hi,
Hope my information is helpful to you. If anything else we can help in the future, feel free to post in Q&A to discuss together.
Thanks for your time.
Best regards,
Cherry
Hello @CherryZhang-MSFT
Sorry for the delay, yes the information are very useful as it bring lights in the deployment of System Center Endpoint Protection / Windows defender in our environment.
I am still fighting several points:
Thanks,
Dom
Hello @CherryZhang-MSFT
I see in the endpointprotectionagent.log these errors:
Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 3/29/2023 2:36:02 AM 5412 (0x1524)
Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 3/29/2023 2:36:02 AM 5412 (0x1524)
I see in the CcmMessaging.log:
EndpointMessage(Queue='ExternalEventAgent', ID={FA121C16-C019-4FD0-8051-DEDC7FAABF72}): Will be discarded (0x80070002). CcmMessaging 3/29/2023 2:00:47 PM 21780 (0x5514)
repeatedly once every day at 2PM
I see only the ATPHealthStatusStatemessage in the registry nothing for the two other registries... SCEP is present in Add/remove Program, the server is Windows Server 2019.
Thanks,
Dom
Thanks,
Dom
I have now 3 collections
I have my collections now
2023-03-31_20-24-33 SCEP installed and onboarding status.png
onbboarded
not onboarded
blank
Why does this happened?
Thanks
Dom