Endpoint Protection Policy not Applying via CMG

Roger Hendrikse 6 Reputation points
2021-01-28T19:01:02.057+00:00

We are using SCCM version 2010 and are moving to using Defender from another AV vendor. We will be managing Defender using the Endpoint Protection in SCCM. O have followed the Microsoft Learn on enabling Endpoint Protection, and it is mostly working. However, the AntiMalware Policy we have configures is not getting applied to machines unless they are on the LAN or connected via VPN. SCCM reports that the AntiMalware Policy has been applied to machines, and if I look in hte registry on these machines, they also show that they have applied the SCCM provided policy (under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent)

We have a Cloud Management Gateway in place, which is working as expected for everything else. According to Microsoft Learn, version 2006 and later of Configuration Manager allows applying Endpoint Protection policies via the CMG, without access to Active Directory. We are on Config Mgr 2010, so this should be working, however machines that apply the policy via the CMG do not apply our customized endpoint protection settings (scan schedule, exclusions, what to do in response to detections, etc.), even though SCCM does report on malware detections as it should.

I have tried to 'work around' this issue by exporting the AntiMalware Policy to an XML file, and then using this, in conjunctions with ConfigSecurityPolicy.exe to create a package that will import the policy settings. Even though SCCM is able to deploy the package to the machines via the CMG, and execmgr.log indicates that the command line ran successfully, the settings are still not imported, unless the computer is connected to LAN or VPN)

Please can someone assist in why this is happening, and how I could possibly resolve the issue ?

Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2021-01-29T10:06:37.49+00:00

    Hi,

    Thanks for posting in Microsoft MECM Q&A forum.

    1.May we know if the problematic devices have upgraded to the latest SCCM client agent? If possible, please uninstall and reinstall the SCCM client agent to have a try.

    2.Please look at the EndpointProtectionAgent.log on one of the affected device and EPCtrlMgr.log on the site server to see if there is any further information.

    Thanks for your time.

    Best regards,
    Simon

    ============================================================

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.