CcmEval.log "Failed to get SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection\DisableIntrusionDetection"

Alexander, David 1 Reputation point
2021-02-12T20:43:19.543+00:00

Attached is an excerpt from the CcmEval.log that is not correctly reporting status back to the SCCM Server. We are using a 3rd party antimalware software suite.
I have approximately 500 clients with this error and not correctly updating status. The referenced key does not exist on any of our systems. Any suggestions / resolutions would be greatly appreciated.

-DA

<![LOG[==========[ ccmeval started in process 18392 ]====================================]LOG]!><time="18:04:54.176+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:105">
<![LOG[ccmeval version: 5.0.8968.1010]LOG]!><time="18:04:54.185+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:123">
<![LOG[Loading manifest file: C:\WINDOWS\CCM\CcmEval.xml]LOG]!><time="18:04:54.187+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmevalmanifest.cpp:30">
<![LOG[Successfully loaded ccmeval manifest file.]LOG]!><time="18:04:54.230+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmevalmanifest.cpp:41">
<![LOG[Begin evaluating client health rules.]LOG]!><time="18:04:54.230+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:248">
<![LOG[Successfully retrieved all client health checks.]LOG]!><time="18:04:54.232+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmevalmanifest.cpp:130">
<![LOG[Evaluating health check rule {4AB7D77D-3BB0-4EAB-BEFD-7C0F7DA10296} : Verify WMI service exists.]LOG]!><time="18:04:54.232+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {518C0699-03F8-4F38-85C4-4D319EAEFC05} : Verify/Remediate WMI service startup type.]LOG]!><time="18:04:54.232+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {7F4B6E15-2221-455B-9615-93C379E470D5} : Verify/Remediate WMI service status.]LOG]!><time="18:04:54.233+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {14E6774A-1795-4E09-B17D-B6F36A124205} : WMI Repository Read/Write Test.]LOG]!><time="18:04:54.233+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {690A959D-6210-4930-865F-E3BB82F02133} : Verify/Remediate client WMI provider.]LOG]!><time="18:04:55.137+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {A81778B5-9A1E-4A52-9C6E-6939CEFAA118} : WMI Repository Integrity Test.]LOG]!><time="18:04:55.824+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {5CC6C949-5001-4765-84B4-DD4FDC1E6940} : Verify BITS exists.]LOG]!><time="18:04:56.058+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {C6E29CF5-F9B2-450B-AE61-C4B256A75023} : Verify/Remediate BITS startup type.]LOG]!><time="18:04:56.058+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {2F373187-6295-4CBB-BE9E-8E43C459883A} : Verify/Remediate client prerequisites.]LOG]!><time="18:04:56.058+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {AD9CAF50-6602-4857-A9F4-64864EA30BDF} : Verify/Remediate client installation.]LOG]!><time="18:04:57.522+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {8883C683-04C8-4228-BB76-2EDD666BA781} : Verify SMS Agent Host service exists.]LOG]!><time="18:04:57.771+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {13F46523-5B82-417d-A363-A644E80CAD76} : Verify/Remediate SMS Agent Host service startup type.]LOG]!><time="18:04:57.772+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {70BECB51-44A1-4b46-8A23-6EA3D345B677} : Verify/Remediate SMS Agent Host service status.]LOG]!><time="18:04:57.772+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {C35E790D-4C05-40A8-BB46-A68578966D19} : WMI Event Sink Test.]LOG]!><time="18:04:57.773+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {0614757F-7AA6-4933-965B-06D6A8243D0B} : Microsoft Policy Platform WMI Integrity Test.]LOG]!><time="18:04:57.773+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {7EF00FDD-3DF0-496A-A999-AADD1B3016C1} : Verify/Remediate Microsoft Policy Platform Service Existence.]LOG]!><time="18:04:57.782+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {D9D0245D-0617-4C2F-8837-84A397AC5B22} : Verify/Remediate Microsoft Policy Platform service startup type.]LOG]!><time="18:04:57.782+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {09886543-BE8B-431F-BC00-7D917632E22C} : Verify/Remediate Antimalware service startup type.]LOG]!><time="18:04:57.782+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:57.816+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {5B50566C-363E-4F1C-8A7D-6F2D2A51B142} : Verify/Remediate Antimalware service status.]LOG]!><time="18:04:57.816+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:57.850+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {B9274BD3-4B32-4B41-8E4D-7B0306D412CE} : Verify/Remediate Antimalware service startup type for Windows 10 or up.]LOG]!><time="18:04:57.850+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:57.888+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {B89B8B51-369F-42E6-80BC-FF46B8963B0F} : Verify/Remediate Antimalware service status for Windows 10 or up.]LOG]!><time="18:04:57.889+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:57.924+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {6BC824B4-BD8C-4779-BB10-ABDBCD5AFAEB} : Verify/Remediate Network Inspection service startup type.]LOG]!><time="18:04:57.925+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:57.957+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {BA322036-F3BE-426F-8779-C1C0BF82EC6E} : Verify/Remediate Network Inspection service startup type for Windows 10 or up.]LOG]!><time="18:04:57.957+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
*****<![LOG[Failed to get SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection\DisableIntrusionPreventionSystem]LOG]!>*****<time="18:04:57.994+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="cmclientevaluator.cpp:1341">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:57.994+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {D6CB32EA-423D-44CB-9C58-97CE55D2148E} : Verify/Remediate Windows Update service startup type.]LOG]!><time="18:04:57.994+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail: ]LOG]!><time="18:04:58.027+360" date="02-10-2021" component="CcmEval" context="" type="2" thread="11236" file="ccmeval.cpp:328">
<![LOG[Evaluating health check rule {E8030BE0-B773-4742-B6A1-0870CF139117} : Verify/Remediate Windows Update service startup type on Windows 8.]LOG]!><time="18:04:58.027+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {9040BA8C-580D-4FCA-8846-BBD5F5BB1597} : Verify/Remediate Configuration Manager Remote Control service startup type.]LOG]!><time="18:04:58.064+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">
<![LOG[Evaluating health check rule {9DCD49EF-E021-46FF-A777-49210B558527} : Verify/Remediate Configuration Manager Remote Control service status.]LOG]!><time="18:04:58.064+360" date="02-10-2021" component="CcmEval" context="" type="1" thread="11236" file="ccmeval.cpp:283">

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Fiona Yan-MSFT 2,311 Reputation points
    2021-02-15T07:23:30.55+00:00

    @Alexander, David

    Thank you for posting in Microsoft Q&A forum.

    Failed to get SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection\DisableIntrusionPreventionSystem.

    Based on my research, many situations may cause this issue. Could we know which step does it failed with this error? Does this mean that an error occurred while checking client activity on the SCCM console?

    I have approximately 500 clients with this error and not correctly updating status. The referenced key does not exist on any of our systems.

    Could we know what the incorrect updating status of the client is? To narrow down this issue, could you please help share the error screenshot on one problematic client?

    Have a good day!


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. AK_ 1 Reputation point
    2022-04-27T14:35:37.957+00:00

    I had the same issue following a switch in security product. All clients reporting client check failed.

    Created Client Settings to have Endpoint Protection set to disabled, applied it to a group with higher priority. Updated policy and rebooted clients.

    The error (Taken from "C:\Windows\CCM\Logs\CcmEval.log") still existed but the client switched to healthy in the console.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.