Share via

SCEP antivirus definition version not correct on some servers 2012 r2

Ibrahim AlHusari 191 Reputation points
2022-04-03T12:46:11.567+00:00

Hello ,

I am having some servers 2012 r2 that reports virus definition version not updated although it is up to date when I am checking the status locally on machines

189512-12345.jpg

on the sccm server , it is still showing different version from what appreared on the machine locally

how can I force the SCEP client reports corrcely to the SCCM server ?

189485-bbbbb.jpg

Microsoft Configuration Manager

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 44,746 Reputation points Microsoft Vendor
    2022-04-04T06:41:00.297+00:00

    Hi, @Ibrahim AlHusari

    Thank you for posting in Microsoft Q&A forum.

    The cause of this issue:
    This issue occurs because the instance of the MSFT_MpComputerStatus class doesn't exist in the root\Microsoft\ProtectionManagement namespace. The client queries this instance to populate the related registry keys.

    The resolution:
    To fix the issue, run the following command on the affected client computers to re-register the ProtectionManagement provider:
    Register-CimProvider -ProviderName ProtectionManagement -Namespace root\Microsoft\protectionmanagement -Path <path of ProtectionManagement.dll> -Impersonation True -HostingModel LocalServiceHost -SupportWQL -ForceUpdate
    (In this command, <path of ProtectionManagement.dll> is the placeholder for the path of ProtectionManagement.dll. For example:
    C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\ProtectionManagement.dll)

    For more details, you may refer to:
    https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/configmgr-console-shows-out-of-date-values

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Ibrahim AlHusari 191 Reputation points
    2022-04-04T09:18:27.177+00:00

    Dear AllenLiu ,

    I run the command on the infected machine but the issue is still the same

    189654-auth.jpg

    Regards ,

    0 comments
  3. AllenLiu-MSFT 44,746 Reputation points Microsoft Vendor
    2022-04-05T02:30:02.497+00:00

    Hi, @Ibrahim AlHusari

    Have we verified if the registry keys exist on the client now?
    HKLM\SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\ComputerStatusStateMessage
    HKLM\SOFTWARE\Microsoft\CCM\ExternalEventAgent\Criterias\Differentiation\InfectionStatusStateMessage

    And whether the instance of MSFT_MpComputerStatus is populated in the root\Microsoft\ProtectionManagement namespace?
    189837-1.png
    189920-2.png

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.