Quantcast
Channel: Configuration Manager 2012 - Security, Updates and Compliance forum
Viewing all articles
Browse latest Browse all 6382

Custom SCEP Policies not applied

$
0
0

Hi All,

I've got 3 test systems with SCEP installed.  They all receive definitions just fine.  Unfortunately they are not receiving the custom antimalware policies i've created.  I found this blog that tells me a command i can run against the registry to see what policies are applied:

reg query HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy /f 2 /d

http://www.niallbrady.com/2013/02/17/how-can-i-determine-what-antimalware-policy-is-applied-to-my-scep-2012-sp1-client/

and it returns the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy
    All Windows SCEP Clients Policy (Scan Schedule)    REG_DWORD    0x2
    All Windows SCEP Clients Policy (Threat Default Action)    REG_DWORD    0x2
    Windows Server Scanning Exclusions (Excluded)    REG_DWORD    0x2
    Default Client Antimalware Policy (Excluded)    REG_DWORD    0x2
    All Windows SCEP Clients Policy (Realtime Config)    REG_DWORD    0x2
    All Windows SCEP Clients Policy (Advance Setting)    REG_DWORD    0x2
    All Windows SCEP Clients Policy (Spynet)    REG_DWORD    0x2
    All Windows SCEP Clients Policy (Signature Update)    REG_DWORD    0x2
    All Windows SCEP Clients Policy (Scan)    REG_DWORD    0x2

End of search: 9 match(es) found.

The way I read that means that the "All Windows SCEP Clients Policy" settings are all applied.  The "Windows Server Exclusions" policy is excluded for some reason. 

My custom policies set scan times different than the default and i have some exclusions.  When I launch the SCEP client on the local computer, i don't see the set scan times, just the default scan times.  I also don't see the exclusions.  I see in that req query command that the Exclusions are (Excluded), but the scan schedule should apply. The priorities on the applied AMP (antimalware policies) are:

Default Client AntimMalware Policy  10000

All Windows SCEP Clients Policy  21

Windows Server Scanning Exclusions  5

These policies are applied to appropriate collections.  When I click on the system in question in the console and look at the antimalware policies, it lists those three. 

I cannot for the life of me get these policies to apply even though they have what i think are the right priorities.  The way i understand it, the policies stack for most of the settings.  So the default settings get set by the default policy.  Then the "All Windows SCEP Policy" settings would override or merge with any settings in the default policy.  Then the "Windows Server Scanning Exclusions" policy would override or merge with any of the previous two policies.  Am I misinterpreting things here?


Viewing all articles
Browse latest Browse all 6382

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>