We use System Center to manage just about everything in our envionment. However, as of late, the maleware policies are failing.
We have various servers, desktops, laptops and mobile devices being managed. There are no specific ones that fail, it's just random that I can tell. I have taken over the monitoring of this and am new to SCCM.
There are two errors that I can see in the Antimalware Policies Tab on the selected devices. There are:
- Failed to trigger ConfigSecurityPolicy.exe to apply Antimalware Policy
- Failed to open the local machine Group Policy.
Both have the same Application Return Code: 0x80004005
Keep in mind that with our machines, some are always on network, some are occasionally on network and a few are on the network a couple times a month. This issue is random at best.
I have searched and searched and have found multiple sites with the same end game of deleting the Regisrty.pol file and forcing a GP Update. That's fine. But what I can't find is what's causing this or a possible cause. We have a million fixes but no cause.
I've been tasked to try to find a remedy for this. But if i can't locate a possible cause or two, all I have is the fix. But it's not good enough at this point.
I could see if the machines were never on the network or hardly making a network connection. However, those that are always on the network sould be pulling the policies.
Going through a handful of these machines, they seem to be requesting policies all within just a few ays of today. At worst, 4-5 days out. The heartbeats are all within 2-3 days from today. Hardware and software scans are within 2-3 days of today.
Only a couple have failed client checks. All others have passed within 3-5 days of today.
None that I have checked have come up on the infection list and looking at the Malware Detail tab, nothing is listed there.
So the question I have is, what can be done to force these machines to pull the Malware Policy on a regular basis? They seem to be pulling other policies just fine. And out of the horde of machiens we have, it's pushing to be about 100 that are failing.
My other question is, what harm would come from deleting the Registry.pol file? I know it handles the plocies for the machine. But would delting it cause any side effects as it's trying to download and reapply policies?