Hi Everyone,
I've been noticing this behavior for a while and it's proving difficult to track down the cause.
On Windows Sever 2008 R2 x64, SCCM will apply an update to the Forefront Endpoint Protection client causing SCOM to report the Definitions are not present and the Antimalware engine has malfunctioned. I've run a powershell WMI query
gwmi -Namespace root\microsoft\securityclient -class antimalwarehealthstatus -computername $server | Select -ExpandProperty AntiSpywareEnabled
Which on affected servers returns FALSE and on servers where Endpoint protection is running normally it returns TRUE.
The problem appears to resolve itself after a system reboot but is there anything in the client side logs for SCCM that would reveal the cause of this behavior?