We're running Configuration Manager 2012 SP1. I've discovered that Endpoint Protection became disabled on one of our clients. (There are errors in the Windows Application event log with Event ID 2002 saying "There was an error 0x8050800d in creating the Antimalware Health State WMI instance" and "There was an error 0x8050800d in creating the Antimalware Infection State WMI instance".)
I'm not particularly concerned about trying to repair this client as I suspect it will be easier to reimage the machine. However, I am concerned that I did not get any notification that the client was disabled. In the "System Center 2012 Endpoint Protection Status" view, the client is listed under "Active clients protected with Endpoint Protection" as if it is working fine.
How do I ensure that I get notified when the Endpoint Protection client stops working?