Summary: Troubleshoot servers with real time protection enabled that are not being correctly reported.

Good morning everyone, Mark Waitser and Yuri Diogenes here. Today we want to talk about an issue where certain servers are not being correctly reported in relation to real time protection status.

Problem

A Windows Sever 2012 computer with Microsoft System Center Endpoint Protection installed and Real Time Protection enabled is reported in OMS Console as the real time protection was not enabled (ProtectionStatus : No real time protection).

Note: this may also occur in Windows Server 2008 or Windows 7 SP1.

Cause

Microsoft System Center Endpoint Protection is detected, but ProtectionStatusRank equal to 270 – No Real Time Protection as shown below:

Troubleshooting steps

• Verify if all monitoring are enabled, see example below:

• Noticed that the “Behavior Monitor” is disabled and this is the reason for the 270

Solution

Enable all Monitors via SCEP management console as shown below:

Authors

Mark Waitser, Senior Software Engineer (OMS Security Team)

Yuri Diogenes

If you use Facebook, you may want to join the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy Blog.

If you would like to get a free Microsoft Operations Management Suite (#MSOMS) subscription so that you can test it out, you can do so from here. You can also get a free subscription for Microsoft Azure as well by selecting this link.