So, for years, we have SCCM 2012 working great with SCEP policies, with exclusions for all the products per MS recommendations (DPM, SQL, Exchange etc).
We then moved all servers to SCCM CB (v1803). Recently, we deployed the first DPM 2016 on Windows Server 2016 - and it was there I discovered it wasn't apparently applying the policies. When I go into Settings and look at what's excluded, it appears to be the default ones only. The DPM Volumes folder isn't excluded. I have verified the server is in the correct deployment, and it is.
It's reporting on events back to SCCM when it finds EICAR in backups and it really shouldn't be doing that - the volumes shouldn't be scanned.
Any suggestions as to why it's not quite picking up the policies? Of course, they're SCEP policies and Windows Defender is all but the same thing. I'd expected it to work the same way tho...
I checked the client in SCCM console, and it says the deployment state for Endpoint Protection Deployment Information is "Managed" with return code 0. Version 4.18.1806.18062. Also, it says "Antimalware policies" are the default, my custom DPM one and my custom SQL one. So as far as SCCM is concerned, it shouldn't be scanning those folders.
However, only the default one has an application state of Succeeded. (See image).
Any ideas? EndpointProtectionAgent.log is showing only the Default antimalware policy as applying.
We then moved all servers to SCCM CB (v1803). Recently, we deployed the first DPM 2016 on Windows Server 2016 - and it was there I discovered it wasn't apparently applying the policies. When I go into Settings and look at what's excluded, it appears to be the default ones only. The DPM Volumes folder isn't excluded. I have verified the server is in the correct deployment, and it is.
It's reporting on events back to SCCM when it finds EICAR in backups and it really shouldn't be doing that - the volumes shouldn't be scanned.
Any suggestions as to why it's not quite picking up the policies? Of course, they're SCEP policies and Windows Defender is all but the same thing. I'd expected it to work the same way tho...
I checked the client in SCCM console, and it says the deployment state for Endpoint Protection Deployment Information is "Managed" with return code 0. Version 4.18.1806.18062. Also, it says "Antimalware policies" are the default, my custom DPM one and my custom SQL one. So as far as SCCM is concerned, it shouldn't be scanning those folders.
However, only the default one has an application state of Succeeded. (See image).
Any ideas? EndpointProtectionAgent.log is showing only the Default antimalware policy as applying.
