Hi everybody,
I have very unusual request: I NEED HELP ;) I worked unsuccessfully with this problem for two weeks already.
My goal is: functioning SCCM 2012 SP1 (yesterday installed CU1).

OS Platform: Windows Server 2008 R2 Enterprise SP1
Client OS: Windows7 Enterprise
SCCM client version: 5.00.7804.1000, yesterday upgraded to 5.00.7804.1202 with CU1
SCEP (Antimalware Client) Version: 4.2.223.0

History. What I did:
 - Installed SCCM 2012 (single site, three servers);
 - Configured it;
 - Upgraded to SP1 (SCCM client also changed theirs versions to 5.00.7804.1000 ) ;

Two important / problematic things for me is:
 - SCEP: antimalware policy doesn't work
 - SCCM client: WMI subsystem periodically broke.

I don't think that these two problems are related to each other so I separate them to two different threads. Here I'll describe SCEP problem.

---------------------
SCEP.
It was successfully installed (through SCCM policy) and it is working - scanning client, reporting to  server. Problem is that SCEP "Default Client Antimalware Policy" doesn't affect SCEP client.

What I found:

 - I changed "Default Client Antimalware Policy" (e.g. changed scanning time to: full scan on Friday 1PM and "Microsoft Active Protection Service" - to "Basic membership")

 - I see that C:\Windows\CCM\EPAMPolicy.xml is regenerated. I compared it to previous version and I see that settings from Antimalware policy came here. IT WORKS.

 - Registry: HKLM\SOFTWARE\Microsoft\CCM\EPAgent\LastApplietPolicy: all values are set to "2". In this case I have only default antimalware policy, but if I setup additional custom antimalware policy, I see it here also. So, IT WORKS.

 - Client log file "EndpointProtectionAgent.log". I see command "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml" and later there is status "applied successfully". I even tried to launch this command manually (both - with double slash and without it). IT WORKS. I inserted excerpt from this log file in the bottom.

 - I look at SCEP client interface. Settings are not changed. Before reboot, after reboot. In one minute, in one hour, in one day..  IT DOESN'T WORK

What do I miss??

What I did additionally:
 - I found that after upgrade to SP1 Antimalware policies should be recreated. I recreated them.
 - I changed  "custom device settings" in SCCM: "Manage Endpoint protection client on client computers" to No, uninstalled SCEP clients manually, and changed this setting to "YES" and waited for SCEP reinstallation
 - I installed all Windows citical and security updates, all Office critical and security updates;
 - I installed:
 - -SCCM server: KB2828233
 - - SCCM server: SCCM SP1 cumulative update (KB2817245) (including database upgrade, SCCM clients upgrade); It was yesterday, but it doesn't seem to me that it helps.

What Is a little bit strange for me - that EndpointProtectionAgent.Log writes:
State 1 and ErrorCode 0 and ErrorMsg  and PolicyName Antimalware Policy and GroupResolveResultHash 5A5FA4F7C17A202B0805794FA754FA7F37B8AA84 is NOT changed
 
I would mind that if AntimalvarePolicy is changed also hash should be changed.. But I'm not sure..

----------------

Additional info:
Excerpt from EndpointProtectionAgent.Log exactly after changing Antimalware policy (setting Microsoft Active Protection Service" = "Basic membership" was changed)

<![LOG[Endpoint is triggered by WMI notification.]LOG]!><time="12:42:39.804-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="fepsettingendpoint.cpp:154">
<![LOG[File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.2.223.0.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:519">
<![LOG[EP version 4.2.223.1 is already installed.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:232">
<![LOG[EP 4.2.223.1 is installed, version is higher than expected installer version 4.2.223.0.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:265">
<![LOG[Handle EP AM policy.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="fepsettingendpoint.cpp:183">
<![LOG[Apply AM Policy.]LOG]!><time="12:42:39.974-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:1192">
<![LOG[Create Process Command line: "c:\Program Files\Microsoft Security Client\\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:42:40.036-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:607">
<![LOG[Applied the C:\Windows\CCM\EPAMPolicy.xml with ConfigSecurityPolicy.exe successfully.]LOG]!><time="12:42:43.672-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:659">
<![LOG[Save new policy state 1 to registry SOFTWARE\Microsoft\CCM\EPAgent\PolicyApplicationState]LOG]!><time="12:42:43.690-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:267">
<![LOG[State 1 and ErrorCode 0 and ErrorMsg  and PolicyName Antimalware Policy and GroupResolveResultHash 5A5FA4F7C17A202B0805794FA754FA7F37B8AA84 is NOT changed.]LOG]!><time="12:42:43.690-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentimpl.cpp:339">
<![LOG[Skip sending state message due to same state message already exists.]LOG]!><time="12:42:43.788-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:1239">
<![LOG[Firewall provider is installed.]LOG]!><time="12:42:43.818-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:779">
<![LOG[Installed firewall provider meet the requirements.]LOG]!><time="12:42:43.818-180" date="05-27-2013" component="EndpointProtectionAgent" context="" type="1" thread="2592" file="epagentutil.cpp:800">

I am having this exact same issue.  I started my own post here:

http://social.technet.microsoft.com/Forums/en-US/configmanagersecurity/thread/2ac7d2b8-0907-4dd3-8fe3-22eb83892171

I've opened a case with PSS.  If we find anything out i'll post an update here and my post also.  Please do the same if you find something out. 

Hy Zivak

follow jfergus post and my case probably you succed

http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/4ff3da21-03bb-4a75-b85c-6090c1f03375/

let us know

Zeno

Thanks for response, Zeno,

I saw this post already and I knew that "antimalware policy" is just the label.

I still didn't solve this problem.

If jfergus finds something - please let me know also. I'll also post something if I find.

Yes, I know this is an old post, just trying to clean up old post, did you figure this out? If so how?

Since no else has replied, I recommend that you contact Microsoft Support (CSS), they should be able to help you out.