Installation of System Center Endpoint Protection 4.7.205.0 is blocking IE downloads. Rolled back to 4.3 and downloads worked again. I started with Antimalware Client Version: 4.7.205.0, which wasnt working.  After the fresh install, I had 4.3.220.0.  Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0.  Then it wanted to install KB3036437, which brought it back to 4.7.205.0 and immediately broke downloading again. This is hit and miss within our network. Roughly 80% of our computers are not having this issue. 

Does it still block downloads if you disable the "Scan all downloads" setting under Real-time protection? Not ideal, but that would at least narrow it down to that specific setting.

What version of IE are you trying to install?

Try uninstall SCEP and install IE and then install SCEP.

I'm not downloading IE. Sorry let me clarify. All downloads in general. Even clicking on a link and choosing "save target as". The download is blocked and get error "file contained a virus and was deleted". 

Are you going through a proxy or web gateway? Perhaps that is interfering with the download in some way that causes EP to detect it as potentially malicious.

Same issue here on two computers running Win 8.1 Pro after installing Windows Update KB3036437 today. Disabling "Scan all downloads" does not help. IE: xxxxxx.xxx contained a virus and was deleted. Chrome: Anti-virus software failed unexpectedly while scanning this file.

Download is possible with FireFox, but blocked with IE, Chrome, Opera and Safari.

Safari has this message: "The procedure entry point MpAmsiScan could not be located in the dynamic link library c:\Program Files (x86)\Microsoft Security Client\MpOAv.dll"

Sounds to me like we need a revised update.

Disabling scan all downloads has no affect. 

Going through proxy or by passing proxy still gives same issue. Version 4.6 and below have no issues at all with downloading. This is definitely a botched update. 

• Edited by Jhowland Thursday, February 12, 2015 1:44 PM

Going through proxy or by passing proxy still gives same issue. Version 4.6 and below have no issues at all with downloading. This is definitely a botched update. 

• Edited by Jhowland Thursday, February 12, 2015 1:44 PM

Going through proxy or by passing proxy still gives same issue. Version 4.6 and below have no issues at all with downloading. This is definitely a botched update. 

• Edited by Jhowland Thursday, February 12, 2015 1:44 PM

It's just our Win 8.1 systems as well. After doing a fresh install of SCEP on one system and updating back to 4.7, downloading worked. The others had no luck. As soon as the KB is applied for 4.7 it breaks downloading.  

Having the same issue on Win 8.1 systems running the KB for version 4.7. Any updates?

We are having this issue as well.  The interesting thing is, it doesn't seem to effect everyone.  My PC is running the latest 4.7.205 and I don't have any issues.

Same problem. I've uninstall all updated, and stared by installing one by one and restarting PC. The result KB3036437 block IE and Chrome file download .

Installation of System Center Endpoint Protection 4.7.205.0 is blocking IE downloads. Rolled back to 4.3 and downloads worked again. I started with Antimalware Client Version: 4.7.205.0, which wasnt working.  After the fresh install, I had 4.3.220.0.  Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0.  Then it wanted to install KB3036437, which brought it back to 4.7.205.0 and immediately broke downloading again. This is hit and miss within our network. Roughly 80% of our computers are not having this issue. 

We have this issue as well. Some PC's were able to work after reinstalling SCEP and some don't. Still hoping microsoft finds a solution because a lot of PC's are effected. All of our machines are on Windows 8.1

• Edited by thepittman101 Thursday, February 12, 2015 8:25 PM

Installation of System Center Endpoint Protection 4.7.205.0 is blocking IE downloads. Rolled back to 4.3 and downloads worked again. I started with Antimalware Client Version: 4.7.205.0, which wasnt working.  After the fresh install, I had 4.3.220.0.  Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0.  Then it wanted to install KB3036437, which brought it back to 4.7.205.0 and immediately broke downloading again. This is hit and miss within our network. Roughly 80% of our computers are not having this issue. 

We have this issue as well. Some PC's were able to work after reinstalling SCEP and some don't. Still hoping microsoft finds a solution because a lot of PC's are effected. All of our machines are on Windows 8.1

• Edited by thepittman101 Thursday, February 12, 2015 8:25 PM

Installation of System Center Endpoint Protection 4.7.205.0 is blocking IE downloads. Rolled back to 4.3 and downloads worked again. I started with Antimalware Client Version: 4.7.205.0, which wasnt working.  After the fresh install, I had 4.3.220.0.  Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0.  Then it wanted to install KB3036437, which brought it back to 4.7.205.0 and immediately broke downloading again. This is hit and miss within our network. Roughly 80% of our computers are not having this issue. 

We have this issue as well. Some PC's were able to work after reinstalling SCEP and some don't. Still hoping microsoft finds a solution because a lot of PC's are effected. All of our machines are on Windows 8.1

• Edited by thepittman101 Thursday, February 12, 2015 8:25 PM

Same issue...

Uninstalled SCEPP and let Windows Defender take over and things download fine.  Install SCEPP and update, broken again.  Even simple txt and PDF files get blocked as having viruses.

I have the same issue too. I don't seem to have KB3036437 from what I can see in my installed updates list, but my SCEP antimalware client version is 4.7.205.0.

In IE, I get the virus warning when trying to download anything from anywhere. Other browsers are ok.

I also get the error "The procedure entry point MpAmsiScan could not be located in the dynamic link library c:\Program Files (x86)\Microsoft Security Client\MpOAv.dll" when trying to download an attachment from our service desk application ConnectWise.

As far as I know, my computer is the only one in our company experiencing this problem so far.

Same Problem here, only some Computers are behaving like this ( not all with the update installed)

installing older engine Version is our actual Workaround for These clients - hopefully MS is releasing an update soon...

I declined the update from WSUS and than deleted it from the deployment package.  After that I uninstalled endpoint from the computer and than re-installed it via system center.  it did not re-install the update.  You can also try the below link but make sure you test it on a computer that does not have the issue and one that does.

https://weikingteh.wordpress.com/2013/05/13/how-to-rollback-remove-a-patch-using-sccm-configmgr/

These are the steps that fixed this for me:

Steps:

1. Rename the folder C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old   <--- this is the important step, without this the process fails
2. uninstall System Center Endpoint Protection
3. Wait for it to be uninstalled
4. Test that you can download files without issue
5. Download to the System Center Endpoint Protection installer to their desktop
6. Install System Center Endpoint Protection 
7. Test your ability to download files.

I hope this helps those this has affected

Same here, just opened a support case. Interested to see how long it take to get someone.

About 50% of the machines on the network I administer were affected before the problem became noticeable. As a workaround I am currently deploying Firefox which doesn't experience the issue. As far as I can tell the update has been removed from the windows update site at this time.

Has anyone had any official word from MS regarding this yet?

This is really unacceptable :(

No official word yet. There are two ways to get around this. You can try re-installing SCEP which worked for a few or you can rename the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old ( what Haslor mentioned above) to clear up the issue. Not the greatest solution but something to work with if the re-install doesn't work.

• Edited by Jhowland 21 hours 50 minutes ago

This definitely works as well if just simply re-installing doesn't work, which I had luck with a few. Thanks.

Just got off a call with support, only a 48+ hour response to a critical bug....They had me run some script that didn't fix it and then rename the Windows Defender folder under Program Files and that resolved it. I sent some registry keys for them to review. 

If you rename the Defender folder what happens if they release a fix or you need to uninstall SCEPP and fall back to Defender?  Will this still allow the fix or Defender to work later?

Just got off a call with support, only a 48+ hour response to a critical bug....They had me run some script that didn't fix it and then rename the Windows Defender folder under Program Files and that resolved it. I sent some registry keys for them to review. 

After renaming the folder, did you have to resintall the FEP client or just a PC reboot?

Just a rename and closing IE and opening fixed on one test system. Chrome on the system needed an OS reboot. I didn't need to uninstall and reinstall FEP.  I don't consider this a permanent fix and hope they get back with something else. Worst case would be an uninstall of FEP and once they re-release the update I am hoping it doesn't have the same issues. Thankfully we only have a hand full of systems upgraded from Windows 8 to 8.1 which appears to be an underlying cause.

• Edited by Eric Cutcher 16 hours 19 minutes ago

No official word yet. There are two ways to get around this. You can try re-installing SCEP which worked for a few or you can rename the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old ( what Haslor mentioned above) to clear up the issue. Not the greatest solution but something to work with if the re-install doesn't work.

• Edited by Jhowland Monday, February 16, 2015 1:50 PM

No official word yet. There are two ways to get around this. You can try re-installing SCEP which worked for a few or you can rename the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old ( what Haslor mentioned above) to clear up the issue. Not the greatest solution but something to work with if the re-install doesn't work.

• Edited by Jhowland Monday, February 16, 2015 1:50 PM

Just a rename and closing IE and opening fixed on one test system. Chrome on the system needed an OS reboot. I didn't need to uninstall and reinstall FEP.  I don't consider this a permanent fix and hope they get back with something else. Worst case would be an uninstall of FEP and once they re-release the update I am hoping it doesn't have the same issues. Thankfully we only have a hand full of systems upgraded from Windows 8 to 8.1 which appears to be an underlying cause.

Thx, that worked. Hopefully we get a permanent fix sooner than later. I don't want to do this manual band-aid on all the systems I have which are experiencing the issue.

Just a rename and closing IE and opening fixed on one test system. Chrome on the system needed an OS reboot. I didn't need to uninstall and reinstall FEP.  I don't consider this a permanent fix and hope they get back with something else. Worst case would be an uninstall of FEP and once they re-release the update I am hoping it doesn't have the same issues. Thankfully we only have a hand full of systems upgraded from Windows 8 to 8.1 which appears to be an underlying cause.

• Edited by Eric Cutcher Monday, February 16, 2015 7:21 PM

Just a rename and closing IE and opening fixed on one test system. Chrome on the system needed an OS reboot. I didn't need to uninstall and reinstall FEP.  I don't consider this a permanent fix and hope they get back with something else. Worst case would be an uninstall of FEP and once they re-release the update I am hoping it doesn't have the same issues. Thankfully we only have a hand full of systems upgraded from Windows 8 to 8.1 which appears to be an underlying cause.

• Edited by Eric Cutcher Monday, February 16, 2015 7:21 PM

Ok. So we have found a common factor so far...

Devices that run the windows 8 to 8.1 upgrade are showing the fault. Any exceptions to file types etc do not work!  Going back to Client 4.6 solves this issue but means we are behind on the client version.

Any machine that has been built from 8.1 as scratch do not have this fault. so far as we have seen so far

We also upgraded to SCCM 2012R2 CU4 in a vein effort in case the policy xml's changed but this did not solve anything. We have stopped rolling out 4.7 for now.

Same issue here with Win 8, 8.1 and SCEP 4.7.205.0.

I cannot even work with Microsoft support and does not let me start a remote session.

Support-LogMeInRescue.exe - Anti-virus software failed unexpectedly while scanning this file.

Irony is when people are installing tool bar's and malwares eg: YAC, SCEP is happily allowing them to do so.  

Hi Andywhite86,

Any machine that has been built from 8.1 as scratch do not have this fault. so far as we have seen so far

I got several built from scratch machines with 8.1 and this problem.

Hey Beadmin

We have ran tests here side by side with a stock patched win 8 and 8-1 machine. And looking at calls from customers we have got no complaints from any machines that have had windows 8.1 installed from scratch. Only those who have gone from Windows 8 to 8-1 using the upgrade process. We don't use the stock windows defender program or FEP we use SCEP (the same underneath I guess)

It is a unusual issue. We have run Endpoint from when SCCM 2012 SP1 came out and updated it various times and never had issues like this before.

Thanks for the reply,

If  this help, I can allow you remote to my machine. its freshly built 8.1 with the same issue.

Yes we got SCCM 2012 sp1 CU 5 and SCEP.

Same here. I've tested and can confirm is issue with 4.7 client update. I did a system restore to before the update and all works.

http://answers.microsoft.com/en-us/ie/forum/ie11-iewindows8_1/all-pdf-downloads-in-ie11-are-blocked-saying-the/6aa24df2-9322-40f8-bd8b-68511816244c

Are there any updates on this at all? we have almost 100 machines and this issue is happening on a large number, the machines were built with MDT and didn't go through an upgrade process. i could really do with a solution before school starts again next week.

Thanks

Karl

p.s. I seem to be unable to rename the windows defender folder in program data.

• Edited by Rather Not Say 10 hours 59 minutes ago

Hi Karl,

I posted on the MS System Center Support page on Facebook asking whether MS had acknowledged and were looking into the issue. I received a response back very quickly stating that yes they are aware and are currently investigating it.

Regards,

Paul.

By renaming the folder Windows Defender in C:\Program Files (NOT in C:\Program Data) I was able to circumvent the issue and also without uninstalling SCEP client. Renaming back the folder to it's original name brought the issue back.

If it's urgent, what can quickly be done is a package to rename the Windows Defender folder and deploy the package to affected machines. It can be easily reverse (another package to rename to it's original) afterward once a permanent fix comes out.

Since renaming the Windows Defender is not an official supported work around, I would suggest to at least only deploy on couple machines first and wait for any side effects.

• Edited by Jovechkin 8 hours 6 minutes ago clarify folder name

Are there any updates on this at all? we have almost 100 machines and this issue is happening on a large number, the machines were built with MDT and didn't go through an upgrade process. i could really do with a solution before school starts again next week.

Thanks

Karl

p.s. I seem to be unable to rename the windows defender folder in program data.

• Edited by Rather Not Say Thursday, February 19, 2015 12:41 AM

By renaming the folder Windows Defender in C:\Program Files (NOT in C:\Program Data) I was able to circumvent the issue and also without uninstalling SCEP client. Renaming back the folder to it's original name brought the issue back.

If it's urgent, what can quickly be done is a package to rename the Windows Defender folder and deploy the package to affected machines. It can be easily reverse (another package to rename to it's original) afterward once a permanent fix comes out.

Since renaming the Windows Defender is not an official supported work around, I would suggest to at least only deploy on couple machines first and wait for any side effects.

• Edited by Jovechkin Thursday, February 19, 2015 3:35 AM clarify folder name

Are there any updates on this at all? we have almost 100 machines and this issue is happening on a large number, the machines were built with MDT and didn't go through an upgrade process. i could really do with a solution before school starts again next week.

Thanks

Karl

p.s. I seem to be unable to rename the windows defender folder in program data.

• Edited by Rather Not Say Thursday, February 19, 2015 12:41 AM

By renaming the folder Windows Defender in C:\Program Files (NOT in C:\Program Data) I was able to circumvent the issue and also without uninstalling SCEP client. Renaming back the folder to it's original name brought the issue back.

If it's urgent, what can quickly be done is a package to rename the Windows Defender folder and deploy the package to affected machines. It can be easily reverse (another package to rename to it's original) afterward once a permanent fix comes out.

Since renaming the Windows Defender is not an official supported work around, I would suggest to at least only deploy on couple machines first and wait for any side effects.

• Edited by Jovechkin Thursday, February 19, 2015 3:35 AM clarify folder name

This problem does not occur on all computers, and it is strange that we had this problems on computers working on Windows8.1 system, Windows 7 users didn't reportedthis issue. I hope it improves soon.

We discovered the same issue. Problems with Endpoint 4.7.205.0 impacting Windows 8.0 and 8.1 systems.  After initially going down the infected Trojan path, we found that rolling back to version 4.6 corrected the issue for both IE11 and Chrome.  Firefox did not have the "virus detected" download block.  We test prior to deployment so only test systems were affected.  Windows 7 systems did not have an issue.

Microsoft released an official blog post which will contain further updates about this issue:

http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx

I will wait until they released a revised version of the SCEP program before I rollout the update to everyone in our company.

Update released to address this issue.

Update for System Center Endpoint Protection 2012 Client - 4.7.209.0 (KB3041687)

The KB for this update is not yet available but I can confirm it resolved the issue encountered in version 4.7.205.0.

• Proposed as answer by fearroyo Monday, March 02, 2015 8:32 PM
• Marked as answer by Joyce LMicrosoft contingent staff, Moderator Wednesday, March 04, 2015 10:15 AM

Update released to address this issue.

Update for System Center Endpoint Protection 2012 Client - 4.7.209.0 (KB3041687)

The KB for this update is not yet available but I can confirm it resolved the issue encountered in version 4.7.205.0.

• Proposed as answer by fearroyo Monday, March 02, 2015 8:32 PM
• Marked as answer by Joyce LMicrosoft contingent staff, Moderator Wednesday, March 04, 2015 10:15 AM

Beware!

We have a server 2012R2 domain protected by SCEP.  We us O365 synced to AD with a lot of staff using Outlook 2010/2013.  On Friday one member of staff reported an Outlook error showing folder last updated 6\3\2015 which wouldn't update.  I tries send and receive and generated an 0x8004010F error "An object cannot be found".

This appeared to be an Exchange error but we don't have an exchange server only an ADFS server.  I eventually deleted office 2013 and reverted back to Office 2010 which fixed Outlook.

This morning the problem reoccurred but this time there were four other machines with the same problem.  Uninstall 2010, install 2013 fixd the problem but on further investigation all of the 4 machines had one update to install. Restarting installed the update only to leave another one update. I tried theis the or four times then looked at the installed updates and discovered that "Update for system center endpoint protection 2012 client -4.7.209.0(KB3041687)" Failed and was followed by "Definition Update for Microsoft Endpoint Protection- KB246184 (Definition1.1932049.0)" installed.

Further restarts produce further couplets.  Outlook failed again on all clients after a few hours.  OWA was unaffected.

Hopefully Tomorrow I will be able to back these updates off of SCCM otherwise shortly we will no longer have Outlook!!