New Endpoint Version Causing Erroneous Virus Detections
Ever since the new endpoint protection introduced in KB3036437, our network is having problems with java based websites as well as downloading PDF files from any source. It seems to be targeting all PDF files as viruses. Has anyone else had a problem with this update? We narrowed it down to that version by incrementally updating FEP. Any suggestions on how to mass roll back FEP or any thing else, please let me know. THanks a lot. 
February 11th, 2015 1:15pm

Hello,

We are also having issues with this update. I first noticed the issue when trying to download and .msi file, and noticed the problem with .pdf and other file types as well. Turning off Realtime protections seems to have no affect. As TacP Luke said, any suggestions or workarounds on this issue would be appreciated.

Thanks.

Free Windows Admin Tool Kit Click here and download it now
February 11th, 2015 2:17pm

Having same issues. All downloading is broken as soon as KB3036437 is applied. I started with Antimalware Client Version: 4.7.205.0, which wasnt working.  After the fresh install, I had 4.3.220.0.  Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0.  Then it wanted to install KB3036437, which brought it back to 4.7.205.0.  and it broke again. But on a few systems the reinstall corrected the issue. But roughly 80% of the computers on our network are not affected.
February 11th, 2015 4:05pm

We have the same problem.

(System Center Endpoint Protection)

Free Windows Admin Tool Kit Click here and download it now
February 12th, 2015 9:36am

Thanks Jhowland. I tried a reinstall on a few machines and that seemed to resolve the issue. I've left it uninstalled on the remaining machines for the short-term and will reinstall on those a bit later. Hopefully this works for all of them.
February 13th, 2015 4:14pm

No Problem. We've also found that renaming the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
  • Edited by Jhowland 21 hours 53 minutes ago
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2015 8:46am

No Problem. We've also found that renaming the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
  • Edited by Jhowland Monday, February 16, 2015 1:52 PM
February 16th, 2015 4:44pm

No Problem. We've also found that renaming the Windows Defender folder in C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
  • Edited by Jhowland Monday, February 16, 2015 1:52 PM
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2015 4:44pm

Ok. So we have found a common factor so far

Devices that run the windows 8 to 8.1 upgrade are showing the fault. Any exceptions to file types etc do not work!  Going back to Client 4.6 solves this issue but means we are behind on the client version.

Any machine that has been built from 8.1 as scratch do not have this fault. so far as we have seen so far

We also upgraded to SCCM 2012R2 CU4 in a vein effort in case the policy xmls changed but this did not solve anything. We have stopped rolling out 4.7 for now.

February 17th, 2015 8:58am

Thanks - I found that worked

- Rename C:\Program Files\Windows Defender to Windows Defender.old

I had to kill some handles in explorer.exe

It seems that the same Dlls are in Microsoft Security Client - (MpOAv) but the Windows Defender version (now incompatible) are still loaded if a machine was upgraded from Win 8 to 8.1 (or was using Defender originally before System Center) ?

Downloads still say they are being scanned - they are just not blocked from the start now !

Thanks Ag

Free Windows Admin Tool Kit Click here and download it now
February 17th, 2015 10:13am

FYI - Microsoft has now acknowledged the issue and has finally pulled the bad update from Microsoft update.  A new update is coming soon.  More info: http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx
February 20th, 2015 8:39am

FYI - Microsoft has now acknowledged the issue and has finally pulled the bad update from Microsoft update.  A new update is coming soon.  More info: http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx
Free Windows Admin Tool Kit Click here and download it now
February 20th, 2015 4:37pm

FYI - Microsoft has now acknowledged the issue and has finally pulled the bad update from Microsoft update.  A new update is coming soon.  More info: http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx
February 20th, 2015 4:37pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics