New Endpoint Version Causing Erroneous Virus Detections
Ever since the new endpoint protection introduced in KB3036437, our network is having problems with java based websites as well as downloading PDF files from any source. It seems to be targeting all PDF files as viruses. Has anyone else had a problem with
this update? We narrowed it down to that version by incrementally updating FEP. Any suggestions on how to mass roll back FEP or any thing else, please let me know. THanks a lot.
February 11th, 2015 1:15pm
Hello,
We are also having issues with this update. I first noticed the issue when trying to download and .msi file, and noticed the problem with .pdf and other file types as well. Turning off Realtime protections seems to have no affect. As TacP Luke said, any
suggestions or workarounds on this issue would be appreciated.
Thanks.
February 11th, 2015 2:17pm
Having same issues. All downloading is broken as soon as KB3036437 is applied. I started with Antimalware Client Version: 4.7.205.0, which wasnt working. After
the fresh install, I had 4.3.220.0. Windows Update then wanted to install KB2952678, which brought it to 4.5.216.0. Then it wanted to install KB3036437, which brought it back to 4.7.205.0. and it broke again. But on a few systems the reinstall
corrected the issue. But roughly 80% of the computers on our network are not affected.
February 11th, 2015 4:05pm
We have the same problem.
(System Center Endpoint Protection)
February 12th, 2015 9:36am
Thanks Jhowland. I tried a reinstall on a few machines and that seemed to resolve the issue. I've left it uninstalled on the remaining machines for the short-term and will reinstall on those a bit later. Hopefully this works for all of them.
February 13th, 2015 4:14pm
No Problem. We've also found that renaming the Windows Defender folder in
C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
-
Edited by
Jhowland
21 hours 53 minutes ago
February 16th, 2015 8:46am
No Problem. We've also found that renaming the Windows Defender folder in
C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
-
Edited by
Jhowland
Monday, February 16, 2015 1:52 PM
February 16th, 2015 4:44pm
No Problem. We've also found that renaming the Windows Defender folder in
C:\ProgramData\Microsoft\Windows Defender to C:\ProgramData\Microsoft\Windows Defender.old will clear up the issue as well. Not the greatest solution but something to work with if the re-install doesn't work.
-
Edited by
Jhowland
Monday, February 16, 2015 1:52 PM
February 16th, 2015 4:44pm
Ok. So we have found a common factor so far
Devices that run the windows 8 to 8.1 upgrade are showing the fault. Any exceptions to file types etc do not work! Going back to Client 4.6 solves this issue but means we are behind on the client version.
Any machine that has been built from 8.1 as scratch do not have this fault. so far as we have seen so far
We also upgraded to SCCM 2012R2 CU4 in a vein effort in case the policy xmls changed but this did not solve anything. We have stopped rolling out 4.7 for now.
February 17th, 2015 8:58am
Thanks - I found that worked
- Rename C:\Program Files\Windows Defender to Windows Defender.old
I had to kill some handles in explorer.exe
It seems that the same Dlls are in Microsoft Security Client - (MpOAv) but the Windows Defender version (now incompatible) are still loaded if a machine was upgraded from Win 8 to 8.1 (or was using Defender originally before System Center) ?
Downloads still say they are being scanned - they are just not blocked from the start now !
Thanks Ag
February 17th, 2015 10:13am