Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Windows 11
  • Intune
  • GitHub
  • About
CCMEXEC.COM – Enterprise Mobility

SC Endpoint Protection Client 4.7.205.0 is released

Posted on February 12, 2015March 3, 2015 by Jörgen Nilsson

On patch Tuesday this month, February 2015, a new version of the System Center Endpoint Protection client was released, which replaces the one released in October. The same way as the latest versions of the Endpoint protection client they are released on Microsoft Update / WSUS and can be deployed as an update to your clients. The scpeinstall.exe file on the Configuration Manager 2012 servers are updated with the Cumulative Updates as it has been before as well. So when you deploy a new System Center Endpoint Protection client it will require this update as well.

New in this release from the KB article, http://support.microsoft.com/kb/3036437:
The KB article was updated 13/2 with this new content.

Update 20150220:

The Update is now pulled back from Windows Update and expired in WSUS, if you are experiencing the issues with downloads being blocked with a message that they contain virus, you should downgrade those effected systems. More details can be found here: Team Blog

Update 20150302

A new version 4.7.209.0  is released with the issue resolved: http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx

“The revised update to address the Internet Explorer download issue is now available on Microsoft Update and Windows Software Update Services as KB3041687. This release is version 4.7.209.0″.


  • Improvements to registry and file system protection to counter tampering from malware.
  • Sub-mount points can be automatically excluded, and volumes can be fully excluded in Real time protection (RTP).
  • This update also includes the deprecation of the DisableGenericReports subkey in the following registry location:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting


    Note Unless this key is edited directly in the registry, this update should not have any effect on telemetry behavior.

    After you apply this update, to disable telemetry that’s sent by Endpoint Protection through Microsoft Active Protection Service (MAPS), open the Endpoint Protection UI, click the Settings tab, select the MAPS section, and then click I don’t want to join MAPS.

    Notes

    • Administrators can manage the MAPS configuration options through Windows Management Infrastructure (WMI), Windows PowerShell, and Group Policy.
    • Endpoint Protection may request file samples to be sent to Microsoft for further analysis. By default, Endpoint Protection will always prompt before it sends such samples. There is an option available to send samples automatically. To opt in to automatic sample submission, open the Endpoint Protection UI, click the Settings tab, select the Advanced section, and then click Send file samples automatically when further analysis is required.
    • Administrators can manage automatic sample submission with additional configuration options through WMI, PowerShell, and Group Policy by using the following registry subkeys:
      • MAPS Configuration Registry location:
        HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting


        DWORD name: SpyNetReporting
        DWORD values:

        • 0 – Off
        • 1 – Basic Membership
        • 2 – Advanced Membership
      • Sample Submission Registry location:
        HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting

        DWORD name: SubmitSamplesConsent
        DWORD values:

        • 0 (default) – Automatic sample submission disabled. End-users will always be prompted for samples.
        • 1 – Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
        • 2 – All sample submission disabled. Samples will never be sent and end-users will never be prompted.
        • 3 – All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting.

The new version is 4.7.205.0 which can be seen in the UI under help.

SCEP4.7.250.0I have seen some issues being reported on the forums and from customers.

  • WMI related errors in the event logs and SCCM Client Health reports back a faulty WMI, a reboot solves this issue.
  • The next issue with the update is that registry keys needs to be configured as the KB articles states above, to stop the Submit sample consent dialog from being displayed and to be able to configure MAPS membership.
  • There has also been reports about all downloads in IE being blocked as they contains virus, no real solution to that one yet.

14 thoughts on “SC Endpoint Protection Client 4.7.205.0 is released”

  1. Alan Dooley says:
    February 12, 2015 at 11:34 am

    We auto deployed this yesterday. If you have reboots suppressed it will cause the event viewer to fill with errors registering in WMI until reboot. Not really an issue for workstations but for servers it can leave you with SCOM reporting backlogs on monitoring. If you cannot reboot the server immediately a repair of the SCCM client also seems to clear it.

    Reply
  2. Doug Casey says:
    February 12, 2015 at 1:51 pm

    Most of my clients starting logging an error in Windows event viewer after the update to v4.7.205.0 – “There was an error 0x800106f7 in creating the Antimalware Health State WMI instance”. Not sure what is causing this and a reboot does not appear to solve the issue.

    The update was deployed automatically through SCCM 2012 R2 automatic deployment rule and I’m wondering what I need to do to fix or remove the update?

    Reply
  3. Doug Casey says:
    February 12, 2015 at 2:36 pm

    I’m going to try and reboot servers and workstations again to see if they clear. I will post an update to let you know if this resolves the issue. Thanks for the update.

    Reply
  4. Doug Casey says:
    February 12, 2015 at 2:38 pm

    Will try the client repair for servers that I cannot reboot right now (most are Windows 2008 R2).

    Reply
  5. Neil Williams says:
    February 12, 2015 at 3:13 pm

    After upgrading SCEP to 4.7 my workstation could not download files using IE. A reboot fixed this for me. Not so much of an issue for Servers admittedly.

    Reply
  6. Doug Casey says:
    February 12, 2015 at 3:43 pm

    Using the SCCM 2012 Administration console to push an installation of the client to existing clients (uninstall option left unchecked) appears to have cleared it up on most servers. Rebooted workstations and error appears to have corrected itself. Domain controller did not correct issue so issuing a reboot (I have other domain controllers that permit me to reboot the PDC).

    Reply
  7. Doug Casey says:
    February 12, 2015 at 4:05 pm

    Forgot to check the “All client to be installed on domain controllers” options when redeploying the client for the domain controller that did not update.

    Reply
  8. Andy says:
    February 12, 2015 at 6:33 pm

    Since upgrading to the new 4.7 Client some (not all)downloads are being blocked by endpoint because it thinks it is a virus. The we have ran this test many times in .doc .xls .ppt we know are not infected. Uninstalling endpoint and going to an earlier version seems to fix the issue. Anyone else had this?

    Reply
  9. Paul says:
    February 13, 2015 at 1:10 am

    All downloads in IE are now reporting that they contain a virus and are being deleted, and there is also a DLL error I get when downloading files from within an application – “The procedure entry point MpAmsiScan could not be located in the dynamic link library c:\Program Files (x86)\Microsoft Security Client\MpOAv.dll”

    These started occurring after this update was installed. Rebooting does NOT resolve it.

    Reply
  10. Andy says:
    February 17, 2015 at 9:44 am

    Ok. So we have found a common factor so far…

    Devices that run the windows 8 to 8.1 upgrade are showing the fault. Any exceptions to file types etc do not work! Going back to Client 4.6 solves this issue but means we are behind on the client version.

    Any machine that has been built from 8.1 as scratch do not have this fault. so far as we have seen so far

    We also upgraded to SCCM 2012R2 CU4 in a vein effort in case the policy xml’s changed but this did not solve anything. We have stopped rolling out 4.7 for now.

    Reply
    1. Jörgen Nilsson says:
      February 17, 2015 at 10:10 am

      Interesting that is exactly the sam that I am seeing, on my upgraded machine from 8 – 8.1 it doesn’t work, but on a newly installed it works fine. Great! I will forward that information.
      The update for the .xml file is not in the CU4 update… so you will have to either wait for a new update or set the registry keys as described in the KB article.
      /Jörgen

      Reply
  11. Mhoram says:
    February 18, 2015 at 1:18 am

    Re: the IE/Chrome downloads are being blocked and reported as being infected. The workaround so far has been to rename the Program Files\Windows Defender folder. Once you do that, and close and reopen any IE/Chrome sessions downloads start working again.

    Not sure if this only affects Windows 8/8/1 that have had their clients upgraded (rather than new, clean installs), as I haven’t heard reports of the same issue on Windows 7.

    Reply
    1. Jörgen Nilsson says:
      February 20, 2015 at 9:43 am

      Hi,
      The update is pulled back and will be rereleased when the issue is fixed until the I would recommend downgrading affected systems.
      http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx

      /Jörgen

      Reply
  12. John says:
    March 3, 2015 at 12:44 am

    New update version 4.7.209.0 available.

    http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
All code is provided "AS-IS" with no warranties.

Recent Posts

  • New settings in Intune Security Baseline Windows 11 24H2 -2504
  • Managing extensions in Visual Studio Code
  • Reinstall a required Win32app using remediation on demand
  • Administrator protection in Windows 11 – First look
  • Remediation on demand script – ResetWindowsUpdate
©2025 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT