0 Replies Latest reply on Aug 7, 2019 7:21 AM by LJMCP

    App Volumes and Microsoft Endpoint Protection

    LJMCP Novice

      I am finding that on RDSH hosts (computer assigned appstacks, no writeable volumes), the SCEP client is not detecting anti-malware (ie Eicar) in real-time.  Scheduled scans do detect it as expected.

       

      I have added the following to snapvol.cfg on each appstack -

       

      # Microsoft System Center Endpoint Protection exclusions

      exclude_path=\Program Files\Microsoft Security Client

      exclude_path=\Program Files (x86)\Microsoft Security Client

      exclude_path=\ProgramData\Microsoft\Microsoft Antimalware

      exclude_process_path=\Program Files\Microsoft Security Client

      exclude_process_path=\Program Files (x86)\Microsoft Security Client

      exclude_process_name=MsMpEng.exe

      exclude_process_name=msseces.exe

      exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware

      exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup

      exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Security Client

       

      On these hosts, if I assign no appstacks, real-time SCEP detection does work.

       

      Perhaps i have added these exclusions incorrectly?  I updated the appstack and assigned to the provisioning host (does have AV agent installed), then modified snapvol.cfg and completed the appstack.

       

      RDSH hosts on W2K12R2.  App Volumes 2.16.

       

      Thanks!