Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

An anti-malware platform update for stand-alone System Center 2012 Endpoint Protection clients is available from Microsoft Update


Summary

This article describes an anti-malware platform update package for Microsoft System Center 2012 Endpoint Protection Service Pack 1 clients. This package updates Endpoint Protection client services, drivers, and user interface components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated August 2013.

↑ Back to the top


More Information

Update information

This anti-malware platform update makes the following improvements:
  • Updates the platform to network real-time behavior monitoring functionality

    Provides a new protection capability that combines suspicious network activity with other suspicious behavior monitoring that is already included in the product triggering telemetry and sample submission for suspicious files that may require further analysis.

    For information about how to configure this feature, see the following Windows DevCenter website:


    For more information, see the following System Center Configuration Manager Team Blog website:


  • Adds manageability support

    A WMIv2 provider is now available that enables programmatic management of functions that are enabled in the user experience, such as disabling user interfaces on unattended terminals.

    For information about the provider and for the API description, see the following Windows DevCenter website:


    For information about PowerShell cmdlets that are also available for administrative scripting, see the following Microsoft TechNet website:

  • Adds anti-tampering functionality to reduce the risk that malware will disable or bypass anti-malware scanning

    For example, access to registry and services that are used by the anti-malware platform can be managed directly only through supported (trusted channels) administrative options through the System Center Configuration Manager console.

  • Improves overall performance of the anti-malware platform compared to previous platform versions

    Improvements are made for signatures that are delivered through the Microsoft Active Protection Service (MAPS). These changes contain no configurable or customer-facing effects.

    For more information about MAPS, see the following Microsoft TechNet website:


  • Adds more language support to the anti-malware platform

    New supported languages include the following:
    • Chinese (Hong Kong SAR) (zh-HK)
    • Chinese (PRC) (zh-CN)
    • Chinese (Taiwan) (zh-TW)
    • English (en-US)
    • French (fr-FR)
    • German (de-DE)
    • Italian (it-IT)
    • Japanese (ja-JP)
    • Korean (ko-KR)
    • Portuguese (Brazil) (pt-BR)
    • Russian (ru-RU)
    • Spanish (es-ES)

  • Adds a configurable automatic sample submission option

    By default, if your computer is opted in to MAPS, you may be prompted to send suspicious files to Microsoft for further analysis. This update enables new configuration options for this sample collection by providing an option to automatically send such files as .exe files without you being prompted. Be aware that all files that potentially contain personally identifiable information will continue to prompt you.

    Notes about this option
    • This option includes an updated Microsoft Software License Terms and Privacy statement that discusses this functionality.
    • This option setting is configurable through Windows Management Instrumentation (WMI).
    • This option currently provides no user-configurable capability in the System Center Configuration Manager console or the Administrative Template (.admx) files.
    • This option requires MAPS membership.


    For policy configuration information, see the following Microsoft Forefront website:

  • Makes several client fixes

    In addition to the improvements that are listed here, this release fixes the following client issues:
    • Microsoft Exchange Server 2003 interoperability

      The installation of the Endpoint Protection client on Exchange Server 2003 may cause ActiveSync failures such as Event ID 3005. To prevent this problem, create the following registry value:

      Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpfilter\Parameters
      DWORD name: DisableReadHooking
      DWORD Value: 1

      Notes about this setting
      • Restart the Exchange Server 2003 for the change to take effect.
      • This value setting alters the way that the Endpoint Protection client handles file access. However, it does not affect detection capability.

    • Incorrect Environment Variable

      The installation of the Endpoint Protection agent creates an additional PSModulePath environment variable that contains a trailing space. This is listed as a duplicate environment variable.

    • Alternative drive installation

      The /drive parameter does not change the product's AppDataPath value to the specified drive. It changes only the Program Data path.

How to obtain this update

This update can be obtained from Microsoft Windows Update.

Prerequisites

To apply this hotfix, you must have the System Center 2012 Endpoint Protection client installed.

Restart information

You may have to restart the computer after you apply this hotfix.

Hotfix replacement information

This update replaces the following update

Additional information

This update brings the antimalware client version to 4.3.215.0. You can find the version information by clicking About on the Help menu of the Endpoint Protection client user interface.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For System Center 2012 Endpoint Protection
File nameFile versionFile sizeDateTime
ccmsetup.cabNot Applicable9,61131-May-201306:10
scepinstall.exe4.3.215.025,591,43231-May-201306:10

↑ Back to the top


Keywords: kbqfe, kbfix, kbnotautohotfix, kbsurveynew, kbexpertiseinter, atdownload, kbbug, kb

↑ Back to the top

Article Info
Article ID : 2884678
Revision : 1
Created on : 1/7/2017
Published on : 11/13/2013
Exists online : False
Views : 314