0 out of 1 rated this helpful - Rate this topic

Troubleshooting Endpoint Protection

Updated: December 17, 2012

Applies To: Windows Intune December 2012 Release

This topic describes potential causes and solutions for the following errors and warnings, which appear in the Endpoint Protection Status pane in the Windows Intune administrator console.

Endpoint Protection engine unavailable
Endpoint Protection disabled
Real-time protection disabled
Download scanning disabled
File and program activity monitoring disabled
Behavior monitoring disabled
Script scanning disabled
Network Inspection System disabled
Malware definitions out-of-date
Full scan overdue
Quick scan overdue
Another endpoint application running

Status item	Potential causes	Potential solutions
Endpoint Protection engine unavailable	The Windows Intune Endpoint Protection engine was corrupted or deleted.	If the Windows Intune Endpoint Protection engine is corrupted, the engine can be updated automatically. To force an immediate update, click Update in the Endpoint Protection client software. If the engine cannot be updated, you must reinstall the Endpoint Protection engine. To reinstall the Endpoint Protection engine, on the managed computer, if the client computer is running Windows XP, click Add or Remove Programs . If the client computer is running Windows Vista or Windows 7, click Programs and Features . Locate Windows Intune Endpoint Protection Agent , and then uninstall the application. During the next update synchronization, the Microsoft Online Management Update Manager detects the missing program and reinstalls it at the scheduled installation time.
Endpoint Protection disabled	Windows Intune Endpoint Protection was disabled by an administrator who used Policy or by a user on a managed computer.	If Endpoint Protection is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable Endpoint Protection from the Windows Intune administrator console, open the Policy workspace, and then change the Enable Endpoint Protection setting in the policies that apply to the computer. To enable Endpoint Protection from a managed computer, start the Windows Intune Endpoint Protection client from the notification area. You will be prompted to enable Endpoint Protection at that time.
Real-time protection disabled	Real-time protection was disabled by an administrator who used Policy or by a user on a managed computer.	If real-time protection is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable real-time protection from the Windows Intune administrator console, open the Policy workspace, and then change the Enable real-time protection setting to Yes in the policies that apply to the computer. To enable real-time protection from a managed computer, start the Endpoint Protection client software from the notification area. You are prompted to enable real-time protection at that time.
Download scanning disabled	Download scanning was disabled by an administrator who used Policy or by a user on a managed computer.	If download scanning is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable download scanning from the Windows Intune administrator console, open the Policy workspace, and then change the Scan all Downloads setting to Yes in the policies that apply to the computer. To enable download scanning from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection , select the Scan all downloads check box, and then click Save changes .
File and program activity monitoring disabled	File and program activity monitoring was disabled by an administrator who used Policy or by a user on a managed computer.	If file and program activity monitoring is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable file and program activity monitoring from the Windows Intune administrator console, open the Policy workspace, and then change the Monitor file and program activity on computers setting to Yes in the policies that apply to the computer. To enable file and program activity monitoring from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection , select the Monitor file and program activity on your computer check box, and then click Save changes .
Behavior monitoring disabled	Behavior monitoring was disabled by an administrator who used Policy or by a user on a managed computer.	If behavior monitoring is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable behavior monitoring from the Windows Intune administrator console, open the Policy workspace, change the Enable behavior monitoring setting to Yes in the policies that apply to the computer, and then restart the managed computer. To enable behavior monitoring from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection , select the Enable behavior monitoring check box, and then click Save changes . Then, restart the computer.
Script scanning disabled	Script scanning was disabled by an administrator who used Policy or by a user on a managed computer.	If script scanning is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable script scanning from the Windows Intune administrator console, open the Policy workspace and change the Enable script scanning setting to Yes in the policies that apply to the computer. To enable script scanning from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection , select the Enable script scanning check box, and then click Save changes .
Network Inspection System disabled	Network Inspection System was disabled by an administrator who used Policy or by a user on a managed computer.	If Network Inspection System is disabled, you can enable it from the Windows Intune administrator console or from a managed computer. Do one of the following: To enable Network Inspection System from the Windows Intune administrator console, open the Policy workspace, change the Enable Network Inspection System setting to Yes in the policies that apply to the computer, and then restart the managed computer. To enable Network Inspection System from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection , select the Enable Network Inspection System check box, and then click Save changes . Then, restart the computer.
Malware definitions out-of-date	The computer might have been disconnected from the Internet for an extended period of time, and its malware definitions might not yet have been updated. This status appears when the malware definitions on the computer are out-of-date by 14 days.	If malware definitions are out-of-date, you can update the definitions from the Windows Intune administrator console or from the managed computer. Do one of the following: To update malware definitions from the Windows Intune administrator console, select the name of the computer on which to update the malware definitions, click Remote Tasks on the taskbar, and then click Update malware definitions . To update malware definitions from the managed computer, start the Endpoint Protection client software from the notification area. Click the Update tab, and then click Update .
Full scan overdue	Full scans were canceled. This can be caused by a restart during a full scan. This status appears after the scheduled full scan is overdue by 14 days.	If a full scan is overdue, you can run a one-time full scan or schedule recurring full scans from the Windows Intune administrator console or from the managed computer. Do one of the following: To run a one-time remote full scan from the Windows Intune administrator console, select the name of the computer on which to run the scan, click Remote Tasks on the taskbar, and then click Run full malware scan . To schedule recurring full scans from the Windows Intune administrator console, open the Policy workspace, change the Schedule a full scan setting to Yes , and then specify additional scan settings as required in the policies that apply to the computer. To perform a one-time full scan from the managed computer, start the Endpoint Protection client software from the notification area. On the Home tab, under Scan options , click Full , and then click Scan now . To schedule recurring full scans from the managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Scheduled scan , select the Run a scheduled scan on my computer (recommended) check box, click Full scan in the Scan type list, specify additional scan settings as required, and then click Save changes .
Quick scan overdue	Quick scans were canceled. This can be caused by a restart during a quick scan. This status appears after the scheduled quick scan is overdue by 14 days.	If a quick scan is overdue, you can run a one-time quick scan or schedule recurring quick scans from the Windows Intune administrator console or from the managed computer. Do one of the following: To run a one-time remote quick scan from the Windows Intune administrator console, select the computer on which to run the scan, click Remote Tasks on the taskbar, and then click Run quick malware scan . To schedule recurring scans from the Windows Intune administrator console, open the Policy workspace, change the Schedule a daily quick scan setting to Yes , and then specify additional scan settings as required in the policies that apply to the computer. To perform a one-time quick scan from the managed computer, start the Endpoint Protection client software from the notification area. On the Home tab, under Scan options , ensure that Quick is selected, and then click Scan now . To schedule recurring quick scans from the managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Scheduled scan , select the Run a scheduled scan on my computer (recommended) check box, click Quick scan in the Scan type list, specify additional settings as required, and then click Save changes .
Another endpoint protection application running	Another endpoint protection application is running, and the computer is healthy.	By default, if another endpoint protection application is installed and Windows Intune detects that application, Windows Intune Endpoint Protection automatically disables itself. If Windows Intune does not detect the other endpoint application, Windows Intune Endpoint Protection will remain enabled. We do not recommend this configuration. We recommend that you run either Windows Intune Endpoint Protection or the other endpoint protection application, but not both. For more information, see Using Windows Intune Endpoint Protection or an Existing Endpoint Protection Application.

Note
If the solutions that are described in this topic do not resolve the issue, visit the website Get Support.

Concepts

Windows Intune Agent Policy
Windows Intune Agent Policy Reference

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)