Service Status  |  Blog  |  Forum

Troubleshoot Endpoint Protection Issues

To view the Help for the latest release of Windows Intune, see the Windows Intune October 2011 Release Help Home

This topic describes potential causes and solutions for the following errors and warnings, which appear in the Endpoint Protection Status pane in the Windows Intune administrator console.

 

Status Item Potential Causes Potential Solutions

Endpoint Protection engine unavailable

The Windows Intune Endpoint Protection engine was corrupted or deleted.

If the Endpoint Protection engine is corrupted, the engine can be updated automatically.

  • To force an immediate update, click Update in the Endpoint Protection client software.

If the engine cannot be updated, the Endpoint Protection engine must be reinstalled.

  • To reinstall the Endpoint Protection engine, on the managed computer, if the client computer is running Windows XP, click Add or Remove Programs. If the client computer is running Windows Vista or Windows 7, click Programs and Features. Locate Windows Intune Endpoint Protection Agent, and then uninstall the application.

During the next update synchronization, the Microsoft Online Management Update Manager will detect the missing program and reinstall it at the scheduled installation time.

Endpoint Protection disabled

Windows Intune Endpoint Protection was disabled by an administrator (by using Policy) or by a user on a managed computer.

If Endpoint Protection is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable Endpoint Protection from the Windows Intune administrator console, open the Policy workspace, and then change the Enable Endpoint Protection setting in the policies that apply to this computer.

  • To enable Endpoint Protection from a managed computer, start the Windows Intune Endpoint Protection client from the notification area. You will be prompted to enable Endpoint Protection at that time.

Real-time protection disabled

Real-time protection was disabled by an administrator (by using Policy) or by a user on a managed computer.

If real-time protection is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable real-time protection from the Windows Intune administrator console, open the Policy workspace, and then change the Enable real-time protection setting to Yes in the policies that apply to this computer.

  • To enable real-time protection from a managed computer, start the Endpoint Protection client software from the notification area. You are prompted to enable real-time protection at that time.

Download scanning disabled

Download scanning disabled

If download scanning is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable download scanning from the Windows Intune administrator console, open the Policy workspace, and then change the Scan all Downloads setting to Yes in the policies that apply to the computer.

  • To enable download scanning from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection, select the Scan all downloads check box, and then click Save changes.

File and program activity monitoring disabled

File and program activity monitoring was disabled by an administrator (by using Policy) or by a user on a managed computer.

If file and program activity monitoring is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable file and program activity monitoring from the Windows Intune administrator console, open the Policy workspace, and then change the Monitor file and program activity on computers setting to Yes in the policies that apply to the computer.

  • To enable file and program activity monitoring from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection, select the Monitor file and program activity on your computer check box, and then click Save changes.

Behavior monitoring disabled

Behavior monitoring was disabled by an administrator (by using Policy) or by a user on a managed computer.

If behavior monitoring is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable behavior monitoring from the Windows Intune administrator console, open the Policy workspace, change the Enable behavior monitoring setting to Yes in the policies that apply to the computer, and then restart the managed computer.

  • To enable behavior monitoring from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection, select the Enable behavior monitoring check box, and then click Save changes. Then, restart the computer.

Script scanning disabled

Script scanning was disabled by an administrator (by using Policy) or by a user on a managed computer.

If script scanning is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable script scanning from the Windows Intune administrator console, open the Policy workspace and change the Enable script scanning setting to Yes in the policies that apply to the computer.

  • To enable script scanning from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection, select the Enable script scanning check box, and then click Save changes.

Network Inspection System disabled

Network Inspection System was disabled by an administrator (by using Policy) or by a user on a managed computer.

If Network Inspection System is disabled, you can enable it from the Windows Intune administrator console or from a managed computer.

Do one of the following:

  • To enable Network Inspection System from the Windows Intune administrator console, open the Policy workspace, change the Enable Network Inspection System setting to Yes in the policies that apply to this computer, and then restart the managed computer.

  • To enable Network Inspection System from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection, select the Enable Network Inspection System check box, and then click Save changes. Then, restart the computer.

Malware definitions out-of-date

The computer may have been disconnected from the Internet for an extended period of time, and its malware definitions may not have been updated yet. This status appears when the malware definitions on the computer are out of date by 14 days.

To update the malware definitions manually, on the managed computer, start the Endpoint Protection client software from the notification area. Click the Update tab, and then click Update.

Full scan overdue

Full scans were canceled. This can be caused by a restart during a full scan. This status appears after the scheduled full scan is overdue by two weeks.

If a full scan is overdue, you can run schedule recurring full scans from the Windows Intune administrator console or from the managed computer, or you can schedule a one-time scan from the managed computer.

Do one of the following:

  • To schedule recurring full scans from the Windows Intune administrator console, open the Policy workspace, change the Schedule a full scan setting to Yes and specify additional scan settings as needed in the policies that apply to the computer.

  • To perform a one-time full scan from the managed computer, start the Endpoint Protection client software from the notification area. On the Home tab, under Scan options, click Full, and then click Scan now.

  • To schedule recurring full scans from the managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Scheduled scan, select the Run a scheduled scan on my computer (recommended) check box, click Full scan in the Scan type list, specify additional scan settings as needed, and then click Save changes.

Quick scan overdue

Quick scans were canceled. This can be caused by a restart during a quick scan. This status appears after the scheduled quick scan is overdue by two weeks.

If a quick scan is overdue, you can run schedule recurring scans from the Windows Intune administrator console or from the managed computer, or you can schedule a one-time scan from the managed computer.

Do one of the following:

  • To schedule recurring scans from the Windows Intune administrator console, open the Policy workspace, change the Schedule a daily quick scan setting to Yes and specify additional scan settings as needed in the policies that apply to the computer.

  • To perform a one-time quick scan from the managed computer, start the Endpoint Protection client software from the notification area. On the Home tab, under Scan options, ensure that Quick is selected, and then click Scan now.

  • To schedule recurring quick scans from the managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Scheduled scan, select the Run a scheduled scan on my computer (recommended) check box, click Quick scan in the Scan type list, specify additional settings as needed, and then click Save changes.

Another endpoint protection application running

Another endpoint application is running and the computer is healthy.

To migrate to Windows Intune Endpoint Protection, enable Windows Intune Endpoint Protection from the managed computer or the Windows Intune administrator console. After you verify that Windows Intune Endpoint Protection is helping to secure the managed computer, remove the other endpoint protection application, if necessary (Windows Intune Endpoint Protection removes some endpoint protection applications automatically. For more information, see Appendix A: Preparing Client Computers for Endpoint Protection.

Do one of the following:

  • To enable Windows Intune Endpoint Protection on the managed computer, start the Windows Intune Endpoint Protection client from the notification area. You are prompted to enable Windows Intune Endpoint Protection at that time.

  • To enable Windows Intune Endpoint Protection from the Windows Intune administrator console, open the Policy workspace, and then change the Enable Endpoint Protection setting to Yes in policies that apply to this computer.

To enable Network Inspection System from a managed computer, start the Endpoint Protection client software from the notification area. Click the Settings tab, click Real-time protection, select the Enable Network Inspection System check box, and then click Save changes.

noteNote
If the solutions described in this topic do not resolve the issue, visit the website, Get Support (http://go.microsoft.com/fwlink/?LinkID=186758).

See Also