Windows XP Endpoint Protection April 16 2014 Definition update issue

I came in to work today to a plethora of phone calls from people saying that their computers had crashed. After digging a bit into the issue I noticed the only machines that were affected were Windows XP machines. I noticed that the MsMPEng.exe process had crashed on startup and would keep throwing errors. 
I traced this down to System Center Endpoint Protection and did some digging. I found this link:
http://msmvps.com/blogs/kenlin/archive/2014/04/16/winxp-and-or-win2003-with-sc-forefront-endpoint-protection-installed-msmpeng-exe-crashes-after-definition-update.aspx
This shows that the latest Endpoint definition update causes an error that crashes the scanning engine of Endpoint. I disabled the update so further machines wouldn't be affected.  I made the suggested changes that the above article recommended, but on some machines the damage had already been done.
My remedy for the affected machines was to uninstall SCEP, reboot the machine, and reinstall.  Since there is a cached version of SCEP stored on each computer that has the CCM client installed, you can access the installer easily. The path is c:\windows\ccmsetup\scepinstall.exe
Now we wait on a fix from Microsoft. 

Comments

Post a Comment

Popular posts from this blog

DISM An error occurred while attempting to start the servicing process for the image.

Image
This is an issue I've had a few times and when you look around on the forums you see multiple answers. I found the right one on an obscure forum that I can't think of right now. The quick answer is this: Use the correct version of DISM to service the image . They must be in the same "generation". For Windows 8.1 and Windows Server 2012 R2 this version is : 6.3.9600.16384 For Windows 8 and Windows Server 2012 and below this version is : 6.2.9200.16384 Background and Setup: I have a Windows Server 2012 box running System Center Configuration Manager 2012 R2. We are in the process of switching our primary OS for new systems to Windows 8.1 Enterprise x64. As I build my images the old fashioned I tend to forget a few things from time to time. In this case I built the image without installing the .NET feature. The instructions to do that are here: http://technet.microsoft.com/en-us/library/dn482069.aspx So I'm following the instructions to get a refresher on
Read more

Deleting Roaming User Profiles Batch Scipt

PREFACE Sorry for the lapse in posts as of late. We're gearing up for a new school year and I've been a bit busy. It turns out this blog doesn't get an amazing amount of views a day, but it gets enough for me to know that it might be helping someone. I write these posts because I've always found myself having an unique issue that most forums do not answer specifically. So most of my posts are for specific issues rather than covering a broad subject. With that said I have a batch script that I wrote today to cleanup my file server. It's very rudimentary so bear with me. INTRO In the education environment you have children that leave the system every year. It's amazing what a child in the extent of a year can rack up in terms of roaming data. We use roaming profiles and folder redirection here for the students data. So every year our servers get loaded with 10s of thousands of files. Every year I used to go through the folders and adjust permissions and
Read more

Optiplex 380 STOP Error: NMI Parity Check/Memory Parity Error

Image
I received a support ticket today from one of our schools saying they had a strange error coming up. I asked the usual questions like did you reboot, what color is the screen, etc. She said it was the BSOD, but it looked different. After going to take a look at the machine I saw the error and I hard rebooted the machine. I came to see this error: At first thought I figured this was a memory error, but it was not. After I removed each stick of RAM one-by-one the error persisted. After a bit of Googling I ran across this article. http://www.dell.com/support/troubleshooting/bz/en/bzdhs1/KCS/KcsArticles/ArticleView?c=bz&l=en&s=dhs&docid=604790 This says it's a NIC issue and you can fix it by uninstalling the old driver and reinstalling. This, however, was not the case. The NIC was failing at POST, far too soon for a driver to be the issue. I also updated the BIOS to A07. (Was on A01) This did nothing as well. I resolved the issue by adding a NIC into the machine an
Read more