Endpoint Protection

 View Only
  • 1.  Imaged Surface Pro 3, not letting user run live update?

    Posted Mar 20, 2015 04:33 PM

    I've seen this a few times recently.  We did the SEP 12.1.5337.5000 upgrade recently.  That had some bumps but things settled down.  Similar situation here -- Problem, but then it settles down on its own.

    I took a Surface Pro 3, installed software, did updates, etc., sysprepped it with no unattend file.  It was never on the network to keep it more pure.  SEP was not installed ever on that device.  I used Clonezilla to capture an image after it was sysprepped.

    I just applied that image to a different Surface Pro 3.  Some bumps, but a second attempt was normal and successful, no errors with the imaging process.

     

    Then I installed SEP 12.1.5337.5000.

    And then Teamviewer 10.

     

    I continued updating and tweaking for post-image things.  Not problems.  Finished, but then Teamviewer 10 started alerting me that anti-virus protection was disabled on this newly image Surface Pro 3. 

    I ended up uninstalling SEP and Teamviwer and reinstalling them.  Each installed separately with a restart inbetween. 

    I also tried reinstalling SEP over itself.

    No change...

    In SEP, logged in Windows 8.1 as myself with admin rights... SEP has "liveupdate" greyed out.  At one point it said network protection was disabled but I only saw that once.  Greyed out liveupdate stuck there.  I've seen that on other machines after the SEP 12.1.5 upgrade and after installing Teamviewer 10.

     

    I clicked "update policy" a lot from the user machine and from SEPM.  No change.  Unless it's the heartbeat timing that solved this finally....

    Within SEPM, the user policy is check for allowing the user to manually liveupdate.  I tried unchecking and rechecking that box.

     

    I was giving up, and then I noticed liveupdate was black again.

     

    What's causing that?  And what's the real solution? 

    I think it's something with Teamviewer 10 installing and the SEP 12.1.5 upgrade.

    And waiting seems to be the only solution.  Update the policy and wait for the heartbeat.

     

    Any ideas?

     

    It's a little disconcerting to see the disabled ability on SEP.  Does SEP 12.1.5 work ok with a Surface Pro 3 tablet and Windows 8.1?  Is it Teamviewer 10?

    I suppose we could leave SEP off the Surface tablets.  It's got Windows Defender.



  • 2.  RE: Imaged Surface Pro 3, not letting user run live update?

    Posted Mar 20, 2015 04:57 PM

    I don't see how how teamviewer and SEP 12.1.5 would interact like this. Further more, why would teamviewer tell you that AV is disabled.

    The LU button would be greyed out if the option to go out to LU was disabled in the policy. Sounds like that may not be the case though?



  • 3.  RE: Imaged Surface Pro 3, not letting user run live update?

    Posted Mar 20, 2015 05:46 PM

    It seems to be a feature of Teamviewer 10.  We had TV8 before.  IT is on TV10.  Most users are still TV8.  I'm just starting to upgrade them. 

     

    The SEPM policy on the machines allows liveupdate.  Nothing changed with that.  On the client side, SEP has a green icon light. 

     

    It's like TV10 breaks something and then the SEPM heartbeat eventually catches it back up. 

     

    I should take a machine, upgrade TV10 on it and just leave it alone and see.  It hasn't done this on each machine though, I don't think....



  • 4.  RE: Imaged Surface Pro 3, not letting user run live update?

    Posted Apr 15, 2015 04:12 PM

    Popping in for an update....

    It's still Teamviewer 10.  Doesn't matter if SEP 12.1.5337 is installed first or second on a new set up.  Once SEP is there and TV10 is installed we occasionally get that greyed out button behavior.  We also get health status notifications on the the IT TV10 side (which get annoying). 

     

    Solution?  On the local user machine, in TV10, go into Options and advanced.  Uncheck the box about monitoring health.  Then SEP works normally again and TV stops popping up with alerts.  A few TV10 health alerts were correct and useful, but usually it just has a TV10 IT-side bubble that pops up when the user machine starts saying that the user machine doesn't have antivirus working.