Microsoft Operations Management Suite is an awesome product.  It gives you an overview of all your servers and what needs to be checked and what is currently up-to-date.

As seen below, you have a nice dashboard displaying all the information:

Microsoft operations management suite: antimalware assessment not updating.
Microsoft Operations Management Suite: Antimalware Assessment not updating. 1

Problem:

As you can see above all looks nice with the graphs and the machines reporting, however servers are reporting that they have no real time protection.

Okay this is odd as SCEP is running on the servers listed above.

If you open SCEP, Real-Time protection is set to On:

Microsoft operations management suite: antimalware assessment not updating.
Microsoft Operations Management Suite: Antimalware Assessment not updating. 2

The second thing to check is to ensure that all tick boxes are checked under the Real-time protection tab under settings:

Microsoft operations management suite: antimalware assessment not updating.
Microsoft Operations Management Suite: Antimalware Assessment not updating. 3

As shown above, all boxes are checked.

Last thing to check is running a command via PowerShell to ensure everything is enabled.

We can run the following 2 commands in PowerShell to get the information:

  • Import-Module “$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1”; Get-MprotComputerStatus

This will give you the following:

Microsoft operations management suite: antimalware assessment not updating.
Microsoft Operations Management Suite: Antimalware Assessment not updating. 4

As you can see above the same result, BehaviorMonitor is enabled as well as Real-Time protection.

The other command you can run is:

  • Import-Module “$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1”; Get-MprotPreference

Solution?

Everything seems fine. On the Technet Forums for OMS, the same question was posted and if you read the response from Microsoft they advised in 2016 to update to the new version of SCEP as the PowerShell cmdlets stopped working. In my environment we are running a newer version so possibly the same problem is happening here. You can read it here:

https://wwwsocial.msdn.microsoft.com/Forums/en-US/0eab5648-09b8-4940-8d7b-00b083b7dd69/oms-malware-solution-scep-agents-report-as-scep-installed-but-no-real-time-protection?forum=opinsights

Looks like a call needs to be logged with Microsoft to advise at the time of blogging this.

Hope it helps.

    wpChatIcon

    Discover more from COLLABORATION PRO

    Subscribe now to keep reading and get access to the full archive.

    Continue reading