Microsoft Operations Management Suite is an awesome product. It gives you an overview of all your servers and what needs to be checked and what is currently up-to-date.
As seen below, you have a nice dashboard displaying all the information:
As you can see above all looks nice with the graphs and the machines reporting, however servers are reporting that they have no real time protection.
Okay this is odd as SCEP is running on the servers listed above.
If you open SCEP, Real-Time protection is set to On:
The second thing to check is to ensure that all tick boxes are checked under the Real-time protection tab under settings:
As shown above, all boxes are checked.
Last thing to check is running a command via PowerShell to ensure everything is enabled.
We can run the following 2 commands in PowerShell to get the information:
- Import-Module “$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1”; Get-MprotComputerStatus
This will give you the following:
As you can see above the same result, BehaviorMonitor is enabled as well as Real-Time protection.
The other command you can run is:
- Import-Module “$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1”; Get-MprotPreference
Everything seems fine. On the Technet Forums for OMS, the same question was posted and if you read the response from Microsoft they advised in 2016 to update to the new version of SCEP as the PowerShell cmdlets stopped working. In my environment we are running a newer version so possibly the same problem is happening here. You can read it here:
Looks like a call needs to be logged with Microsoft to advise at the time of blogging this.
Hope it helps.