Article ID: 2494908 - View products that this article applies to.
Threat overrides that you had previously authored in the Forefront Endpoint Protection (FEP) or System Center 2012 Endpoint Protection (SCEP) area of the Configuration Manager console are missing. Clients are also missing threat overrides set by FEP or SCEP policy. Threats you choose to allow via policy are cleaned by the FEP or SCEP client when they should be allowed.
This can happen if the threat override section in the FEP or SCEP policy is overwritten with blank data. There are two situations that can cause the threat override section to be overwritten with blank data and either situation causes the symptoms described in this article. The situations are listed below:
The FEP or SCEP policy dialog box in the Configuration Manager console pulls a list of all known threats from the FEP 2010 or SECP 2012 client software installed on the same system. Once this data is gathered, FEP/SECP caches it in the memory of the UI process. This means that in the same session there will only be a delay loading this data the first time you open a FEP/SECP policy for editing. However, the first time you open a FEP or SECP policy after you start the Configuration Manager console the override data may not have sufficient time to load before you save the policy, and a blank override section may be saved with the policy, resulting in the loss of any customized override data.
Microsoft is aware of this problem, and it will be addressed in a future release of the product.