Article ID: 2865173 - View products that this article applies to.
Expand all | Collapse all

On This Page

Summary

This article describes an anti-malware platform update package for both Microsoft System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients and Microsoft Forefront Endpoint Protection 2010 clients. These packages update Endpoint Protection client services, drivers, and user interface components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated August 2013.

Note This update applies only to Endpoint Protection clients that are integrated with Microsoft System Center 2012 Configuration Manager or Microsoft System Center Configuration Manager 2007. For stand-alone client installations, click the following article numbers to go to the articles in the Microsoft Knowledge Base:

2864366 An anti-malware platform update for stand-alone Forefront Endpoint Protection 2010 clients is available from Microsoft Update

2884678 An anti-malware platform update for stand-alone System Center 2012 Endpoint Protection clients is available from Microsoft Update

More information

Update information

This anti-malware platform update contains the following improvements:
  • Updates the platform to network real-time behavior monitoring functionality

    Provides a new protection capability that combines suspicious network activity with other suspicious behavior monitoring already included in the product triggering telemetry and sample submission for suspicious files that may require further analysis.

    For information about how to configure this feature, see the following Windows website:

    WMI Providers

    For more information, see the following System Center Configuration Manager Team Blog website:

    Enhancements to Behavior Monitoring and Network Inspection System in the Microsoft anti-malware platform

  • Adds support of more operating systems

    This update adds support for the following operating systems:
    • Windows 8.1 Enterprise
    • Windows 8.1 Pro
    • Windows Server 2012 R2 Datacenter
    • Windows Server 2012 R2 Enterprise

  • Adds manageability support

    A WMIv2 provider is now available that enables programmatic management of functions in the user experience, such as disabling user interfaces on unattended terminals.

    For information about the provider and for the API description, see the following Microsoft website:

    WMI Providers

    For information about PowerShell cmdlets that are also available for administrative scripting, see the following Microsoft TechNet topic:

    Windows and Windows Server Automation with Windows PowerShell
  • Adds anti-tampering functionality to reduce the risk that malware will disable or bypass anti-malware scanning

    For example, access to registry and services that are used by the anti-malware platform can be managed only directly through supported administrative options (trusted channels) through the System Center Configuration Manager console.

  • Improves overall performance of the anti-malware platform

    The anti-malware performance is improved compared to previous platform versions. Improvements are made for signatures that are delivered through the Microsoft Active Protection Service (MAPS). These changes contain no configurable or customer-facing effects.

    For more information about MAPS, see the following Microsoft website:

    Description of the Microsoft Active Protection Service Community
  • Adds more language support to the anti-malware platform

    The following new languages are supported:
    • Chinese (Hong Kong SAR) (zh-HK)
    • Chinese (PRC) (zh-CN)
    • Chinese (Taiwan) (zh-TW)
    • English (en-US)
    • French (fr-FR)
    • German (de-DE)
    • Italian (it-IT)
    • Japanese (ja-JP)
    • Korean (ko-KR)
    • Portuguese (Brazil) (pt-BR)
    • Russian (ru-RU)
    • Spanish (es-ES)

  • Adds a configurable automatic sample submission option

    By default, if your computer is opted in to MAPS, you may be prompted to send suspicious files to Microsoft for further analysis. This update enables new configuration options for this sample collection by providing an option to automatically send such files as .exe files without you being prompted. Be aware that all files that potentially contain personally identifiable information will continue to prompt you.

    Notes about this option
    • This option includes an updated Microsoft Software License Terms and Privacy statement that discusses this functionality.
    • This option setting is configurable through Windows Management Instrumentation (WMI).
    • This option currently provides no user-configurable capability in the System Center Configuration Manager console or the Administrative Template (.admx) files.
    • This option requires MAPS membership.


    For policy configuration information, see the following Microsoft TechNet topic:

    FEP ADMX Reference
  • Makes several client fixes

    In addition to the improvements that are listed here, this release fixes the following client issues:
    • Microsoft Exchange Server 2003 interoperability

      The installation of the Endpoint Protection client on Exchange Server 2003 may cause ActiveSync failures such as Event ID 3005. To prevent this problem, create the following registry value:

      Registry location:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpfilter\Parameters

      DWORD name: DisableReadHooking
      DWORD Value: 1

      Notes about this setting
      • Restart the Exchange Server 2003 for the change to take effect.
      • This value setting alters how Endpoint Protection client handles file access. However, it does not affect detection ability.
    • Incorrect Environment Variable

      Installing the Endpoint Protection agent creates an additional PSModulePath environment variable that contains a trailing space. This is listed as a duplicate environment variable.

    • Alternative drive installation

      The /drive parameter does not change the product's AppDataPath value to the specified drive. It changes only the Program Data path.

How to obtain this update

A supported update is available from Microsoft Support. However, this update is intended to correct only the problem that is described in this article. Apply this update only to systems that are experiencing the problem described in this article. This update might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this update.

If the update is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must have one of the following installed:
  • Cumulative Update 2 for System Center 2012 Configuration Manager Service Pack 1
  • Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for Forefront Endpoint Protection 2010

Restart information

You may have to restart the computer after you apply this hotfix.

Note We recommend that you close Configuration Manager Administration Console before you install this hotfix package.

Installation instructions

System Center 2012 Endpoint Protection
After you install this update package, you must enable the Automatic Client Upgrade feature in the Configuration Manager 2012 Administrator Console. The Endpoint Protection agent will be upgraded, depending on the values that are defined in the client policy retrieval settings and in the Automatically upgrade client within days setting.

Forefront Endpoint Protection 2010
After you install this update package, you must create a new Forefront Endpoint Protection client installation deployment or rerun the existing advertisement. For more information about how to create the deployment, see the following Microsoft TechNet topic:

Deploying by Using Configuration Manager Packages
For more information, see the following Microsoft Developer Network (MSDN) blog article:

Installing anti-malware platform updates for FEP 2010 SU1 and SCEP 2012 SP1

Hotfix replacement information

This update replaces the following updates:
  • 2828233 An anti-malware platform update for System Center 2012 Endpoint Protection Service Pack 1 clients is available from Microsoft Support
  • 2827684 An anti-malware platform update for Forefront Endpoint Protection 2010 clients is available from Microsoft Support

Additional information

This update brings the antimalware client version to 4.3.215.0. You can find the version information by clicking About on the Help menu of the Endpoint Protection client user interface.

File information

Collapse this imageExpand this image
assets folding start collapsed
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For Forefront Endpoint Protection 2010
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Amuninstall.vbsNot Applicable10,05101-Jul-201102:35
Commonconstants.dll2.1.1116.11426,28801-Jul-201102:35
Commonsetuputils.dll2.1.1116.11468,27201-Jul-201102:35
Fep2010su1-fepext-kb2865173-x86-enu.mspNot Applicable25,890,81601-Jul-201102:35
Fepext.msiNot Applicable26,628,09601-Jul-201102:35
Fepregistrator.exe2.1.1116.114121,52001-Jul-201102:35
Amuninstall.vbsNot Applicable10,05101-Jul-201102:35
Commonconstants.dll2.1.1116.11426,28801-Jul-201102:35
Commonsetuputils.dll2.1.1116.11468,27201-Jul-201102:35
Fep2010su1-fepext-kb2865173-amd64-enu.mspNot Applicable25,890,81601-Jul-201102:35
Fepext.msiNot Applicable26,628,09601-Jul-201102:35
Fepregistrator.exe2.1.1116.114121,52001-Jul-201102:35
For System Center 2012 Endpoint Protection
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
ccmsetup.cabNot Applicable9,61131-May-201306:10
scepinstall.exe4.3.215.025,591,43231-May-201306:10
Collapse this imageExpand this image
assets folding end collapsed

References

Properties

Article ID: 2865173 - Last Review: January 22, 2014 - Revision: 7.0
Applies to
  • Microsoft System Center 2012 Configuration Manager Service Pack 1
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft System Center Configuration Manager 2007
Keywords: 
kbautohotfix kbqfe kbfix kbhotfixserver kbsurveynew kbexpertiseinter KB2865173

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com