Troubleshooting Forefront Endpoint Protection 2010 Installations

I had a hand in rolling out Forefront Endpoint Protection (FEP) for a customer recently. Some of our clients did not get FEP installed even though the SCCM client was installed and working correctly, and they had all prerequisites present and had successfully received the advertisement and downloaded the files from the distribution point (DP). It turned out that these clients were already running Microsoft Security Essentials (MSE), which FEP does not detect or uninstall. The solution was to manually uninstall MSE first and then wait for the next installation attempt from the SCCM client.

For future reference; these are the Anti-Malware products that FEP can detect and uninstall before it installs itself:

  • Symantec Endpoint Protection version 11
  • Symantec Corporate Edition version 10
  • McAfee VirusScan Enterprise version 8.5 and version 8.7
  • Trend Micro OfficeScan version 8.0 and version 10.0
  • Forefront Client Security version 1 including the Operations Manager agent

If you want to troubleshoot FEP deployments here are som interesting logfiles:

  • %WINDIR%%TEMP%FEP-ApplyPolicy-%COMPUTERNAME%.log
  • C:Documents and SettingsAll UsersProgramdataMicrosoftMicrosoft Security ClientSupportEppSetup.log
    (This folder also contains other interesting files regarding the FEP install.)

An overview of all SCCM 2007 logfiles is available here: http://technet.microsoft.com/en-us/library/bb892800.aspx

 

One thought on “Troubleshooting Forefront Endpoint Protection 2010 Installations”

  1. Nice article.

    I have deployed FEP in an environment that used CA eTrust 8.1 and FEP did not uninstall it automatically for us. We used the following method:
    Task Sequence with the following steps:

    1. Uninstall 1
    MsiExec.exe /qn /X{107558C8-458B-45EA-A0FE-7CC10D687DB6}
    2. Uninstall 2
    Msiexec.exe /qn /X{9342421A-36BA-4744-A253-A498BAB40621}
    3. Uninstall Firewall configuration provider
    MsiExec.exe /qn /X{ACBD3A7E-3AC8-4EA2-BDCD-8E0D71C32889}
    4. Uninstall Firewall configuration provider 2
    MsiExec.exe /qn /X{5A822425-4622-474F-BBB5-9900D0FA5629}
    5. Uninstall iTechnology Gateway
    MsiExec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}
    6. Uninstall iTechnology Gateway
    Msiexec.exe /qn /X{55F9C3DD-772F-4E74-85E3-8E3AD6A5154F}
    7. FEP Install
    FEPInstall.exe /s /q

    It has proven successful for that environment.

    Regards,
    Ivan

Leave a Reply to Ivan Dretvic Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.