Troubleshooting OMS Security Real Time Protection Status – Part 1

In some circumstances IT administrators may face issues when monitoring real time protections status using OMS Security and Audit dashboard. In this troubleshooting scenario a Windows Sever 2012 computer with Microsoft System Center Endpoint Protection installed and Real Time Protection enabled is reported in OMS Console as the real time protection was not enabled. Although the steps that follows are using Windows Sever 2012 computer as example, this issue may also occur in Windows Server 2008 or Windows 7 SP1.

Cause

Microsoft System Center Endpoint Protection is detected, but ProtectionStatusRank equal to 270 - No Real Time Protection as shown below:

Troubleshooting steps

• Verify if all monitoring are enabled, see example below:

• Noticed that the "Behavior Monitor" is disabled and this is the reason for the 270

Solution

Enable all Monitors via SCEP management console as shown below:

Authors

Mark Waitser, Senior Software Engineer (OMS Security Team)

Yuri Diogenes

If you use Facebook, you may want to join the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy Blog.

If you would like to get a free Microsoft Operations Management Suite (#MSOMS) subscription so that you can test it out, you can do so from here. You can also get a free subscription for Microsoft Azure as well by selecting this link.