In some circumstances IT administrators may face issues when monitoring real time protections status using OMS Security and Audit dashboard. In this troubleshooting scenario a Windows Sever 2012 computer with Microsoft System Center Endpoint Protection installed and Real Time Protection enabled is reported in OMS Console as the real time protection was not enabled. Although the steps that follows are using Windows Sever 2012 computer as example, this issue may also occur in Windows Server 2008 or Windows 7 SP1.
Microsoft System Center Endpoint Protection is detected, but ProtectionStatusRank equal to 270 - No Real Time Protection as shown below:
- Verify if all monitoring are enabled, see example below:
- Noticed that the "Behavior Monitor" is disabled and this is the reason for the 270
Enable all Monitors via SCEP management console as shown below:
Mark Waitser, Senior Software Engineer (OMS Security Team)
If you would like to get a free Microsoft Operations Management Suite (#MSOMS) subscription so that you can test it out, you can do so from here. You can also get a free subscription for Microsoft Azure as well by selecting this link.