Troubleshooting OMS Security Real Time Protection Status – Part 2

  • Article

The part one of this blog series explained the first scenario where protection status may not reflect the accurate state. This second part will assist you to troubleshoot a similar issue in a scenario with a Windows Server 2008 R2 SP1 computer with Microsoft System Center Endpoint Protection and Real Time Protection enabled that is not showing the proper real-time protection status. Although the steps that follows are using Windows Server 2008 R2 SP1 as example, this issue may also occur in Windows Server 2008 or Windows 7 SP1.

Cause

Microsoft System Center Endpoint Protection was not detected as TypeofProtection in OMS ProtectionStatus event.

Troubleshooting steps

Perform the following task from the computer where System Center Endpoint Protection is running:

  1. Use the following command to make sure that the PowerShell version is 3 or 4:

"$PSVersionTable.PSVersion"

  1. Run the following PowerShell commands to validate the execution:

$path = [System.Environment]::ExpandEnvironmentVariables("$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1");

$mpModule = Import-Module $path -PassThru

Get-MProtComputerStatus

Solution

This issue might occur if the PowerShell version is earlier than 3. If the PowerShell version is 2, install either Windows Management Framework (WMF) 3.0 or Windows Management Framework 4.0 to address this problem.

Reference

Windows Server 2008 R2 SP1 servers are shown as "No Real time Protection" Description of Windows Management Framework 3.0 for Windows 7 SP1 and Windows Server 2008 R2 SP1

Authors

Mark Waitser, Senior Software Engineer (OMS Security Team)

Yuri Diogenes, Senior Content Developer (CSI Enterprise Mobility / Azure Security Center / OMS Security)

We invite you to join the Microsoft OMS Facebook site. If you want to learn more about Windows PowerShell, visit the Hey, Scripting Guy Blog.

Get a free Microsoft Operations Management Suite (#MSOMS) subscription so that you can test it out. You can also get a free subscription for Microsoft Azure.