The part one of this blog series explained the first scenario where protection status may not reflect the accurate state. This second part will assist you to troubleshoot a similar issue in a scenario with a Windows Server 2008 R2 SP1 computer with Microsoft System Center Endpoint Protection and Real Time Protection enabled that is not showing the proper real-time protection status. Although the steps that follows are using Windows Server 2008 R2 SP1 as example, this issue may also occur in Windows Server 2008 or Windows 7 SP1.
Microsoft System Center Endpoint Protection was not detected as TypeofProtection in OMS ProtectionStatus event.
Perform the following task from the computer where System Center Endpoint Protection is running:
- Use the following command to make sure that the PowerShell version is 3 or 4:
- Run the following PowerShell commands to validate the execution:
$path = [System.Environment]::ExpandEnvironmentVariables("$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1");
$mpModule = Import-Module $path -PassThru
This issue might occur if the PowerShell version is earlier than 3. If the PowerShell version is 2, install either Windows Management Framework (WMF) 3.0 or Windows Management Framework 4.0 to address this problem.
Mark Waitser, Senior Software Engineer (OMS Security Team)
Yuri Diogenes, Senior Content Developer (CSI Enterprise Mobility / Azure Security Center / OMS Security)
Get a free Microsoft Operations Management Suite (#MSOMS) subscription so that you can test it out. You can also get a free subscription for Microsoft Azure.