Microsoft Operations Management Suite: Anti-malware Assessment not updating
Microsoft Operations Management Suite is an awesome product. It gives you an overview of all your servers and what needs to be checked and what is currently up-to-date.
As seen below, you have a nice dashboard displaying all the information:
https://collaborationpro.com/wp-content/uploads/2017/05/OMS-1.png
Problem:
As you can see above, it looks nice with the graphs and the machines reporting. However, servers are reporting that they have no real-time protection.
Oka, this is odd as SCEP is running on the servers listed above.
If you open SCEP, Real-time protection is set to On:
https://collaborationpro.com/wp-content/uploads/2017/05/OMS-2.png
The second thing to check is to ensure that all tick boxes are checked under the Real-time protection tab under Settings:
https://collaborationpro.com/wp-content/uploads/2017/05/OMS-3.png
As shown above, all boxes are checked.
The last thing to check is running a command via PowerShell to ensure everything is enabled.
We can run the following wo commands in PowerShell to get the information:
- Import-Module "$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1"; Get-MprotComputerStatus
This will give you the following:
https://collaborationpro.com/wp-content/uploads/2017/05/OMS-4-1.png
As you can see above the same result, BehaviorMonitor is Enabled as well as Real-time Protection.
The other command you can run is:
- Import-Module "$env:ProgramFiles\Microsoft Security Client\MpProvider\MpProvider.psd1"; Get-MprotPreference
Solution?
Everything seems fine. On the TechNet Forums for OMS, the same question was posted and if you read the response from Microsoft they advised in 2016 to update to the new version of SCEP as the PowerShell cmdlets stopped working. In my environment, we are running a newer version so possibly the same problem is happening here. You can read it here:
Looks like a call needs to be logged with Microsoft to advise at the time of blogging this.