Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, March 14, 2013 6:25 PM
I have sccm 2012 sp1 installed, I turned on endpoint protection for a pilot and on all the machines I get this error in the EndpointProtectionAgent.log
Create Process Command line: "C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" "C:\Windows\CCM\EPAMPolicy.xml". EndpointProtectionAgent
Failed to create process C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe with error = 0x80070002. EndpointProtectionAgent
Failed to apply policy with error 0x80070002, retry number : 1 after 60 second. EndpointProtectionAgent
Same error for all machines in the pilot, 4 random machine. turns out this directory is there "C:\Program Files\Microsoft Security Client" but ConfigSecurityPolicy.exe is not in the directory. anyone seen this?
Rob Szarszewski
All replies (5)
Sunday, March 24, 2013 1:29 PM âś…Answered
Hi Garth,
I assume it to be Symantec Endpoint protection 12 causing the issues, the automated installation doesn't seem to work properly. SEP appears to be removed successful during the process but SCEP doesn't install all the files and policies don't apply. The file C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe and a bunch other files are missing but SCEP works fine, just doesn't get the policies. If I uninstall SEP with a script first it installs successfully, I'm uninstalling using the Symantec removal tool sepprep.exe which appears to be the same thing the automated process is doing. It still doesn't work 100% of the time. I still need to check for C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe with a script and uninstall SCEP and reinstall.
Rob Szarszewski
Saturday, March 23, 2013 2:29 PM
Since "0x80070002 = The system cannot find the file specified." this would suggest that any AV software or application is blocking the setup to continue. Do you have another AV software installed? Did you figure this out?
Sunday, March 24, 2013 2:44 PM
Hi Rob,
Ok, it seems that you know what is causing the issue and how to fix it. So I'm not sure what you are looking for from the forums members?
On a side note: I will suggest that you create a DCM rule to check for the ConfigSecurityPolicy.exe then you can create a collection of problem PCs that you can fix. Either manually or via a advert.
Sunday, March 24, 2013 3:45 PM
Hi Rob,
Ok, it seems that you know what is causing the issue and how to fix it. So I'm not sure what you are looking for from the forums members?
On a side note: I will suggest that you create a DCM rule to check for the ConfigSecurityPolicy.exe then you can create a collection of problem PCs that you can fix. Either manually or via a advert.
you asked if I figured this out, instead of saying "yes" I explained my workaround. I'm still curious if anyone else experienced the same behavior.
instead of a DCM rule I created an application to remove SEP and install SCEP, my detection logic includes a check for the file ConfigSecurityPolicy.exe. If the application is installed but the file is missing I remove and reinstall SCEP.
Rob Szarszewski
Sunday, March 24, 2013 7:01 PM
Sorry Rob, I was thinking you where still looking for help.. Glad to hear that you have it fixed.