Application Risk Management

When it comes to SCEP I feel a love/hate relationship, partially due to that fact that it is either very straight forward to issue something and make it work fast and reliable, or you can get the total opposite and everything goes wrong and you need to do extensive detective work.

Here are some examples i have encountered while working with SCEP.

Bad Definitions from Microsoft

This was a case in early 2014 when a simple EP package made all Windows 2003 servers crash.

You can then find the logs in:

SCEP client:

%allusersprofile%\Microsoft\Microsoft Security Client\Support

Windows Update log (definition updates info)

%windir%\WindowsUpdate.log

Endpoint Versioning and Policies Enforced/Applied

%windir%\CCM\Logs\EndpointProtectionagent.log

Activity during performing scans and signature updates

%windir%\temp\MpCmdRun.log

Update progress for signature and Engine updates

Also it is very wise to check for WUAHandler.log when it comes to updating from another sources since it will reveal immediately if there is a GPO that supersedes the setting from the normal policy set by you.