Home
  •  

Client Pending Restart

Microsoft.FEP.AlertForDeploymentPendingRebootAlertRule (Rule)

This rule detects whether an endpoint requires a restart in order to complete the FEP client installation.

Knowledge Base article:

Summary

A restart is required in order to complete the Forefront Endpoint Protection client installation on the specified computer. Please restart the computer now.

Causes

The common causes for restart required to complete installation are:

1. Network Intrusion Service (NIS) requires a specific Windows Update - KB981889 to be installed on the computer. If this update was not previously installed, it is automatically installed during the client installation. This update requires a restart.

2. The Forefront Endpoint Protection client has uninstalled a different antimalware product during installation. An open handle on a file being uninstalled may require a restart in order to complete the installation of the client.

Resolutions

Use Remote Desktop Connection, to connect to the specified computer and restart.

Element properties:

TargetMicrosoft.FEP.ProtectedServerCandidate
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityInformation
Alert PriorityLow
RemotableTrue
Alert Message
Forefront Endpoint Protection Client Installation
A restart is required to complete the Forefront Endpoint Protection client installation.

Member Modules:

ID Module Type TypeId RunAs 
DeploymentPendingRebootListener DataSource Microsoft.FEP.ProtectedServer.GenerateDeploymentPendingRebootAlertDS Default
DeployRebootRequiredCondition ConditionDetection System.ExpressionFilter Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.FEP.AlertForDeploymentPendingRebootAlertRule" Enabled="true" Target="FEPLibrary!Microsoft.FEP.ProtectedServerCandidate" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Custom</Category>

  <DataSources>

    <DataSource ID="DeploymentPendingRebootListener" TypeID="FEPLibrary!Microsoft.FEP.ProtectedServer.GenerateDeploymentPendingRebootAlertDS">

      <IsClientInstalled>$Target/Property[Type="FEPLibrary!Microsoft.FEP.ProtectedServerCandidate"]/IsClientInstalled$</IsClientInstalled>

    </DataSource>

  </DataSources>

  <ConditionDetection ID="DeployRebootRequiredCondition" TypeID="System!System.ExpressionFilter">

    <Expression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='DeploymentState']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">Restart Required</Value>

        </ValueExpression>

      </SimpleExpression>

    </Expression>

  </ConditionDetection>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>0</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.FEP.DeploymentPendingRebootRule.Alert"]$</AlertMessageId>

      <Suppression>

        <SuppressionValue>$Target/Property[Type="FEPLibrary!Microsoft.FEP.ProtectedServerCandidate"]/ServerId$</SuppressionValue>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>