This rule detects whether an endpoint requires a restart in order to complete the FEP client installation.
A restart is required in order to complete the Forefront Endpoint Protection client installation on the specified computer. Please restart the computer now.
The common causes for restart required to complete installation are:
1. Network Intrusion Service (NIS) requires a specific Windows Update - KB981889 to be installed on the computer. If this update was not previously installed, it is automatically installed during the client installation. This update requires a restart.
2. The Forefront Endpoint Protection client has uninstalled a different antimalware product during installation. An open handle on a file being uninstalled may require a restart in order to complete the installation of the client.
Use Remote Desktop Connection, to connect to the specified computer and restart.
Target | Microsoft.FEP.ProtectedServerCandidate | ||
Category | Custom | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Information | ||
Alert Priority | Low | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DeploymentPendingRebootListener | DataSource | Microsoft.FEP.ProtectedServer.GenerateDeploymentPendingRebootAlertDS | Default |
DeployRebootRequiredCondition | ConditionDetection | System.ExpressionFilter | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.FEP.AlertForDeploymentPendingRebootAlertRule" Enabled="true" Target="FEPLibrary!Microsoft.FEP.ProtectedServerCandidate" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Custom</Category>
<DataSources>
<DataSource ID="DeploymentPendingRebootListener" TypeID="FEPLibrary!Microsoft.FEP.ProtectedServer.GenerateDeploymentPendingRebootAlertDS">
<IsClientInstalled>$Target/Property[Type="FEPLibrary!Microsoft.FEP.ProtectedServerCandidate"]/IsClientInstalled$</IsClientInstalled>
</DataSource>
</DataSources>
<ConditionDetection ID="DeployRebootRequiredCondition" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='DeploymentState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Restart Required</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">
<Priority>0</Priority>
<Severity>0</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.FEP.DeploymentPendingRebootRule.Alert"]$</AlertMessageId>
<Suppression>
<SuppressionValue>$Target/Property[Type="FEPLibrary!Microsoft.FEP.ProtectedServerCandidate"]/ServerId$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>