Hello Folks Has anyone encountered a scenario where SCEP unintentionally got installed on all clients after upgrading from 2012 R2 SP1 CU1 to 1511 despite automatic client upgrade turned off? Here is our environment/scenario:1. Standalone Primary with around 12,000+ client. Endpoint Protection point role NOT enabled since we use McAfee. 2. Automatic SCCM client upgrade NOT enabled.
3. 1511 client was pushed using Package/Program model to only 50 client for pilot testing after 1511 upgrade; Still ALL clients (PC/Servers) have got Endpoint Protection and in the process uninstalled McAfee Agent and Mcafee Virus Scan Enterprise. 4. "Endpoint Protection" in Default client settings is grayed out and the setting "Install Endpoint protection client on Client computer" is NO. I assume "Endpoint Protection" in Default client settings is grayed out because the Endpoint Protection point role is not installed. 5. No other client settings have Endpoint Protection turned on. Resultant Client settings for client says "Install Endpoint protection client on Client computer" is NO. On the client, we see the following registry that indicates that the client has received the Default client Antimalware Policy.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent"StateEventMessage"="The operation completed successfully.""LastAppliedPolicyName"="Default Client Antimalware Policy" Thanks Sudheer
