This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to push existing managed client new feature, exploit prevention

We tried with enterprise console, right click manage option, but its not working.

How can we push the new feature from outside, like repushing the new package or something?



This thread was automatically locked due to age.
  • Hello Abhijeet Nawale,

    right click manage option
    what exactly did you try, could you provide a screenshot?

    The recommended way is to reinstall - if you installed using Protect Computers do it again with EXP selected. If you used a package or run setup.exe by some means create an appropriate package or run setup.exe with the additional -hmpa parameter.

    Christian

  • Hello Christian,

     

    Thanks for the reply.

    I tried right click on computer->protect computer->selecting exploit prevention->putting domain credentials->nothing happens

    So if I push the old existing setup.exe from sccm with additional -hmpa parameter on a machine, it will reinstall the client with exploit prevention feature?

     

    Thanks,
    Abhijeet

  • Hello Abhijeet,

    nothing happens
    that's what I meant with if...if - use the same method (of course appropriately amended) you used for the initial install. Apparently in your case setup.exe with the additional -hmpa parameter.

    Just found the article that mentions another option, namely adding a certain key to the registry. Please read carefully as it has some limitations. I can confirm though that it works.

    Christian 

  • Alright, so if I run the setup.exe with -hmpa parameter on existing client machine, it would just add the extra feature of exploit prevention over, I mean no conflict will happens by running setup over existing managed client machine.

    Correct, or first removal of existing client and then reinstallation with parameter needed?

  • Hello Abhijeet,

    setup.exe will perform a reinstall of all components (actually it just installs and configures AutoUpdate which then installs all the other components). The process will appropriately take care of an existing installation (i.e. uninstall where required).

    Christian

  • Great, thanks Christian.

    Let me try the same.

  • I am not very experienced with the product and did not realize Exploit Prevention was a separate module.  I stumbled into that today when I saw it was not active in the console.  I found the page stating it is no longer automatically installed and the setup.exe command lines.  I kept looking over the -hmpa since I did not think it was related.  This answer tied EXP to hmpa for me and I was able to just add that switch to the startup script. 

     

    Thank you for helping me again!