Troubleshoot Endpoint Protection in Microsoft IntuneTroubleshoot Endpoint Protection in Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

此章节的信息有助于解决使用 Microsoft Intune Endpoint Protection 时出现的问题。Use the information in this section to help you solve problems while using Microsoft Intune endpoint protection. 还可以查看有关 Windows Defender 疑难解答的信息。You can also review information about troubleshooting Windows Defender.

如果此信息未解决你的问题,请参阅如何获取对 Microsoft Intune 的支持,了解更多获得帮助的方法。If this information does not solve your problem, see How to get support for Microsoft Intune to find more ways to get help.

Endpoint Protection 错误消息Endpoint Protection error messages

本章节描述了在 Intune 管理员控制台Endpoint Protection 状态窗格中显示的以下错误和警告的潜在原因和解决方案。This section describes potential causes and solutions for the following errors and warnings, which appear in the Endpoint Protection Status pane in the Intune admin console.

状态项Status item 可能的原因Potential causes 可能的解决方案Potential solutions
Endpoint Protection 引擎不可用Endpoint Protection engine unavailable Intune Endpoint Protection 引擎已损坏或删除。The Intune endpoint protection engine was corrupted or deleted. 如果 Intune Endpoint Protection 引擎已损坏,可以尝试更新或重新安装软件。If the Intune endpoint protection engine is corrupted, you can try updating or reinstalling the software.

若要强制执行立即更新,请在 Endpoint Protection 客户端软件中选择更新(参见托管计算机上的工具栏)。To force an immediate update, choose Update in the endpoint protection client software (found in the taskbar on managed computers.

如果无法更新引擎,则必须重新安装 Endpoint Protection 引擎。If the engine cannot be updated, you must reinstall the endpoint protection engine.

在托管计算机“控制面板”的已安装程序列表中,找出“Microsoft Intune Endpoint Protection 代理”,然后卸载应用程序。In the list of installed programs in Control Panel on the managed computer, locate Microsoft Intune Endpoint Protection Agent, and then uninstall the application.

在下次更新同步期间,Microsoft Online Management 更新管理器将会检测缺少的程序,并在计划安装时间重新安装它。During the next update synchronization, the Microsoft Online Management Update Manager detects the missing program and reinstalls it at the scheduled installation time.
已禁用 Endpoint ProtectionEndpoint Protection disabled Intune Endpoint Protection 已遭到管理员(通过使用策略)或托管计算机上的某位用户禁用。Intune endpoint protection was disabled by an administrator using a policy or by a user on a managed computer. 如果禁用了 Endpoint Protection,则可以从 Intune 管理员控制台或从托管计算机中启用它。If endpoint protection is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用 Endpoint Protection,请打开策略工作区,然后在应用于此计算机的策略中更改启用 Endpoint Protection设置。To enable endpoint protection from the Intune admin console, open the Policy workspace, and then change the Enable Endpoint Protection setting in the policies that apply to the computer.

或者,Or,

若要从托管计算机中启用 Endpoint Protection,请从通知区域中启动 Intune Endpoint Protection 客户端,且系统将提示你启用 Endpoint Protection。to enable endpoint protection from a managed computer, start the Intune endpoint protection client from the notification area and you will be prompted to enable endpoint protection.
已禁用实时保护Real-time protection disabled 实时保护已遭到管理员(通过使用策略)或托管计算机上的某位用户禁用。Real-time protection was disabled by an administrator (using a policy) or by a user on a managed computer. 如果禁用了实时保护,则可以从 Intune 管理员控制台或从托管计算机中启用它。If real-time protection is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用实时保护,请打开“策略”工作区,然后在应用于此计算机的策略中将“启用实时保护”设置更改为“是”。To enable real-time protection from the Intune admin console, open the Policy workspace, and then change the Enable real-time protection setting to Yes in the policies that apply to the computer.

或者,Or,

若要从托管计算机中启用实时保护,请从通知区域中启动 Endpoint Protection 客户端软件。to enable real-time protection from a managed computer, start the endpoint protection client software from the notification area. 此时,将会提示你启用实时保护。You are prompted to enable real-time protection at that time.
已禁用下载扫描Download scanning disabled 下载扫描被管理员使用策略禁用,或被管理的计算机上的用户禁用。Download scanning was disabled by an administrator by using policy or by a user on a managed computer. 如果禁用了下载扫描,则可以从 Intune 管理员控制台或从托管计算机中启用它。If download scanning is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用下载扫描,请打开策略工作区,然后在应用于此计算机的策略中将扫描所有下载设置更改为To enable download scanning from the Intune admin console, open the Policy workspace, and then change the Scan all Downloads setting to Yes in the policies that apply to the computer.

或者,Or,

若要从托管计算机中启用下载扫描,请从通知区域中启动 Endpoint Protection 客户端软件。to enable download scanning from a managed computer, start the endpoint protection client software from the notification area. 依次选择设置选项卡、实时保护扫描所有下载复选框,然后选择保存更改Choose the Settings tab, choose Real-time protection, select the Scan all downloads check box, and then choose Save changes.
已禁用文件和程序活动监视File and program activity monitoring disabled 文件和程序活动监视已被使用策略的管理员或用户在被管理的计算机上禁用。File and program activity monitoring was disabled by an administrator who used Policy or by a user on a managed computer. 如果禁用了文件和程序活动监视,则可以从 Intune 管理员控制台或托管计算机中启用它。If file and program activity monitoring is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用文件和程序活动监视,请打开“策略”工作区,然后在应用于此计算机的策略中将“监视计算机上的文件和程序活动”设置更改为“是”。To enable file and program activity monitoring from the Intune admin console, open the Policy workspace, and then change the Monitor file and program activity on computers setting to Yes in the policies that apply to the computer.

或者,Or,

若要从托管计算机中启用文件和程序活动监视,请从通知区域中启动 Endpoint Protection 客户端软件。to enable file and program activity monitoring from a managed computer, start the endpoint protection client software from the notification area. 依次选择设置选项卡、实时保护监视计算机上的文件和程序活动复选框,然后选择保存更改Choose the Settings tab, choose Real-time protection, select the Monitor file and program activity on your computer check box, and then choose Save changes.
已禁用行为监视Behavior monitoring disabled 行为监视已遭到管理员(通过使用策略)或托管计算机上的某位用户禁用。Behavior monitoring was disabled by an administrator (using a policy) or by a user on a managed computer. 如果禁用了行为监视,则可以从 Intune 管理员控制台或托管计算机中启用它。If behavior monitoring is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用行为监视,请打开策略工作区,在应用于此计算机的策略中将启用行为监视设置更改为,然后重启托管计算机。To enable behavior monitoring from the Intune admin console, open the Policy workspace, change the Enable behavior monitoring setting to Yes in the policies that apply to the computer, and then restart the managed computer.

或者,Or,

若要从托管计算机中启用行为监视,请从通知区域中启动 Endpoint Protection 客户端软件。to enable behavior monitoring from a managed computer, start the endpoint protection client software from the notification area. 依次选择设置选项卡、实时保护启用行为监视复选框,然后选择保存更改Choose the Settings tab, choose Real-time protection, select the Enable behavior monitoring check box, and then choose Save changes. 然后重启计算机。Then, restart the computer.
已禁用脚本扫描Script scanning disabled 脚本扫描已遭到管理员(通过使用策略)或托管计算机上的某位用户禁用。Script scanning was disabled by an administrator (using a policy) or by a user on a managed computer. 如果禁用了脚本扫描,则可以从 Intune 管理员控制台或从托管计算机中启用它。If script scanning is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用脚本扫描,请打开策略工作区,然后在应用于此计算机的策略中将启用脚本扫描设置更改为To enable script scanning from the Intune admin console, open the Policy workspace and change the Enable script scanning setting to Yes in the policies that apply to the computer.

或者,Or,

若要从托管计算机中启用脚本扫描,请从通知区域中启动 Endpoint Protection 客户端软件。to enable script scanning from a managed computer, start the endpoint protection client software from the notification area. 依次选择设置选项卡、实时保护启用脚本扫描复选框,然后选择保存更改Choose the Settings tab, choose Real-time protection, select the Enable script scanning check box, and then choose Save changes.
已禁用网络检查系统Network Inspection System disabled 网络检查系统被管理员使用策略禁用,或被管理的计算机上的用户禁用。The Network Inspection System was disabled by an administrator using policy or by a user on a managed computer. 如果禁用了网络检查系统,则可以从 Intune 管理员控制台 或从托管计算机中启用它。If Network Inspection System is disabled, you can enable it from the Intune admin console or from a managed computer. 执行以下操作之一:Do one of the following:

若要从 Intune 管理员控制台中启用网络检查系统,请打开策略工作区,在应用于此计算机的策略中将启用网络检查系统设置更改为,然后重启托管计算机。To enable Network Inspection System from the Intune admin console, open the Policy workspace, change the Enable Network Inspection System setting to Yes in the policies that apply to the computer, and then restart the managed computer.

或者,Or,

若要从托管计算机中启用网络检查系统,请从通知区域中启动 Endpoint Protection 客户端软件。to enable Network Inspection System from a managed computer, start the endpoint protection client software from the notification area. 依次选择设置选项卡、实时保护启用网络检查系统复选框,然后选择保存更改Choose the Settings tab, choose Real-time protection, select the Enable Network Inspection System check box, and then choose Save changes. 重新启动计算机。Restart the computer.
恶意软件定义过期Malware definitions out of date 计算机可能已与 Internet 断开了很长一段时间,其恶意软件定义可能尚未更新。The computer might have been disconnected from the Internet for an extended period of time, and its malware definitions might not yet have been updated. 如果计算机上的恶意软件定义过期 14 天或更长时间,就会出现这种状态。This status appears when the malware definitions on the computer are out of date by 14 days or more. 如果恶意软件定义过期,可从 Intune 管理控制台主题中更新定义。If malware definitions are out of date, you can update the definitions from the Intune admin console topic.
完全扫描逾期Full scan overdue 已经有 14 天未进行完全扫描。A full scan has not been completed for 14 days. 可能的原因是完全扫描时计算机进行了重新启动。This can be caused by a computer restart during a full scan. 如果完全扫描逾期,可从 Intune 管理控制台中运行一次完全扫描或计划定期完全扫描。If a full scan is overdue, you can run a one-time full scan or schedule recurring full scans from the Intune admin console.
快速扫描逾期Quick scan overdue 已经有 14 天未进行快速扫描。A quick scan has not been completed for 14 days. 这可能是快速扫描过程中重启所导致。This can be caused by a restart during a quick scan. 如果快速扫描逾期,可从 Intune 管理控制台中运行一次快速扫描或计划定期快速扫描。If a quick scan is overdue, you can run a one-time quick scan or schedule recurring quick scans from the Intune admin console.
正在运行的另一个端点防护应用程序Another endpoint protection application running 另一个 Endpoint Protection 应用程序正在运行,并且计算机处于正常状态。Another endpoint protection application is running, and the computer is healthy. 默认情况下,如果安装了其他 Endpoint Protection 应用程序并且 Intune 检测到该应用程序,则 Endpoint Protection 会自动禁用其自身。By default, if another endpoint protection application is installed and Intune detects that application, endpoint protection automatically disables itself. 如果 Intune 未检测到其他终结点应用程序,则 Endpoint Protection 将保持启用状态。If Intune does not detect the other endpoint application, endpoint protection will remain enabled. 有关详细信息,请参阅使用适用于 Microsoft Intune 的 Endpoint Protection 帮助保障 Windows 电脑的安全For more information, see Help secure Windows PCs with Endpoint Protection for Microsoft Intune.

后续步骤Next steps

如果此疑难解答信息没有帮助到你,请联系 Microsoft 支持部门,如如何获取对 Microsoft Intune 的支持中所述。If this troubleshooting information didn't help you, contact Microsoft Support as described in How to get support for Microsoft Intune.

要提交产品反馈,请访问 Intune Feedback