I’ve done a machine policy retrieval on all my affected client and 5 minutes after, they were all OK.TL; DR : Do not use special character in Endpoint Policy Name.This option can be configured only when you have selected to allow BITS throttling outside of the specified window.For Configuration Manager with no service pack: Specify how frequently client computers download client policy.For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only: Specify how frequently the following Configuration Manager clients download client policy: When you configure this setting as True or Yes, and Configuration Manager has discovered the user, Configuration Manager clients on computers receive applications and programs that are targeted to the logged on user.For more information about how to discover users, see the Configure Active Directory Discovery for Computers, Users, or Groups section in the Configuring Discovery in Configuration Manager topic.When you modify the default client settings, these settings are applied to all clients in the hierarchy.You can also configure custom client settings, which override the default client settings when you assign these to collections.
A set of default settings is supplied with Configuration Manager.The SCCM client is healthy everything is working fine and my Endpoint Definition are getting updated by SCCM.I simply renamed my policy to : Endpoint Protection CTX 4.5, 6.0, 6.5 (I removed the “&” from the policy name)After a machine policy all error were gone.For information about how to configure client settings, see How to Configure Client Settings in Configuration Manager. Use the following sections for more information about the client settings that might require some information before you configure them.Client settings for devices: Specify the maximum transfer rate in (Kbps) that will be used by Configuration Manager clients when outside of the specified BITS throttling window.Monitoring / Endpoint Protection Status / System Center 2012 R2 Endpoint Protection Status / Operational State12 clients are failing to apply the custom policy.Clicking on the “Antimalware policy application failed” brings us to the list of machine.Technet is not stating any limitation : SCCM console is not blocking you if you want to create a policy name “Test &? My recommendation is to avoid using special character in policy name. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 3 times Enterprise Mobility MVP. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intunes deployments.The root cause is most likely correct, as the old Ghost boot media is running most likely on DOS/Win PE1-2 If you want to try the new one then Ghost Standard Tools is more like the old Ghost you are used to. X is much different then previous Ghost versions One question I am often asked is how fast "software x" can be pushed with Symantec's IT Management Suite (ITMS).My organization has a large deployment of Symantec Endpoint Protection (SEP) (~20k clients) with a single SEPM instance running in an ESX VM.We do have many remote clients designated as Group Update Providers (GUPs) where possible.It also provides advanced threat prevention that protects endpoints from targeted attacks and attacks not seen before.It includes turnkey, proactive technologies that automatically analyze application behaviors and network communications to detect and block suspicious activities, as well as administrative control features that allow you to deny specific device and application activities deemed as high risk for your organization.Update Link for updating / installing Symantec Endpoint Protection (only internal i.e.