I know this is a bit late but Microsoft have released a hot fix for Endpoint Protection clients.
The knowledge base article is KB2907566 and can be found from the link below.
- Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients
- Microsoft System Center 2012 Configuration Manager Endpoint Protection Service Pack 1 (SP1) clients
- Microsoft Forefront Endpoint Protection 2010 clients
- Adds anti-tampering functionality to reduce the risk that malware will disable or bypass anti-malware scanning. For example, access to files and folders that are used by the anti-malware platform can be changed only by trusted system processes or by the anti-malware platform itself.
- Improves overall performance of the anti-malware platform.
- Anti-malware performance is improved compared to that of previous platform versions. Improvements were made to scan functionality. These changes involve no configurable effects.
- Ongoing improvements to Microsoft Active Protection Service (MAPS) and Dynamic Signature Service (DSS). These make real-time cloud-based protection easier.
- Scale and performance improvements were made to the MAPS and DSS systems. Make sure that you opt-in to at least Basic or Advanced MAPS to make sure that you are benefitting from cloud-based protection.
- System Center 2012 R2 Configuration Manager
- Cumulative Update 3 for System Center 2012 Configuration Manager Service Pack 1
- Service Pack 2 for System Center Configuration Manager 2007 and Update Rollup 1 for Forefront Endpoint Protection 2010
You may have to restart the computer after you apply this update.
After you install this update package, you must enable the Automatic Client Upgrade feature in the Configuration Manager Administrator Console. The Endpoint Protection agent will be upgraded, depending on the values that are defined in the client policy retrieval settings and in the Automatically upgrade client within days setting.