sccm 2012 rc part 5 - enable endpoint protection

8/10/2019 SCCM 2012 RC Part 5 - Enable Endpoint Protection

1/33


2/33

http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-guides/


Step 1. Configure the Endpoint Protection RolePerform the fol lowing o n the SCCM server as SMSadmin

Note: The Endpoint Protection point site system role must be installed before you can use EndpointProtection. It must be installed on one site system server onlyand it must be installed at thetop of

the hierarchyon a central administration site or a standalone primarysite.

Note: #2 Prior to enabling this role, you should review certain features in your Default ClientSettingsin relation to EndPoint Protection otherwise you could end up with servers having theSCEP client installed before you were ready to do so.

In the configmgr console, click on AdministrationExpand Overviewand expand Site ConfigurationSelect Servers and Site System Roles

And click on Homein the Ribbon and click on Add Site System Roles.


3/33



When the wizard appears click next

Select the Endpoint Protection Pointrole and click next


4/33



Read and then accept the License Agreement terms

Next you get some choices about Microsoft Active Protection service, you can opt in, or opt out,let's select Basic Membership.


5/33



click next at the summary and review the status on the completion screen.

within a few minutes you'll see the Endpoint Protection client appear in the System Tray of your LABcomputers

Note:You can review the EPSetup.log on the server to monitor role installation progress.


6/33



Step 2. Configure alerts for Endpoint ProtectionPerform the fol lowing o n the SCCM server as SMSadmin

Note: Alerts inform the administrator when specific events have occurred, such as a malwareinfection. Alerts can be displayed in the Configuration Manager console, through reports, oroptionally can be emailed to specified users. You can configureEndpoint Protection alertsin

System Center 2012 Configuration Manager to notify administrative userswhen specific securityevents occur in your hierarchy. Notifications display in the Endpoint Protection dashboardin theConfiguration Manager console, in reports, and you can configure them to be emailed to specifiedrecipients.

Configure Email Notification (Optional)

If you have access to an SMTP server then you can optionally configure Email NotificationAlerts.In the configmgr console, click on Administration, expand Overviewand expand SiteConfiguration, select Sitesand click on Settings in the ribbon and click on Configure SiteComponentsand select Email Notification.
http://technet.microsoft.com/en-us/library/hh508782.aspxhttp://technet.microsoft.com/en-us/library/hh508782.aspxhttp://technet.microsoft.com/en-us/library/hh508782.aspxhttp://technet.microsoft.com/en-us/library/hh508782.aspx


7/33



Enter your desired settings for SMTP and click Apply.Note that you can test your SMTP settings

Configure Alerts for Collections

Next let's configure Alerts for a Collection, but first let's create a collection called All Windows 7Computers(in a LAB this is fine for what we want to do, in Production you should create EndPointProtection specific Collections).

Note:- You cannot configure alerts for User Collections.Click on Assets and Complicance in theconsole,click on Device Collections and in the ribbon click on Create Device Collection.


8/33



Call the collectionAll Windows 7 Computersand limit it toAll Systems

click next, choose Query Rulefrom the drop down menu and fill in a Query like so (edit querystatement, criteria, show query language and replace the code with the below)

select* from SMS_R_System whereSMS_R_System.OperatingSystemNameandVersionlike "%Workstation 6.1%"


9/33



set the schedule as follows (it's a LAB)

click next through the wizard, the collection is now created.


10/33



In Assets and Complianceselect Devicesand choose Device Collections, select the AllWindows 7 Computerscollection (we have no computers in this collection yet but we will havesoon), choose properties

Click on the Alertstab and place a checkmark in View this collection in the Endpoint ProtectionDashboard


11/33



click on Addand select all the options

click ok and leave the other Alert settings as they are


12/33



Step 3. Configure SUP to deliver Definition UpdatesPerform the fol lowing o n the SCCM server as SMSadmin

In the Configuration Manager console, click Software Library, expand Software Updatesandclick on Automatic Deployment Rules

in the Ribbon click on Create Automatic Deployment Ruleand the wizard appears, give the rule asuitable name likeAutomatic Deployment Rule for Endpoint Protectionand point it to ourpreviously created All Windows 7 Computerscollection, select to create a new software updategroup


13/33



On the Deployment Settingspage of the wizard select Minimal from the Detail leveldrop-downlist, and then click Next

This reduces State Messagesreturned and thus reduces Configuration Manager server load


14/33



On theSoftware Updatespage select Date Released or Revised

In the Search Criteriapane, click on Value to findand select Last 1 day


15/33



For Evaluation Schedule, click on Customizeand set it to run every 1 days


16/33



For Deployment Scheduleset Time based on: UTC(if you want all clients in the hierarchy to installthe latest definitions at the same time. This setting is a recommended best practice.), for softwareavailable select 1 hour to allow the Deployment to reach all Distribution Points and select As soonas possiblefor the installation Deadline.


17/33



For the User Visual Experienceselect Hidefrom the drop down menu

For Alertsenable the option to generate an alert


18/33



For download settingsas the definition updates are important let's download them even if on slownetworks


19/33


20/33



And click your way through the rest of the Wizard till completion


21/33



Step 4. Configure the SUP Products to Sync and Perform a Sync Perform the fol lowing o n the SCCM server as SMSadmin

Click on Administration, expand Overviewand expand Site Configuration, select Sitesand clickon Settings in the ribbon and click on Configure Site Componentsand select Software UpdatePoint.

In the Productstab ensure that the product Forefront Endpoint Protection 2010check box isselected.


22/33



Change the Sync Scheduleto 1 days

Click on Software Library, Software Updates, right click on All Software Updatesandchoose Synchronize Software Updates


23/33



AnswerYesto the Sync

at this point you can review the Wsyncmgr.login CMtrace


24/33



Now you can click on All Software Updates and you'll see our Forefront Definition Updates listed

but if you scroll to the right you'll see nothing has been downloaded, yet...(because our AutomaticDeployment Rule hasn't run yet since the sync)

so let's force the Automatic Deployment Ruleto run now, right click on our ADR and choose RunNow


25/33



and after a few minutes look at our Definition Updates again, notice the difference ?


26/33



Step 5. Configure Custom Client Settings for Endpoint Protection

Perform the fol lowing o n the SCCM server as SMSadmin

Note: Do not configure the default Endpoint Protection client settingsunless you are sure

that you want these applied to all computers in your hierarchy.

Below is an explanation of theEndPoint Protection settingsavailable:-

Quote

Manage Endpoint Protection client on client computers

Select Trueif you want to manage existing Endpoint Protection clients on computers in your hierarchy.

Select this option if you have already installed the Endpoint Protection client and want to manage it withConfiguration Manager.

You should also select this option if you want to create a script to uninstall an existing antimalware solution,install the Endpoint Protection client and deploy this script using a Configuration Manager application orpackage and program.

Install Endpoint Protection client on client computers

Select Trueto install and enable the Endpoint Protection client on client computers where it is not alreadyinstalled.

Automatically remove previously installed antimalware software before Endpoint Protection is installed

Select Trueto uninstall existing antimalware software.Note Endpoint Protection uninstalls the following antimalware software only:

All current Microsoft antimalware products except for Windows InTune and Microsoft Security EssentialsSymantec AntiVirus Corporate Edition version 10Symantec Endpoint Protection version 11Symantec Endpoint Protection Small Business Edition version 12Mcafee VirusScan Enterprise version 8Trend Micro OfficeScan

Suppress any required computer restart after the Endpoint Protection client installed

Select Trueto suppress a computer restart if it is required after the Endpoint Protection client installs.Allowed period of time users can postpone a required restart to complete the Endpoint Protectioninstallation (hours)

Specify the number of hours that users can postpone a computer restart if this is required after the EndpointProtection client installs.

Disable alternate sources (such as Windows Update, Microsoft Windows Server Update Services or UNCshares) for the initial definition update on client computers

Select Trueif you want to allow only Configuration Manager to install the initial definition update on clientcomputers. This setting can be helpful to avoid unnecessary network connections and reduce networkbandwidth during the initial installation of the definition update.
http://technet.microsoft.com/en-us/library/gg682067.aspxhttp://technet.microsoft.com/en-us/library/gg682067.aspxhttp://technet.microsoft.com/en-us/library/gg682067.aspxhttp://technet.microsoft.com/en-us/library/gg682067.aspx


27/33



In the Configuration Manager console, click Administration, click Client Settingsand onthe Hometab in the Creategroup, click Create Custom Client DeviceSettings.

Select Endpoint Protectionand call it Custom Client Device Endpoint Protection Settings


28/33



Click on Endpoint Protectionand review the settings, change them to as follows:-

Manage Endpoint Protection Client on Client Computers = True

Install Endpoint Protection Client on Client Computers = True

Automatically remove previously installed antimalware software before Endpoint Protection is

installed = True Suppress any required computer restart after the Endpoint Protection client installed = False

Allowed period of time users can postpone a required restart to complete the Endpoint

Protection installation (hours) = 1

Disable alternate sources (such as Windows Update, Microsoft Windows Server Update

Services or UNC shares) for the initial definition update on client computers = True


29/33


30/33



Step 6. Configure Custom Anti-Malware Policies

Perform the fol lowing o n the SCCM server as SMSadmin

Note: Do not configure the default client Malware Policyunless you are sure that you want

these applied to all computers in your hierarchy.

There are several pre-created AntiMalware Policies available, to review/use them click on Import.

(see screenshot below)


31/33



We will create our own policy in this LAB so in the Configuration Manager console, click Assets and

Compliance, click Endpoint Protection, select Antimalware Policies. In the ribbon select Create

Antimalware Policy

give the policy a name like Custom Endpoint Protection Antimalware Policy


32/33



for Scheduled scanschange to Dailyat 12 pm(default was Saturday, 2am) and set it to check for

latest definition updates before the scan and to randomize the scan start time

for Definition Updatesset the check to 2 hours and click on set source, only select Updates

distributed from Configuration Manager (deselet the other options)

Note: if your SCCM server has no internet access you can configure it to check for updates from

UNC file shares


33/33


Click Ok, Ok.

Right click our Custom Endpoint Protection Antimalware Policyand selectDeploy, choose

our All Windows 7 ComputersCollection as we did for the Device settings above.

Thatsit we are done !

We have now created custom Client Device settingsand a Custom Antimalware Policyfor

our All Windows 7 Computerscollection, in further posts we will add some computers to that

collection and verify our Endpoint Protection settings.

sccm 2012 rc part 5 - enable endpoint protection

Documents