Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

System Center Endpoint Protection

© 2012 Microsoft Corporation. All rights reserved.
Microsoft Confidential
System Center 2012 Configuration Manager
Concepts & Administration
Lesson 8: System Center Endpoint Protection (SCEP)
Your Name
Premier Field Engineer
Microsoft
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind,
whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and noninfringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no
association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should
be inferred.
Copyright and Trademarks
© 2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
System Center 2012 Configuration Manager
System Center Endpoint Protection (SCEP) in
Configuration Manager
3
Microsoft Confidential
Objectives
In this module you will learn about :
Endpoint Protection in System Center 2012 Configuration Manager
Capabilities of Endpoint Protection
Features of Endpoint Protection client
4
Microsoft Confidential
Endpoint Protection
Endpoint Protection in System Center 2012 Configuration Manager
Now fully integrated with Configuration Manager
Configured as a Configuration Manager Role
Capabilities of Endpoint Protection
Configure antimalware policies and Windows Firewall settings
Use Software Updates to download the latest antimalware definition files to
keep clients up-to-date
Stay updated on client status via email notifications, in-console monitoring, and
reports
Endpoint Protection client
Installs in addition to Configuration Manager client
Malware/Spyware/rootkit detection and remediation
Critical vulnerability assessment and automatic definition and engine updates
Network vulnerability detection via Network Inspection System
Integration with Microsoft Active Protection Services
5
Microsoft Confidential
Managing Malware
Create antimalware policies containing Endpoint Protection
settings
Deploy antimalware policies to client computers
Managing Windows Firewall with Endpoint Protection
6
Microsoft Confidential
Changes from Forefront Endpoint Protection 2010
No longer an add-on
Install the Endpoint Protection client by using Configuration Manager
client settings, or you can manage existing Endpoint Protection clients
Role-Based Administration
Endpoint Protection reports integrated with Configuration Manager
reporting
Update definitions and the definition engine using automatic
deployment rules
Classification: Definition updates
Product: Forefront protection category
Configure multiple malware alert types for malware notification
Endpoint Protection dashboard is integrated with the Configuration
Manager console
7
Microsoft Confidential
Prerequisites for Endpoint Protection Deployment
Dependencies
Windows Server Update Services (WSUS)
The following update methods require client computers to have
Internet access:
Updates distributed from Microsoft Update
Updates distributed from Microsoft Malware Protection Center
Clients download definition updates by using the built-in System
account
You must configure a proxy server for this account to enable these
clients to connect to the Internet
You can use Windows Group Policy to configure a proxy server on
multiple computers
8
Microsoft Confidential
Prerequisites for Endpoint Protection Deployment
Dependencies
Endpoint Protection point can only be enabled on the Central
Administration Site (or a Standalone Primary)
If using software updates to deliver definition and engine updates,
you will need a Software Update Point
9
Microsoft Confidential
Configure Endpoint Protection
Steps to configure Endpoint Protection
Create an Endpoint Protection point site system role
Configure alerts for Endpoint Protection
Optional: configure Software Updates to deliver definition updates to
client computers
Configure the default antimalware policy and create custom
antimalware policies
Configure custom client settings for Endpoint Protection
10
Microsoft Confidential
DEMO: Enable and configure an Endpoint
Protection Point
Scenario
You are the Administrator of the
Contoso Configuration Manager
hierarchy and you wish to enable and
configure an Endpoint Protection Point
Goals
Ensure prerequisites are met
Enable and configure the
Endpoint Protection Point
11
Microsoft Confidential
Creating and deploying antimalware policies
Deploy antimalware policies to collections of Configuration
Manager clients to determine how Endpoint Protection
protects them from malware and threats
Policies include information about the scan schedule, the
types of files and folders to scan, and the actions to take
when malware is detected
Upon enabling Endpoint Protection:
A default antimalware policy is applied to client computers
You can use additional policy templates that are supplied
or
Create custom antimalware policies to customize the settings for
your environment
12
Microsoft Confidential
Modifying the default antimalware policy
13
Microsoft Confidential
Creating a new antimalware policy
14
Microsoft Confidential
Importing an antimalware policy
15
Microsoft Confidential
Deploying an antimalware policy
16
Microsoft Confidential
Create and deploy Windows Firewall policies
Firewall policies for Endpoint Protection allow you to
perform basic Windows Firewall configuration and
maintenance tasks on client computers in your hierarchy
You can use Windows Firewall policies to perform the
following tasks:
Control whether Windows Firewall is turned on or off
Control whether incoming connections are allowed to client
computers
Control whether users are notified when Windows Firewall blocks a
new program
Group Policy settings will override any Configuration
Manager settings for the Firewall
17
Microsoft Confidential
Creating a Windows Firewall policy
18
Microsoft Confidential
DEMO: Configuring and Deploying Antimalware
and Windows Firewall Settings
Scenario
You are the Administrator of the
Contoso Configuration Manager
hierarchy and you wish to deploy
antimalware and Windows Firewall
settings in your client environment
Goals
Create new antimalware policy
Import antimalware policy
Configure policies for deployment
Create new Windows Firewall policies
Deploy specific policies to clients
19
Microsoft Confidential
Monitor Endpoint Protection in Configuration
Manager
20
Microsoft Confidential
What’s new SP1 ?
Endpoint Protection client setting can be enabled to commit the changes
on Windows Embedded devices that are write filter enabled
Definition updates deployed by software updates can be configured to
write to the overlay on Windows Embedded devices, without a restart
immediately
Endpoint Protection client can be installed only during configured
maintenance windows. Maintenance window must be at least 30 minutes
long to allow installation to occur.
Endpoint Protection now uses client notification to start the following
actions ASAP, instead of during the normal client policy polling interval
 Force antimalware definition updates
 Run quick scans
 Run full scans
 Allow threats
 Exclude folders and files
 Restore quarantined files
With SP1, CM can handle Evaluation Schedule settings within Automatic
Deployment Rule up to 3 times a day without impacting server
performance to align with the Microsoft System Center Endpoint
Protection definition updates publishing frequency.
21
Microsoft Confidential
What’s new SP1 ? ….continued
Improvements to software updates to allow more frequent
distribution of Endpoint Protection definition updates
Multiple antimalware deployed to a client computer are
merged on the client
When settings conflict, the setting with highest priority option
is used.
some settings are merged, such as exclusion lists from separate
antimalware policies.
Client-side merge also honors the priority that are configured
for each antimalware policy.
A software update deployment template named Definition
Updates is included in the Deploy Software Updates
Wizard and Automatic Deployment Rule Wizard.
22
Microsoft Confidential
Lesson Review
What would happen when there is a conflict between
Group Policy settings and Configuration Manager EP
Firewall policy settings?
Are there anything added in SP1 with respect to
Deployment Template? If yes then what is the name of that
Deployment Template?
Where can you install Endpoint Protection Point?
23
Microsoft Confidential
Module Summary
In this module you learned about :
Endpoint Protection in System Center 2012 Configuration Manager
Capabilities of Endpoint Protection
Features of Endpoint Protection client
24
Microsoft Confidential
APPENDIX
25
Microsoft Confidential
List of Antimalware Policy Settings: Scheduled
Scans
Setting name
Description
You can specify one of two scan types to run on client computers:
Quick scan: This type of scan checks in-memory processes and folders where malware
is typically found. It requires fewer resources than a full scan.
Scan type
Full Scan: This type of scan adds a full check of all local files and folders to the items
scanned in the quick scan. This scan takes longer than a quick scan and uses more CPU
processing and memory resources on client computers.
In most cases, use Quick scan to minimize the use of system resources on client
computers. If malware removal requires a full scan, Endpoint Protection generates an
alert that is displayed in the Configuration Manager console.
The default value is Quick scan.
Select True if you want to help avoid flooding the network if all computers send their
antimalware scans results to the Configuration Manager database at the same time.
Randomize the
scheduled scan start
times
This setting is also useful when you run multiple virtual machines on a single host.
(within 30 minutes) Select this option to reduce the number of simultaneous disk accesses for antimalware
scanning.
26
Microsoft Confidential
List of Antimalware Policy Settings: Scan Settings
Setting name
Scan network
drives when
running a full scan
27
Description
Set to True if you want to scan any mapped network drives on client computers.
Microsoft Confidential
List of Antimalware policy settings: Default Actions
The following actions can be selected to be taken when
malware is detected on client computers:
Recommended
Use the action recommended in the malware definition file
Quarantine
Quarantine the malware but do not remove it
Remove
Remove the malware from the computer
Allow
Do not remove nor quarantine the malware
28
Microsoft Confidential
List of Antimalware policy settings: Real-time
Protection
Setting name
Enable real-time protection
Monitor file and program activity on
your computer
Scan system files
29
Description
Set to True if you want to configure real-time protection
settings for client computers. We recommend that you
enable this setting.
Set to True if you want to monitor when files and programs
start to run on client computers and alerts you about any
actions that they perform or actions taken on them.
This setting lets you to configure whether incoming,
outgoing, or incoming and outgoing system files are
monitored for malware. You might have to change the
default value of Scan incoming and outgoing files for
performance reasons if a server has high incoming or
outgoing file activity.
Enable behavior monitoring
Enable this setting to use computer activity and file data to
detect unknown threats. When enabled, this setting might
increase the time taken to scan computers for malware.
Enable protection against networkbased exploits
Enable this setting to protect computers against known
network exploits by inspecting network traffic and blocking
any suspicious activity.
Enable script scanning
Set to True if you want to scan any scripts that run on
computers for suspicious activity.
Microsoft Confidential
List of Antimalware policies: Threat Overrides
30
Setting name
Description
Threat name and
override action
Click Set to customize the remediation action to take for each threat ID when it is
detected during a scan.
Microsoft Confidential
List of Antimalware policies: Threat Overrides
Setting name
Set sources and
order for
Endpoint
Protection client
updates
31
Description
Click Set Source to specify the sources for definition and scanning engine updates,
and the order in which they are used. If Configuration Manager is specified as one of
the sources, other sources are used only if software updates fails to download the
client updates.
If you use any of the following methods to update definitions on client computers,
the client computer must be able to access the Internet.
•Updates distributed from Microsoft Update
•Updates distributed from Microsoft Malware Protection Center
Microsoft Confidential
Related documents
ASP.NET MVC
ASP.NET MVC
Old YMCA Building in Richmond, Indiana 47374
Old YMCA Building in Richmond, Indiana 47374
Real Life examples of Geometry
Real Life examples of Geometry
- Team System Cafe
- Team System Cafe
Exchange Online Overview (Office 365)
Exchange Online Overview (Office 365)
Cloud OS Vision Deck Full Version
Cloud OS Vision Deck Full Version
Cybersecurity Briefing Deck
Cybersecurity Briefing Deck
Module 08 - Microsoft Lync - Lync Client and
Module 08 - Microsoft Lync - Lync Client and
Download