Configure Endpoint Protection 2012 in SCCM 2012 SP1

In this blog I’ll explain how to configure Endpoint Protection 2012. This scanner/protection is in SCCM 2012 integrated and it will be installed automatically if the client has the Configmgr client installed.

So, this is a simple, but a quick how-to. (You must already have installed the WSUS and installed and configured the Software Update Point role (SUP))

First, we have to make a new collection. This collection is for all Windows 7 clients or Windows 8 clients. In my example I’m using Windows 8.

The Endpoint Protection updates works only with Device collection.

Step 1 Device Collection

Go to Assets and Compliance and right click on Device Collections. Click on Create Device Collection.

A new window will appear. Give the collection a name. I’ll choose for All Windows 8 Computers.

Limiting collection is All Systems

Click on Add Rule and click on Query Rule.

Give the query a name. In my example All Windows 8 Computers and click on Edit Query Statement

In the new window click on the button Show Query Language.

Ok, add this SQL query.

Select * from SMS_R_System where SMS_R_Systems.OperatingSystemNameAndVersion like “%Workstation 6.2%”

(for Windows 7 = Workstation 6.1)

Click Ok.

Click Ok.

Change schedule to 10 minutes (this is a lab)

Like this:

Click Next

And close the wizard.

Right click on the new collection and go to properties.

Open the tab Alerts

Enable View this collection in the Endpoint Protection dashboard.

Click Ok to close the properties.

Step 2 (Configure Software Update Point and Software updates)

Go to Administration -> Sites and select your site. Right click on your site and go to Configure Site Components -> Software Update Point

You have to select Forefront Endpoint Protection 2010 in the tab Products. Click Ok to close.

Go to Software Library in the menu. Right Click on All Software Updates and choose for Synchronize Software Updates.

You will get this warning. Click on Yes.

To check the status, you have to open wsyncmgr log. This log is located in C:\Program Files\Microsoft Configuration Manager\Logs

Go back to the console and right click on Automatic Deployment Rules and click on Create Automatic Deployment Rule.

Give the rule a name. In my example is that Automatic Deployment Rule for Endpoint Protection Updates.

Collection is the new collection All Windows 8 Computers.

Click Next.

Check Date Released or Revised and choose for last 1 day.

Check Product and choose for Forefront Endpoint Protection 2010.

Like this:

Change schedule to 1 day.

Change Time based to UTC and Software available time to 2 hours. Installation deadline is As soon as possible. Like this:

Click Next.

Enable Configuration Manager alerts.

Change deployment options to Download software updates from distribution point and install.

Select Create a new deployment package. Enter a name and the source path for the updates.

Add a distribution point.

Click Next.

Click Next.

Click Next

Click Close.

Step 3 (configure custom antimalware policies)

You have to configure an antimalware policies. Do not configure the default policy but always make a new one. This is the best practise to use the policies. The custom policies always take precedence over default antimalware policies as they have a higher priority.

Go to Assets and Compliance and right click on Antimalware Policies. Click on Create antimalware policy.

Enter a name and select everything in the list.

Ok, we have to configure the list in the left pane.

You have to configure the list items on the left. This is for every environment different, so I don’t go into the details of that. Don’t forget the source in Definition updates.

After that right click on the policy and choose for Deploy

Select the correct collection, in my example is All Windows 8 Computers.

Step 4 (Custom Client Device Settings)

You have to tell the client that you want to use Endpoint Protection. This means we have to change the Client Device Settings. Go to Administration and right click on Client Settings. Click on Create Custom Client Device Settings. Also with this custom has a higher priority than the Default Client settings.

Enter a name and select Endpoint Protection.

Go to Endpoint Protection in the left pane.

Change some settings if you want, but this is default. Click Ok.

Right click on the custom client device settings and click on deploy.

Select the collection and click Ok.

Now we have to check if everything is working. Go to the client and open Endpoint Protection. Click on the Arrow next to Help and click on About System Center Endpoint Protection

IN the list you have to find your custom policy, if not then we have to force or wait the sync with SCCM.

If you don’t find your custom policy, go to Control Panel and open Configuration Manager. Open the tab Actions and select Machine Policy Retrieval & Evaluation Cycle and then click on the Run Now button.

You will get this message. Click Ok and waith for a minute. After that the machine gets the custom antimalware policy.

You can also check the logs in C:\Windows\CCM\Logs\ for the endpoint protection status and for the updates.


6 thoughts on “Configure Endpoint Protection 2012 in SCCM 2012 SP1

  1. Ben


    do note that using
    Ok, add this SQL query.

    Select * from SMS_R_System where SMS_R_Systems.OperatingSystemNameAndVersion like “%Workstation 6.2%”

    (for Windows 7 = Workstation 6.1)

    it will also aply to servers! 😉

    Windows 8 6.2
    Windows Server 2012 6.2
    Windows 7 6.1
    Windows Server 2008 R2 6.1

    1. Thanks for your comment.

      Workstation 6.1 and 6.2 are only for Win7 and Win8. For servers you have to use Server 6.1 or 6.2 (I don’t not exactly what kind of version Windows Server 2009 R2 and Windows Server 2012 are using)

      I think that you mean this.. :).. It will be strange if you have to use a workstation filter for servers.

      1. Ben

        Yeah indeed, i did a quick search and didn’t directly find the difference between the two.
        Nowhere they mentioned the “server” or “workstation” variable.


  2. Ben

    Question: if i want to select computers depending on their names.. which query should i use then?
    all our normal clients have a computer name e.g: PC-….
    so we can seperate them from the servers.


    1. Hi Ben,

      That is SELECT * FROM SMS_R_System WHERE SMS_R_System.Name LIKE “PC-%”

      % = a wildcard.

      This is the query for your collection. Play with the wildcard and you get a nice collection for your PC and Servers.

      Good luck! If you have more question, let me know! 🙂

  3. […] Толковый гайд по конфигурированию антивиря в ConfigMgr 2012 SP1 […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: