In this blog I’ll explain how to configure Endpoint Protection 2012. This scanner/protection is in SCCM 2012 integrated and it will be installed automatically if the client has the Configmgr client installed.
So, this is a simple, but a quick how-to. (You must already have installed the WSUS and installed and configured the Software Update Point role (SUP))
First, we have to make a new collection. This collection is for all Windows 7 clients or Windows 8 clients. In my example I’m using Windows 8.
The Endpoint Protection updates works only with Device collection.
Step 1 Device Collection
Go to Assets and Compliance and right click on Device Collections. Click on Create Device Collection.
A new window will appear. Give the collection a name. I’ll choose for All Windows 8 Computers.
Limiting collection is All Systems
Click on Add Rule and click on Query Rule.
Give the query a name. In my example All Windows 8 Computers and click on Edit Query Statement
In the new window click on the button Show Query Language.
Ok, add this SQL query.
Select * from SMS_R_System where SMS_R_Systems.OperatingSystemNameAndVersion like “%Workstation 6.2%”
(for Windows 7 = Workstation 6.1)
Change schedule to 10 minutes (this is a lab)
And close the wizard.
Right click on the new collection and go to properties.
Open the tab Alerts
Enable View this collection in the Endpoint Protection dashboard.
Click Ok to close the properties.
Step 2 (Configure Software Update Point and Software updates)
Go to Administration -> Sites and select your site. Right click on your site and go to Configure Site Components -> Software Update Point
You have to select Forefront Endpoint Protection 2010 in the tab Products. Click Ok to close.
Go to Software Library in the menu. Right Click on All Software Updates and choose for Synchronize Software Updates.
You will get this warning. Click on Yes.
To check the status, you have to open wsyncmgr log. This log is located in C:\Program Files\Microsoft Configuration Manager\Logs
Go back to the console and right click on Automatic Deployment Rules and click on Create Automatic Deployment Rule.
Give the rule a name. In my example is that Automatic Deployment Rule for Endpoint Protection Updates.
Collection is the new collection All Windows 8 Computers.
Check Date Released or Revised and choose for last 1 day.
Check Product and choose for Forefront Endpoint Protection 2010.
Change schedule to 1 day.
Change Time based to UTC and Software available time to 2 hours. Installation deadline is As soon as possible. Like this:
Enable Configuration Manager alerts.
Change deployment options to Download software updates from distribution point and install.
Select Create a new deployment package. Enter a name and the source path for the updates.
Add a distribution point.
Step 3 (configure custom antimalware policies)
You have to configure an antimalware policies. Do not configure the default policy but always make a new one. This is the best practise to use the policies. The custom policies always take precedence over default antimalware policies as they have a higher priority.
Go to Assets and Compliance and right click on Antimalware Policies. Click on Create antimalware policy.
Enter a name and select everything in the list.
Ok, we have to configure the list in the left pane.
You have to configure the list items on the left. This is for every environment different, so I don’t go into the details of that. Don’t forget the source in Definition updates.
After that right click on the policy and choose for Deploy
Select the correct collection, in my example is All Windows 8 Computers.
Step 4 (Custom Client Device Settings)
You have to tell the client that you want to use Endpoint Protection. This means we have to change the Client Device Settings. Go to Administration and right click on Client Settings. Click on Create Custom Client Device Settings. Also with this custom has a higher priority than the Default Client settings.
Enter a name and select Endpoint Protection.
Go to Endpoint Protection in the left pane.
Change some settings if you want, but this is default. Click Ok.
Right click on the custom client device settings and click on deploy.
Select the collection and click Ok.
Now we have to check if everything is working. Go to the client and open Endpoint Protection. Click on the Arrow next to Help and click on About System Center Endpoint Protection
IN the list you have to find your custom policy, if not then we have to force or wait the sync with SCCM.
If you don’t find your custom policy, go to Control Panel and open Configuration Manager. Open the tab Actions and select Machine Policy Retrieval & Evaluation Cycle and then click on the Run Now button.
You will get this message. Click Ok and waith for a minute. After that the machine gets the custom antimalware policy.
You can also check the logs in C:\Windows\CCM\Logs\ for the endpoint protection status and for the updates.