Monday, October 29, 2012

System Center 2012 Endpoint Protection (part 2)

Last time I wrote a blogpost about System Center 2012 Endpoint Protection (SCEP) functionality. I mentioned the installation/configuration and deploying SCEP agents. This time the SCEP series continues with deploying antimalware policies and definition updates. With a SCEP agent installed it's time to manage them with antimalware policies, and make sure definition updates will be installed every 8 hours (if available).

Beneath "Assets and Compliance" there's a folder for creating and managing Antimalware and Windows Firewall policies. Looking at antimalware policies there is a Default Client Antimalware Policy. Just leave it at default settings and create a new policy. Just rightclick and choose "Create Antimalware Policy" or "Import". In my case I'm using Import, and choose default policies for all type of servers being used. That way most values and exclusions are set by default, which can save you a lot of configuration time.
Nice thing is you can merge multiple policies to one single policy now. That functionality wasn't available in the earlier Forefront Endpoint Protection (FEP) 2010 release. When importing (for example) both Domain Controller, DNS Server and DHCP Server policies, you can merge them to one single policy when needed. You can select a Base policy and New policy name also. That way it's a lot easier to create new antimalware policies. Just have a look at the screenshot how it looks like.
Another important step is to configure automatic definition updates. In ConfigMgr 2007 with FEP 2010 it was needed to use the "Definition Update Automation Tool" in combination with a Task Scheduler. More about that in the following blogposts HERE and HERE. In ConfigMgr 2012 you can use "Automatic Deployment Rules" for that. Just create a new rule, select Search criteria based on FEP 2010 and deploy it. In my case I deployed it on the "All Desktop and Server Clients" collection. That way all clients with a SCEP agent will automatically receive new updates.

Both antimalware policies and definition updates are in place now!

My next blogpost will be about deploying monitoring, dashboard views and reports. Stay tuned for more!

No comments:

Post a Comment