In my daily job I'm doing a lot ConfigMgr and SCEP implementations. Sometimes Endpoint Protection (SCEP) is installed for antivirus and antimalware usage. During installation the SCEP client can be installed and an export of the SCEP policy can be applied. After the task sequence is done the SCEP client still needs to be updated however. This can be done during the task sequence also. Let's have a look.
 
The SCEP client can be installed with a ConfigMgr package. Just use a program like this: "SCEPInstall.exe /policy <policy>.xml". More about that can be found here: css-security.com
 
The SCEP definitions can be updated during a task sequence also. That way new definitions can be installed during OS deployment. More about that can be found here: chrisnackers.com
 
When using the SCEP definitions a VBS script is used, which downloads new MPAM and NIS definitions each day. When using a scheduled task this will be done automatically. The SCEP definitions package can be synchronized on the ConfigMgr Distribution point daily within package properties. This is needed to deploy the package with the new content downloaded. No SCEP installation with old definitions anymore :)
Download: EP_Definitions.vbs 
The definitions updates can be found on the following location:
-Endpoint Protection antimalware definition update (x86)
-Endpoint Protection antimalware definition update (x64)
-Network Inspection System definition updates (x86)
-Network Inspection System definition updates (x64)
Just use above configuration to automate installation and daily SCEP definitions, so a up-to-date SCEP client will be installed always. 
Just great, isn't it!?
 
 
No comments:
Post a Comment