System Center Endpoint Protection Policy Templates

On Microsoft TechNet you can find System Center Endpoint Protection (SCEP)Policy Templates. At the moment there's v4 which is from 11/3/2014. These templates can be used to import in ConfigMgr 2012 (R2) easily. You can choose to create multiple server collections to deploy them, or merge them to a single server policy. Best thing is to copy them to the default folder, which is: <ConfigMgr folder>\AdminConsole\XmlStorage\EPTemplates.

The following SCEP policies are enclosed:

The queries to decide which server is a member in which collection is enclosed also:
-----
SCEP Server CLUSTER
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "ClusSvc"
-----
SCEP Server EXCHANGE
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "MSExchange%"
-----
SCEP Server HYPER-V
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "vmms"
-----
SCEP Server IIS
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "W3SVC"
-----
SCEP Server RDS
select * from SMS_R_System inner join SMS_G_System_SERVER_FEATURE on SMS_G_System_SERVER_FEATURE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVER_FEATURE.ID = 18
-----
SCEP Server SCCM
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "SMS_SITE_COMPONENT_MANAGER"
-----
SCEP Server SCDPM
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "MSDPM"
-----
SCEP Server SCO
select * from  SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "orunbook"
-----
SCEP Server SCOM
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "cshost"
-----
SCEP Server SCSM
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "OMCFG"
-----
SCEP Server SCVMM
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "SCVMMService"
-----
SCEP Server SHAREPOINT
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "SPTimer%"
-----
SCEP Server SQL
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "MSSQL$%"
-----
SCEP Server WSUS
select * from SMS_R_System inner join SMS_G_System_SERVICE on SMS_G_System_SERVICE.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SERVICE.Name like "WsusService"
-----

Source: Microsoft TechNet

Just great to have many SCEP templates to build on!

Multiple anti-malware policies visible in Endpoint Protection 2012 R2

In SCCM 2012 with Service Pack 1 (SP1) with Endpoint Protection (SCEP) it was needed to look in registry when multiple anti-malware policies were active. More about that here: Prepare ConfigMgr client for Sysprep or Master Image.
It mentions: The policy name in SCEP will be named "Antimalware policy" by default. All SCEP policies applied can be found in registry: "HKLM\Software\Microsoft\CCM\EPAgent\LastAppliedPolicy"

In SCCM 2012 Release 2 (R2) this isn't needed anymore. This because multiple anti-malware policies are displayed in the SCEP client now. Much better this way isn't it!?