Export (0) Print
Expand All
8 out of 10 rated this helpful - Rate this topic

How to Configure Endpoint Protection in Configuration Manager

Updated: November 1, 2012

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Endpoint Protection, System Center 2012 Endpoint Protection SP1, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Endpoint Protection

Before you can use Endpoint Protection to manage security and malware on System Center 2012 Configuration Manager client computers, you must perform the configuration steps detailed in this topic.

Use the following table for the steps, details, and more information about how to configure Endpoint Protection.

 

Steps Details More information

Step 1: Create an Endpoint Protection point site system role.

The Endpoint Protection point site system role must be installed before you can use Endpoint Protection. It must be installed on one site system server only, and it must be installed at the top of the hierarchy on a central administration site or a stand-alone primary site.

See Step 1: Create an Endpoint Protection Point Site System Role in this topic.

Step 2: Configure alerts for Endpoint Protection.

Alerts inform the administrator when specific events have occurred, such as a malware infection. Alerts are displayed in the Alerts node of the Monitoring workspace, or optionally can be emailed to specified users.

See How to Configure Alerts for Endpoint Protection in Configuration Manager.

Step 3: Configure definition update sources for Endpoint Protection clients.

Endpoint Protection can be configured to use various sources to download definition updates.

See How to Configure Definition Updates for Endpoint Protection in Configuration Manager.

Step 4: Configure the default antimalware policy and create any custom antimalware policies.

The default antimalware policy is applied when the Endpoint Protection client is installed. Any custom policies you have deployed are applied by default, within 60 minutes of deploying the client. Ensure that you have configured antimalware policies before you deploy the Endpoint Protection client.

See How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager.

Step 5: Configure custom client settings for Endpoint Protection.

Use custom client settings to configure Endpoint Protection settings for collections of computers in your hierarchy.

ImportantImportant
Do not configure the default Endpoint Protection client settings unless you are sure that you want these settings applied to all computers in your hierarchy.

See Step 5: Configure Custom Client Settings for Endpoint Protection in this topic.

Use the following information when the steps in the preceding table require supplemental procedures.

Use one of the following procedures depending on whether you want to install a new site system server for Endpoint Protection or use an existing site system server.

ImportantImportant
When you install an Endpoint Protection point, an Endpoint Protection client is installed on the server hosting the Endpoint Protection point. Services and scans are disabled on this client to enable it to co-exist with any existing antimalware solution that is installed on the server. If you later enable this server for management by Endpoint Protection and select the option to remove any third-party antimalware solution, the third-party product will not be removed. You must uninstall this product manually.

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, and then click Servers and Site System Roles.

  3. On the Home tab, in the Create group, click Create Site System Server.

  4. On the General page, specify the general settings for the site system, and then click Next.

  5. On the System Role Selection page, select Endpoint Protection point in the list of available roles, and then click Next.

  6. On the Endpoint Protection page, select the I accept the Endpoint Protection license terms check box, and then click Next.

    ImportantImportant
    You cannot use Endpoint Protection in Configuration Manager unless you accept the license terms.

  7. On the Microsoft Active Protection Service page, select the level of information that you want to send to Microsoft to help develop new definitions, and then click Next.

    noteNote
    This option configures the Microsoft Active Protection Service settings that are used by default. You can then configure custom settings for each antimalware policy you create. Join Microsoft Active Protection Service, to help to keep your computers more secure by supplying Microsoft with malware samples that can help Microsoft to keep antimalware definitions more up-to-date. Additionally, when you join Microsoft Active Protection Service, the Endpoint Protection client can use the dynamic signature service to download new definitions before they are published to Windows Update. For more information, see How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager.

  8. Complete the wizard.

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, click Servers and Site System Roles, and then select the server that you want to use for Endpoint Protection.

  3. On the Home tab, in the Server group, click Add Site System Roles.

  4. On the General page, specify the general settings for the site system, and then click Next.

  5. On the System Role Selection page, select Endpoint Protection point in the list of available roles, and then click Next.

  6. On the Endpoint Protection page, select the I accept the Endpoint Protection license terms check box, and then click Next.

    ImportantImportant
    You cannot use Endpoint Protection in Configuration Manager unless you accept the license terms.

  7. On the Microsoft Active Protection Service page, select the level of information that you want to send to Microsoft to help develop new definitions, and then click Next.

    noteNote
    This option configures the Microsoft Active Protection Service settings that are used by default. You can configure custom settings for each antimalware policy you configure. For more information, see How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager.

  8. Complete the wizard.

This procedure configures custom client settings for Endpoint Protection which can be deployed to collections of computers in your hierarchy.

ImportantImportant
Do not configure the default Endpoint Protection client settings unless you are sure that you want them applied to all computers in your hierarchy.

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Client Settings.

  3. On the Home tab, in the Create group, click Create Custom Client Device Settings.

  4. In the Create Custom Client Device Settings dialog box, provide a name and a description for the group of settings, and then select Endpoint Protection.

  5. Configure the Endpoint Protection client settings that you require. For a full list of Endpoint Protection client settings that you can configure, see the section Endpoint Protection in the topic About Client Settings in Configuration Manager.

    ImportantImportant
    You must install the Endpoint Protection site system role before you can configure client settings for Endpoint Protection.

  6. Click OK to close the Create Custom Client Device Settings dialog box. The new client settings are displayed in the Client Settings node of the Administration workspace.

  7. Before the custom client settings can be used, you must deploy them to a collection. Select the custom client settings you want to deploy and then, in the Home tab, in the Client Settings group, click Deploy.

  8. In the Select Collection dialog box, choose the collection to which you want to deploy the client settings and then click OK. The new deployment is shown in the Deployments tab of the details pane.

Client computers will be configured with these settings when they next download client policy. To initiate policy retrieval for a single client, see the Initiate Policy Retrieval for a Configuration Manager Client section in the How to Manage Clients in Configuration Manager topic.

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.