Export (0) Print
Expand All

How to Manage Antimalware Policies and Firewall Settings for Endpoint Protection in Configuration Manager

Updated: April 1, 2013

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Endpoint Protection, System Center 2012 Endpoint Protection SP1, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Endpoint Protection

Use the information in this topic to help you manage Endpoint Protection antimalware policies and Windows Firewall policies in Microsoft System Center 2012 Configuration Manager, to perform on-demand scans, to force computers to download the latest available definitions, and to remediate detected malware.

In the Assets and Compliance workspace, expand Endpoint Protection, click Antimalware Policies, select the antimalware policy that you want to manage, and then select a management task.

Use the following table for more information about the management tasks that might require some information before you select them.

 

Task Details

Increase Priority

If multiple antimalware policies are deployed to the same computer, they are applied in order. Use this option to increase the priority by which the selected antimalware policy is applied. Use the Order column to view the order in which the policies are applied.

The antimalware policy that has the highest numbered priority is always applied first.

Decrease Priority

If multiple antimalware policies are deployed to the same computer, they are applied in order. Use this option to decrease the priority by which the selected antimalware policy is applied. Use the Order column to view the order in which the policies are applied.

Merge

Merges the two selected antimalware policies. In the Merge Policies dialog box, enter a name for the new, merged policy. The Base policy is the antimalware policy that is merged with this new antimalware policy.

noteNote
If two settings conflict, the most secure setting is applied to computers.

Deploy

Opens the Select Collection dialog box. Select the collection to which you want to deploy the antimalware policy, and then click OK.

In the Assets and Compliance workspace, click Endpoint Protection, click Windows Firewall Policies, select the Windows Firewall policy that you want to manage, and then select a management task.

Use the following table for more information about the management tasks that might require some information before you select them.

 

Task Details

Increase Priority

If multiple Windows Firewall policies are deployed to the same computer, they are applied in order. Use this option to increase the priority by which the selected Windows Firewall policy is applied. Use the Order column to view the order in which the policies are applied.

Decrease Priority

If multiple Windows Firewall policies are deployed to the same computer, they are applied in order. Use this option to decrease the priority by which the selected Windows Firewall policy is applied. Use the Order column to view the order in which the policies are applied.

Deploy

Opens the Deploy Windows Firewall Policy dialog box from where you can deploy the firewall policy to a specified collection.

You can perform a scan of a single computer, multiple computers, or a collection of computers in the Configuration Manager console. This scan occurs outside any scheduled scans that you configured. Use the following procedure to perform an on-demand scan.

ImportantImportant
If any of the computers that you select do not have the Endpoint Protection client installed, the on-demand scan option is unavailable.

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Devices or Device Collections node, select the computer or collection of computers that you want to scan.

  3. On the Home tab, in the Collection group, click Endpoint Protection, and then click Full Scan or Quick Scan.

The scan will take place when the computer or collection of computers next downloads client policy. To monitor the results from the scan, use the procedures in How to Monitor Endpoint Protection in Configuration Manager.

You can force a single computer, multiple computers, or a collection of computers to download the latest definition files from the Configuration Manager console by using the following procedure.

ImportantImportant
If any of the computers that you select do not have the Endpoint Protection client installed, the Download Definition option is unavailable.

  1. In the Devices or Device Collections node, select the computer or collection of computers for which you want to download definitions.

  2. On the Home tab, in the Collection group, click Endpoint Protection, and then click Download Definition. The definition download will take place when the computer or collection of computers next downloads client policy.

    noteNote
    Use the System Center 2012 Endpoint Protection Status node in the Monitoring workspace to discover clients that have out-of-date definitions.

When malware is detected on client computers, this will be displayed in the Malware Detected node under Endpoint Protection Status in the Monitoring workspace of the Configuration Manager console. Select an item from the Malware Detected list, and then use one of the following management tasks to remediate or allow the detected malware:

 

Task Details

Allow this threat

Creates an antimalware policy to allow the selected malware. The policy is deployed to the All Systems collection and can be monitored in the Client Operations node of the Monitoring workspace.

Restore files quarantined by this threat

Opens the Restore quarantined files dialog box where you can select one of the following options:

  • Run the allow-threat or exclusion operation first to assure that files are not put back into quarantine – Restores the files that were quarantined because of the detected malware and also excludes the files from malware scans. If you do not exclude the files from malware scans, they will be quarantined again when the next scan runs.

  • Restore files without a dependency on the allow or exclusion job – Restores the quarantined files but does not add them to the exclusion list.

View infected clients

Displays a list of all clients that were infected by the selected malware.

Exclude selected files or paths from scan

When you select this option from the malware details pane, the Exclude files and paths dialog box opens where you can specify the files and folders that you want to exclude from malware scans.

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft