Share via


Best Practices for Endpoint Protection in Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 R2 Endpoint Protection, System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Endpoint Protection, System Center 2012 R2 Configuration Manager SP1

Use the following best practices for Endpoint Protection in System Center 2012 Configuration Manager.

Configure custom client settings for Endpoint Protection

When you configure client settings for Endpoint Protection, do not use the default client settings because they apply settings to all computers in your hierarchy. Instead, configure custom client settings and assign these settings to collections of computers in your hierarchy.

When you configure custom client settings, you can do the following:

  • Customize antimalware and security settings for different parts of your organization.

  • Test the effects of running Endpoint Protection on a small group of computers before you deploy it to the entire hierarchy.

  • Add more clients to the collection over time to phase your deployment of the Endpoint Protection client.

Distributing definition updates by using software updates

If you are using Configuration Manager software updates to distribute definition updates, consider placing definition updates in a package that does not contain other software updates. This keeps the size of the definition update package smaller which allows it to replicate to distribution points more quickly.