Creating a Policy

Applies To: Forefront Endpoint Protection

Forefront Endpoint Protection policy settings define the various configuration options of the Forefront Endpoint Protection client software that you can manage. For example, administrators can manage the scan schedule, the location and frequency of definition updates, and scan exclusions. Forefront Endpoint Protection policy settings that you specify are contained in a Forefront Endpoint Protection policy object. Policies do not affect computers running the Forefront Endpoint Protection client software until you assign them to a Configuration Manager collection.

This section describes how to create a new Forefront Endpoint Protection policy.

To create a new policy

  1. In the Configuration Manager console, expand System Center Configuration Manager, expand Site Database, expand Computer Management, expand Forefront Endpoint Protection, and then click Policies.

  2. In the Actions pane, click New Policy. The New Policy Wizard opens.

  3. On the General page, type a name for the policy, and then click Next.

  4. On the Policy Type page, select the type of policy appropriate for your organization, and then click Next.

    Tip

    To select a policy template for specific server roles, select Policy template, and then select the appropriate server role.

    Note

    When selecting Policy template you are taken directly to the Summary page.

  5. On the Scheduled Scans page, select the scan frequency and set a schedule for the antimalware scans. For example, you could choose a Weekly quick scan every Sunday at 2:00 AM, and then click Next.

  6. On the Exclusions page, add files or folders you want to exclude from scans, and then click Next.

  7. On the Updates page, select the definition update options you want use in your organization, and then click Next.

    Important

    Before deploying the policy to collections, ensure that the definition update methods selected have been configured properly. For more information, see Configuring Definition Updates.

    Important

    The order in which the FEP client software checks for definition updates can be modified after the policy has been created. For more information about editing a policy, see Editing a Policy.

  8. On the Client Configuration page, select the options that you want to allow users to modify, and then click Next.

  9. On the Summary page, review the Details, and then click Next to create the policy.

  10. On the Wizard Completed page, click Close.

  11. Repeat these steps for each policy you want to create.

Important

New policies are assigned the highest precedence. For more information about changing policy precedence, see Setting Policy Precedence.

Next Steps

Editing a Policy

Setting Policy Precedence

Assigning a Policy to Endpoint Computers