Security and Privacy for Endpoint Protection in Configuration Manager
Updated: June 26, 2015
Applies To: System Center 2012 R2 Endpoint Protection, System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Endpoint Protection, System Center 2012 R2 Configuration Manager SP1
This topic appears in the Assets and Compliance in System Center 2012 Configuration Manager guide and in the Security and Privacy for System Center 2012 Configuration Manager guide.
This topic contains information about security best practices and privacy information for Endpoint Protection in System Center 2012 Configuration Manager.
Because Endpoint Protection uses software updates to deliver definition updates to client computers, make sure that you also read Security and Privacy for Software Updates in Configuration Manager.
Use the following security best practices for Endpoint Protection.
Security best practice
Use automatic deployment rules to deliver definition updates to client computers.
Use the software updates automatic deployment rules to ensure that clients automatically receive the latest definition updates.
Make sure that the site is configured to use encryption, or that all management points are configured for HTTPS client connections.
Because Endpoint Protection clients use status messages to send information about any malware that they detect, prevent others from reading this information on the network by encrypting the data.
For management points to support HTTPS client connections, you must deploy PKI certificates. For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager.
If you use email notification, configure authenticated access to the SMTP mail server.
Whenever possible, use a mail server that supports authenticated access and use the computer account of the site server for authentication. If you must specify a user account for authentication, use an account that has the least privileges.
Ensure that end users do not have local administrative privileges.
Although it is always a security best practice to grant end users the least privileges that they need and not to grant them local administrative privileges, this is especially important for Endpoint Protection. When users have local administrative rights on computers that run the Endpoint Protection client, they might be able to do the following:
Endpoint Protection has the following security issues:
Email notification uses SMTP, which is a protocol that lacks security protection.
When you use email notification for Endpoint Protection, this can be a convenient method to quickly learn about the malware that is detected on computers so that you can take remedial action as soon as possible. However, before you enable notifications by using email, consider the advantages and disadvantages according to your security risk profile and infrastructure capacity. For example, anybody can send email from your specified sender address and tamper with the message. In addition, an attacker could flood the network and email server with spoofed emails that appear to come from Configuration Manager.
You see privacy information for Endpoint Protection when you install the Endpoint Protection point, and you can read the Microsoft System Center 2012 Endpoint Protection Privacy Statement online.