In this two part article we’ll look at the anti-malware tool included in the recently released System Center 2012 product. The first part will cover installation and the integrated experience of managing SCEP.
Introduction to System Center Endpoint Protection
Protecting servers, client machines and mobile devices against malware is a must in any network, small or large. Whilst not the whole story, certainly that defense starts with a good anti-malware product and now, with Microsoft bundling the entire group of programs together into one program, more business might see System Center Endpoint Protection (SCEP) as a clear choice.
And it’s not a bad choice, with multi engine protection, advanced heuristics, a totally integrated infrastructure, simple administration and an easy to use interface, SCEP is an excellent tool. The first point is perhaps the most critical; having multiple scanning engines with separate signature files enables one engine to be updated whilst other keep scanning for malware as well as making sure those particular nasties that haven’t yet been identified in one engine are more likely to be covered by another.
Installation of System Center Endpoint Protection
This is the easiest step of all, there is no server installation. SCEP is part of Configuration Manager 2012 (SCCM) and simply by installing it you have SCEP ready to go in your environment. This is a definite improvement over the previous version, 2010, which integrates with SCCM 2007. That version requires a separate installation, a separate database as well as a separate management interface. SCEP 2012 uses the native SCCM databases and there’s no separate console for management and there are no separate Anti-Virus policies to setup. Instead the rich policy control that SCEP offers is integrated into the overall client policies that SCCM offers.
The key to anti-malware in a large environment is to be able to push out detailed policy for all clients – this will be smoother in SC 2012 SP1.
Once you enable the client it will silently install, and if necessary first uninstall Symantec, McAfee and TrendMicro as well as Microsoft Forefront Client Security / Endpoint Protection AV agents. A big strength of Security Essentials, Microsoft’s free anti-malware solution is that it’s silent from the end user’s perspective. Most people don’t know what to select in odd pop-up boxes that offer technical information and this will inevitably lead to help desk calls. The SCEP client works in a similar way, quietly going about its business of protecting the machine.
The coming SP1 will offer a Mac SCEP client as part of the overall SCCM Mac client, and whilst this isn’t as seamlessly integrated as the Windows client, it’s nevertheless a step in the right direction. There’s also a Linux client coming in SP1.
Setting up centralized policies for exclusions and overall scan functions is easy in SCEP 2012.
The second part of this two part overview of System Center Endpoint Protection will look at how SCEP is managed through central policies and the new role for delegated administration as well as new reports.