System Center 2012 Endpoint Protection Review - Part 2: Configuration

The second part of this two part overview of System Center Endpoint Protection will look at how SCEP is managed through central policies and the new role for delegated administration as well as new reports.
Profile gravatar of Paul Schnackenburg

Paul Schnackenburg

Paul Schnackenburg works part time as an IT teacher as well as running his own business in Australia. He has MCSE, MCT, MCTS and MCITP certifications. Follow his blog TellITasITis.
Profile gravatar of Paul Schnackenburg

Manage System Center Endpoint Protection ^

There are two things you should do before enabling SCEP on your clients and servers; first of all configure your policy settings for the different types of clients and servers you have. SCEP doesn’t just let you manage AV policies but you can also control Windows Firewall settings and exceptions. If you’re already doing this through some other mechanism today (Group Policy) you can continue to use that model but if you’re not it certainly makes sense to centralize most policy settings for security in one management interface.

In the RTM version you have to configure a custom policy with all the settings you desire for a particular subset of computers which means that you might end up with numerous similar policies to maintain. In the forthcoming Service Pack 1 (in CTP2, pre-beta at the time of writing) you can create a policy with just the differing settings and the client will automatically merge together targeted policies, making maintenance much smoother.

System Center 2012 Endpoint Protection - Configuration Windows Firewall

Controlling Windows Firewall through the same policies used to control the overall antimalware solution makes for a smooth administration experience.

The second step is to configure signature distribution – SCEP clients can pick up their signatures from a file share, through Windows Update / Microsoft Update (Wu/Mu) or through software updates in SCCM. The latter method is the most common and involves configuring Automatic Deployment Rules. These are new to SCCM 2012 and bring the same functionality that’s been available in Windows Server Update Services (WSUS) where you can configure that particular types of updates (critical security patches) are automatically approved and deployed to sets of machines. New in SCEP 2012 is that the signatures are fanned out through the normal Distribution Points. In the RTM version you can only configure updates to go out once per day, in SP 1 you’ll be able to set it to every eight hours, to match Microsoft’s signature update publishing.

System Center Endpoint Protection - Definition Updates

Controlling how your clients receive signature updates is crucial in today’s distributed networks.

Roles and Reporting in System Center Endpoint Protection ^

Role Based Access Control is new in SCCM, consequently there’s a new Endpoint Protection Administrator role that can customized and scoped in larger environments. Messages about infections generated at the client are sent to the management server with high priority and these alerts can be sent to administrators as emails. There are also new reports that make it easier to correlate user actions with infection rates.

Another new feature in 2012 is Real Time Actions – also known as the Big Green Button – a way for administrators to push out urgent actions across a large number of clients to combat a particular infection through a quick or full scan for instance.

Earlier versions had a feature called Microsoft Spynet; no points for guessing why the uptake of this service was less than enthusiastic. In this version this feature is called Microsoft Active Protection Service and it’s a cloud based service that offer signature updates in near real time to combat newly identified threats for instance. The heuristics scanning that attempt to identify infections or threats that haven’t been identified yet is also improved in this version.

Conclusion ^

The integration of SCEP into SCCM in this version is flawless and will appeal to any Sysop looking for simplicity, and the overall management process is remarkably easy. Of course there will always be CSOs that claim that it’s better to have a third party AV product than relying on Microsoft to protect its own products but seeing as you get SCEP for “free” (there’s client licensing involved depending on which SC products you use in your environment) with SC 2012 I suspect that many more businesses will choose this excellent anti malware product in the future.

Take part in our competition and win $100!

Related Posts

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017
Do NOT follow this link or you will be banned from the site!

Log in with your credentials

or    

Forgot your details?

Create Account