Introduction to Endpoint Protection in Configuration Manager http://technet.microsoft.com/en us/library/hh508781.aspx When you use Endpoint Protection with Configuration Manager, you benefit from the following: You can configure antimalware policies and Windows Firewall settings to selected groups of computers, by using custom antimalware policies and client settings. You can use Configuration Manager software updates to download the latest antimalware definition files to keep client computers up-to-date. You can send email notifications, use in-console monitoring, and view reports to keep administrative users informed when malware is detected on client computers. Endpoint Protection installs its own client, which is in addition to the Configuration Manager client. The Endpoint Protection client has the following capabilities: Malware and Spyware detection and remediation. Rootkit detection and remediation. Critical vulnerability assessment and automatic definition and engine updates. Integrated Windows Firewall management. Network vulnerability detection via Network Inspection System. In the console, click on Administration, expand Overview and expand Site Configuration, select Servers and Site System Roles and click on Home in the Ribbon
and click on Add Site System Roles. Click next and then choose endpoint protection point
Click next and accept the endpoint protection license terms Choose the basic Membership as this is less intrusive, click next until all setting have successfully completed. Check SCCM server to see if endpoint 2012 has installed. How to Configure Alerts for Endpoint Protection in Configuration Manager http://technet.microsoft.com/en-us/library/hh508782.aspx Configure Endpoint Protection alerts in System Center 2012 Configuration Manager to notify administrative users when specific security events occur in your hierarchy. Notifications display in the Endpoint Protection dashboard in the Configuration Manager console, in reports, and you can configure them to be emailed to specified recipients. Use the following steps and the supplemental procedures in this topic to configure alerts for Endpoint Protection in Configuration Manager. To configure Alerts for a Collection, we need to create a collection called, Endpoint Protection Collections Click on Assets and Compliance in the console, device collections and then click on Create Device Collection in the ribbon.
Name the collection, and then browse to All Systems Next choose Query Rule, edit query statement/criteria/show query language and replace the code with; select * from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Workstation 6.1%"
Click next to finalise
Now we are going to choose the properties of the device collection, and add computers to this collection In Assets and Compliance select Devices and choose Device Collections, select the Endpoint Protection Collections and click on properties Click on the Alerts tab and place a checkmark in View this collection in the Endpoint Protection Dashboard, and then check all the selected items and apply. Configure SUP to deliver Definition Updates In the Configuration Manager console, click Software Library, expand Software Updates and click on Automatic Deployment Rules
click on Create Automatic Deployment Rule and the wizard appears, give the rule a suitable name like Automatic Deployment Rule for Endpoint Protection and point it to our previously created Endpoint Protection Collections, select to create a new software update group
On the Deployment Settings page of the wizard select Minimal from the Detail level dropdown list and then click Next this reduces State Messages returned and thus reduces Server load Select date Released or Revised and specify the value to search for, Last 1 day
Click next and edit your schedule to suit your needs Select Time based on UTC, this will install the latest definition at the same time, and the select hour to allow the deployment to reach all distribution points, then select As soon as possible
I have chosen to hide updates in the Software Center Tick to allow alerts Next we are going to set up a distribution point, so make sure that that you have a package source, Example \\server\folder\updates.
Click Download software updates from distribution point and install Create a new package deployment pack, and add the package source the same as the previously created folder. Add your distribution Point
Click next until the wizard completes.
Configure the SUP Products to Sync and Perform a Sync Click on Administration, expand Overview and expand Site Configuration, select Sites and click on Settings in the ribbon and click on Configure Site Components and select Software Update Point. Click on the products tab and check Endpoint Protection 2010/12 and change your Sync schedule to 1 day
Next click on Click on Software Library, then Software Updates, right click on All Software Updates choose Synchronize Software Updates, and click yes to the configuration manager
Configure Custom Client Settings for Endpoint Protection http://technet.microsoft.com/en us/library/gg682067.aspx All client settings in System Center 2012 Configuration Manager are managed in the Configuration Manager console from the Client Settings node in the Administration workspace. A set of default settings is supplied with Configuration Manager. When you modify the default client settings, these settings are applied to all clients in the hierarchy. You can also configure custom client settings, which override the default client settings when you assign these to collections. Many of the client settings are self-explanatory. Use the following sections for more information about the client settings that might require some information before you configure them. Click on the Configuration Manager console, click Administration, click Client Settings and on the Home tab in the Create group, click Create Custom Client Device Settings.
Select Endpoint Protection and call name it, and then click Ok. Now click on your Endpoint protection to specify the settings for devices;
You can now right click on your custom settings and deploy Configure Custom Antimalware Policies Now we are going to create an Antimalware Policy, click Assets and Compliance, click Endpoint Protection, and select Antimalware Policies. In the ribbon select Create Antimalware Policy.
Give a name and discription Set your Scheduled scans as required
Now as we want SCCM to send out Definition updates, Click on Set Source make sure only the Updates distributed from Configuration Manager is selected. Right click our Antimalware Policy and select Deploy, choose your collection and all should be good.