Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Confidential © 2012 Microsoft Corporation. All rights reserved.

Similar presentations


Presentation on theme: "Microsoft Confidential © 2012 Microsoft Corporation. All rights reserved."— Presentation transcript:

1 Microsoft Confidential © 2012 Microsoft Corporation. All rights reserved.

2 System Center 2012 Configuration Manager Concepts & Administration Lesson 8: System Center Endpoint Protection (SCEP) Premier Field Engineer Microsoft Your Name

3 Conditions and Terms of Use This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited. The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non- infringement. Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place, or event is intended or should be inferred. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. For more information, see Use of Microsoft Copyrighted Content at Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners. Copyright and Trademarks © 2012 Microsoft Corporation. All rights reserved. Microsoft Confidential

4 System Center 2012 Configuration Manager Microsoft Confidential 3 System Center Endpoint Protection (SCEP) in Configuration Manager

5 Objectives In this module you will learn about : Endpoint Protection in System Center 2012 Configuration Manager Capabilities of Endpoint Protection Features of Endpoint Protection client Microsoft Confidential 4

6 Endpoint Protection Endpoint Protection in System Center 2012 Configuration Manager Now fully integrated with Configuration Manager Configured as a Configuration Manager Role Capabilities of Endpoint Protection Configure antimalware policies and Windows Firewall settings Use Software Updates to download the latest antimalware definition files to keep clients up-to-date Stay updated on client status via notifications, in-console monitoring, and reports Endpoint Protection client Installs in addition to Configuration Manager client Malware/Spyware/rootkit detection and remediation Critical vulnerability assessment and automatic definition and engine updates Network vulnerability detection via Network Inspection System Integration with Microsoft Active Protection Services Microsoft Confidential 5

7 Managing Malware Create antimalware policies containing Endpoint Protection settings Deploy antimalware policies to client computers Managing Windows Firewall with Endpoint Protection Microsoft Confidential 6

8 Changes from Forefront Endpoint Protection 2010 No longer an add-on Install the Endpoint Protection client by using Configuration Manager client settings, or you can manage existing Endpoint Protection clients Role-Based Administration Endpoint Protection reports integrated with Configuration Manager reporting Update definitions and the definition engine using automatic deployment rules Classification: Definition updates Product: Forefront protection category Configure multiple malware alert types for malware notification Endpoint Protection dashboard is integrated with the Configuration Manager console Microsoft Confidential 7

9 Prerequisites for Endpoint Protection Deployment Dependencies Windows Server Update Services (WSUS) The following update methods require client computers to have Internet access: Updates distributed from Microsoft Update Updates distributed from Microsoft Malware Protection Center Clients download definition updates by using the built-in System account You must configure a proxy server for this account to enable these clients to connect to the Internet You can use Windows Group Policy to configure a proxy server on multiple computers Microsoft Confidential 8

10 Prerequisites for Endpoint Protection Deployment Dependencies Endpoint Protection point can only be enabled on the Central Administration Site (or a Standalone Primary) If using software updates to deliver definition and engine updates, you will need a Software Update Point Microsoft Confidential 9

11 Configure Endpoint Protection Steps to configure Endpoint Protection Create an Endpoint Protection point site system role Configure alerts for Endpoint Protection Optional: configure Software Updates to deliver definition updates to client computers Configure the default antimalware policy and create custom antimalware policies Configure custom client settings for Endpoint Protection Microsoft Confidential 10

12 DEMO: Enable and configure an Endpoint Protection Point Goals Scenario Ensure prerequisites are met Enable and configure the Endpoint Protection Point Ensure prerequisites are met Enable and configure the Endpoint Protection Point You are the Administrator of the Contoso Configuration Manager hierarchy and you wish to enable and configure an Endpoint Protection Point Microsoft Confidential 11

13 Creating and deploying antimalware policies Deploy antimalware policies to collections of Configuration Manager clients to determine how Endpoint Protection protects them from malware and threats Policies include information about the scan schedule, the types of files and folders to scan, and the actions to take when malware is detected Upon enabling Endpoint Protection: A default antimalware policy is applied to client computers You can use additional policy templates that are supplied or Create custom antimalware policies to customize the settings for your environment Microsoft Confidential 12

14 Modifying the default antimalware policy Microsoft Confidential 13

15 Creating a new antimalware policy Microsoft Confidential 14

16 Importing an antimalware policy Microsoft Confidential 15

17 Deploying an antimalware policy Microsoft Confidential 16

18 Create and deploy Windows Firewall policies Firewall policies for Endpoint Protection allow you to perform basic Windows Firewall configuration and maintenance tasks on client computers in your hierarchy You can use Windows Firewall policies to perform the following tasks: Control whether Windows Firewall is turned on or off Control whether incoming connections are allowed to client computers Control whether users are notified when Windows Firewall blocks a new program Group Policy settings will override any Configuration Manager settings for the Firewall Microsoft Confidential 17

19 Creating a Windows Firewall policy Microsoft Confidential 18

20 DEMO: Configuring and Deploying Antimalware and Windows Firewall Settings Goals Scenario Create new antimalware policy Import antimalware policy Configure policies for deployment Create new Windows Firewall policies Deploy specific policies to clients Create new antimalware policy Import antimalware policy Configure policies for deployment Create new Windows Firewall policies Deploy specific policies to clients You are the Administrator of the Contoso Configuration Manager hierarchy and you wish to deploy antimalware and Windows Firewall settings in your client environment Microsoft Confidential 19

21 Monitor Endpoint Protection in Configuration Manager Microsoft Confidential 20

22 What’s new SP1 ? Endpoint Protection client setting can be enabled to commit the changes on Windows Embedded devices that are write filter enabled Definition updates deployed by software updates can be configured to write to the overlay on Windows Embedded devices, without a restart immediately Endpoint Protection client can be installed only during configured maintenance windows. Maintenance window must be at least 30 minutes long to allow installation to occur. Endpoint Protection now uses client notification to start the following actions ASAP, instead of during the normal client policy polling interval With SP1, CM can handle Evaluation Schedule settings within Automatic Deployment Rule up to 3 times a day without impacting server performance to align with the Microsoft System Center Endpoint Protection definition updates publishing frequency. Microsoft Confidential 21  Force antimalware definition updates  Run quick scans  Run full scans  Allow threats  Exclude folders and files  Restore quarantined files

23 What’s new SP1 ? ….continued Improvements to software updates to allow more frequent distribution of Endpoint Protection definition updates Multiple antimalware deployed to a client computer are merged on the client When settings conflict, the setting with highest priority option is used. some settings are merged, such as exclusion lists from separate antimalware policies. Client-side merge also honors the priority that are configured for each antimalware policy. A software update deployment template named Definition Updates is included in the Deploy Software Updates Wizard and Automatic Deployment Rule Wizard. Microsoft Confidential 22

24 Lesson Review What would happen when there is a conflict between Group Policy settings and Configuration Manager EP Firewall policy settings? Are there anything added in SP1 with respect to Deployment Template? If yes then what is the name of that Deployment Template? Where can you install Endpoint Protection Point? Microsoft Confidential 23

25 Module Summary In this module you learned about : Endpoint Protection in System Center 2012 Configuration Manager Capabilities of Endpoint Protection Features of Endpoint Protection client Microsoft Confidential 24

26 APPENDIX Microsoft Confidential 25

27 List of Antimalware Policy Settings: Scheduled Scans Setting nameDescription Scan type You can specify one of two scan types to run on client computers: Quick scan: This type of scan checks in-memory processes and folders where malware is typically found. It requires fewer resources than a full scan. Full Scan: This type of scan adds a full check of all local files and folders to the items scanned in the quick scan. This scan takes longer than a quick scan and uses more CPU processing and memory resources on client computers. In most cases, use Quick scan to minimize the use of system resources on client computers. If malware removal requires a full scan, Endpoint Protection generates an alert that is displayed in the Configuration Manager console. The default value is Quick scan. Randomize the scheduled scan start times (within 30 minutes) Select True if you want to help avoid flooding the network if all computers send their antimalware scans results to the Configuration Manager database at the same time. This setting is also useful when you run multiple virtual machines on a single host. Select this option to reduce the number of simultaneous disk accesses for antimalware scanning. Microsoft Confidential 26

28 List of Antimalware Policy Settings: Scan Settings Setting nameDescription Scan network drives when running a full scan Set to True if you want to scan any mapped network drives on client computers. Microsoft Confidential 27

29 List of Antimalware policy settings: Default Actions The following actions can be selected to be taken when malware is detected on client computers: Recommended Use the action recommended in the malware definition file Quarantine Quarantine the malware but do not remove it Remove Remove the malware from the computer Allow Do not remove nor quarantine the malware Microsoft Confidential 28

30 List of Antimalware policy settings: Real-time Protection Setting nameDescription Enable real-time protection Set to True if you want to configure real-time protection settings for client computers. We recommend that you enable this setting. Monitor file and program activity on your computer Set to True if you want to monitor when files and programs start to run on client computers and alerts you about any actions that they perform or actions taken on them. Scan system files This setting lets you to configure whether incoming, outgoing, or incoming and outgoing system files are monitored for malware. You might have to change the default value of Scan incoming and outgoing files for performance reasons if a server has high incoming or outgoing file activity. Enable behavior monitoring Enable this setting to use computer activity and file data to detect unknown threats. When enabled, this setting might increase the time taken to scan computers for malware. Enable protection against network-based exploits Enable this setting to protect computers against known network exploits by inspecting network traffic and blocking any suspicious activity. Enable script scanning Set to True if you want to scan any scripts that run on computers for suspicious activity. Microsoft Confidential 29

31 List of Antimalware policies: Threat Overrides Microsoft Confidential 30 Setting nameDescription Threat name and override action Click Set to customize the remediation action to take for each threat ID when it is detected during a scan.

32 List of Antimalware policies: Threat Overrides Microsoft Confidential 31 Setting nameDescription Set sources and order for Endpoint Protection client updates Click Set Source to specify the sources for definition and scanning engine updates, and the order in which they are used. If Configuration Manager is specified as one of the sources, other sources are used only if software updates fails to download the client updates. If you use any of the following methods to update definitions on client computers, the client computer must be able to access the Internet. Updates distributed from Microsoft Update Updates distributed from Microsoft Malware Protection Center


Download ppt "Microsoft Confidential © 2012 Microsoft Corporation. All rights reserved."

Similar presentations


Ads by Google