Saturday 31 August 2013

Config Mgr 2012 Endpoint Protection: Antimalware Policy

Back to Endpoint Protection menu

Back to ConfigMgr 2012 menu

This is an extract from the Microsoft TechNet Library

"You can deploy antimalware policies to collections of Microsoft System Center 2012 Configuration Manager client computers to specify how Endpoint Protection protects them from malware and other threats. These antimalware policies include information about the scan schedule, the types of files and folders to scan, and the actions to take when malware is detected. When you enable Endpoint Protection, a default antimalware policy is applied to client computers. You can also use additional policy templates that are supplied or create your own custom antimalware policies to meet the specific needs of your environment."

Navigate to Asset and Compliance > Endpoint Protection > Antimalware Policies

See the Default Client Antimalware Policy. This was created when the Endpoint Protection Point was added. Let's examine the properties of the policy. Right click and choose Properties.

Default Scheduled Scans

Default Scan Settings

Default Actions.

Default Real-time protection settings.

Default exclusion settings. Click Set to examine the excluded files and folders.

Excluded files and folders.

Advanced Settings - default options.

Threat Overrides

Choice of MAPS membership.

Default Definition Updates settings. Click "Set Source" to see the order of configured definition update sources.

List and order of sources.

They were the settings configured in the Default Antimalware Policy. However it is best practice not to use the default policy. It is recommended to create your own custom policies and deploy to collections as required.

Navigate to Asset and Compliance > Endpoint Protection > Antimalware Policies.

Right click and choose "Create Antimalware Policy"

Select all the options.

Right click and choose properties if you wish to make any policy changes. eg you may want ConfigMgr to be your only source for definition updates.

Now you must deploy the policy to a collection - I have a test collection.

Right click the policy and select Deploy.

Select the collection you require and click OK to deploy.

We have now added our Endpoint Protection Point and we have created our own custom Antimalware Policy. We have also deployed this policy to a test collection.

However we have yet to enable SCEP on any clients. We will do that in the next section.

No comments:

Post a Comment