Back to ConfigMgr 2012 menu
Previously we added our Endpoint Protection Point and created our own custom Antimalware Policy. We then deployed this policy to a test collection.
However none of this is of any use if we do not enable Endpoint Protection on clients.
Navigate to Administration > Site Configuration > Client Settings. As before we do not want to interfere the with Default Client Settings so we will create a Custom Client Device Settings.
Right click and choose "Create Custom Client Device Settings".
Enter a suitable name, select "Endpoint Protection" and click OK.
You receive a pop-up with client reboot information. Click OK to acknowledge.
Right click and choose Properties.
Select Yes to "Manage Endpoint Protection client on client computers"
Select Yes to "Install Endpoint Protection client on client computers".
Click OK to Save.
SCEP client will now be installed on all computers in the test collection when they retrieve their machine policy. They will be defined by our custom antimalware policy.
You can monitor the progress of the SCEP client installation using the EndpointProtectionAgent.log file.
Endpoint has been triggered.
SCEPInstall.exe starts. See the policy file used.
A SCEP icon will appear in the system tray. It is minimised but will open if you click on it.
You can see the application installing if you wish.
EP client is successfully installed.
SCEP 2012 icon now available.
New processes running.
New registry settings.
SCEP now completely installed on client. Let's review the settings that have been configured by policy.
Virus and spyware definitions are shown as up to date.
Settings - note they are all greyed out as there are defined by policy. Let's review the individual settings.
Excluded files and locations.
Excluded file types.
Navigate to Monitoring > Endpoint Protection Status > System Center 2012 Endpoint Protection
Choose a collection and see the client count starting to rise.
Right click a client and see the possible console actions.