Saturday, 31 August 2013

ConfigMgr 2012 / SCCM 2012 SP1 Step by Step Guide Part 35: Endpoint Protection

Back to ConfigMgr 2012 menu

Part 35 of my ConfigMgr 2012 SP1 guide describes how to implement Endpoint Protection.

System Center Endpoint Protection 2012 is now integrated with ConfigMgr and replaces Forefront Endpoint Protection 2010 (which can no longer be deployed as a stand-alone product). The SCEP client can be automatically installed with the ConfigMgr agent. 

Be careful. Even if you are fully licensed for System Center you may not be licensed for Endpoint Protection (although the client license is included in the Core CAL and Enterprise CAL suites).

Note that you can find this full series of blog posts in a single PDF download 

Implementing Endpoint Protection with ConfigMgr 2012

Please browse the following links to see a full implementation of SCEP.

Add Endpoint Protection Point

Antimalware Policy

Enable SCEP on clients

Alerts and Subscriptions

Definition Updates

Anti-virus exclusions

SCEP Troubleshooting  


  1. Hi Mr Gerry,

    I am very naive and confused with System Center Product.
    I have been assigned to deploy and setup System Center Configuration Manager 2012 SP1 with EndPoint Protection.

    As mentioned, i am new but slowly i am reading your Guide and managed to install and setup the SCCM. I have done your Part 3 "ConfigMgr 2012 SP1 Installation".

    So after Part 3, what should i do? Go straight to Part 35 "Endpoint Protection"? OR i should do other Part first?

    Look forward to your help

    1. No, you need to do at least up to part 7. Have a look at my guide for implementing Endpoint Protection on TechNet Gallery.

  2. Hi Mr Gerry,

    BTW, we are implementing SCCM for use in our Citrix XD 7.1 (MCS) client. Can you give me some input on SCCM on XD 7.1 (MCS) deployment guides or any help.


    1. Sorry, I have no Citrix guides. It's not really my area.

  3. Hi Gerry thanks for these great posts. Is it possible to add a process for endpoint protection to quarantine? I see you can exclude processes but is there any way to add one so that if a certain process is run SCEP will stop it?


    1. Thanks. No, I don't believe you can do that.

  4. i can block a application installed

  5. Hello Gerry,

    This has been a great guideline for any new SCCM administrator.

    I want to ask one thing that , how to mange windows defender client using system center 2012 R2 configuration manager. As in windows 10 ,SCEP is not compatible.Windows defender has taken place of SCEP. Please assist.


    1. Thanks Nilesh. Two good links to help you:

  6. Does anyone know how to make endpoint protection install on a second domain?