Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 6. Adding the Endpoint Protection role, configure Alerts and custom Antimalware Policies.

Recommended Posts

basically we use the first created ADR to create the Endpoint Protection Definition Updates package, once created, we then disable that ADR (because of the way we created it purely to create a NEW deployment package...) then we create another ADR practically matching the first except instead of creating a new package we point it to the package created in the first (now disabled) ADR.

 

does that help ?

 

Now my source folder \\sccm\sources\updates\Endpoint is more than 10gb, can we delete some of the files?

Share this post


Link to post
Share on other sites

Hi,

I have a problem with installing with Endpoint Protection on my client machine. I have installed on my SCCM 2012 R2 Server the Endpoint Protection and I see now on the desktop a green symbol of End Protection. But I have some questions:

1)How can I install or deploy Endpoint Protection on my others servers and my client machine?

2) After installing Endpoint Protection on my client machine or my Servers, should I see the green symbol too?

Thanks for help

Regards

Keywan

Share this post


Link to post
Share on other sites

 

Hi,

 

I have a problem with installing with Endpoint Protection on my client machine. I have installed on my SCCM 2012 R2 Server the Endpoint Protection and I see now on the desktop a green symbol of End Protection. But I have some questions:

 

1)How can I install or deploy Endpoint Protection on my others servers and my client machine?

 

2) After installing Endpoint Protection on my client machine or my Servers, should I see the green symbol too?

 

Thanks for help

 

Regards

 

Keywan

 

 

Have you followed the full guide? It shows how to deploy EndPoint to all your systems. At a high level, You need to specify client settings and target those EndPoint Protection client settings at a collectio nthat contains the devices you want to manage. Then, you need to think about Anti-Malware Policies and definition update mechanisms.

Share this post


Link to post
Share on other sites

I am just thinking out load here...

 

What is the advantage of creating 13 individual ADR rules? They each do the same thing except they point to a different collection. Would there be any benefit to creating a master collection named for example Endpoint Protection Updates and adding all the individual collections under it? This way you only have one ADR for Endpoint Protection. Since definitions are downloaded every day, I don't think having the ability to create unique schedules would be that beneficial. I am trying to simplify this down for admins as there are 4 basic components involved which can be confusing for some: Collection, Antimalware Policy, Client Setting and ADR. Please let me know if I am overlooking something.

Share this post


Link to post
Share on other sites

sure you can do it that way, use the Include rule.

not every customer will want all their servers updated the same way or time however hence having different ADR's can be beneficial (for reporting too...)

Share this post


Link to post
Share on other sites

I think having lots of ADRs for EP Definition updates is for the most part unnecessary (but depends on your situation). I have three ADRs for deploying EP updates. One for desktops, one for laptops and one for servers. I do this to allow for different download settings for EP updates. For example, I don't want any of our desktops to go to Microsoft Update to download definitions because that would put a heavy load on our WAN links that are already starved for bandwidth (As all internet/datacenter and a lot of the telco traffic goes through the main campus - not the design I would choose). They have to go to a DP. (I also control this through the Antimalware Policy) However, for servers, if they can't get the definition on a DP in the datacenter, I'm OK with them going to the internet because they have a lot more bandwidth available to them because they are all in the datacenter. Likewise, I allow sharing content on the local subnet (BrancheCache) for the desktop ADR because some are in small remote sites without a DP so that should cut down a bit on WAN utilization, but for server I don't need that because they have a local DP.

 

I think it's a really good idea though to have lots of collections (Really as many as you need for granularity) for deploying the Antimalware policies for servers. We have only two policies for desktops and laptops but we have at least 10 policies for different server workloads. I basically set up a collection for each of the in box antimalware policies for each Microsoft workload we have in the environment. We have those policies ordered in such a way that precedence applies the settings in the way we desire. We have a one-to-one correlation between an Antimalware Policy and a collection targeting that type of workload. Then we use global security groups (Of which computer objects are members) to define rules for the collections for the various workloads (SQL, Web, TMG, Exchange, etc) Because we have servers that run multiple workloads (Say SQL & Web) a computer object is in both the SQL and Web groups, and they will find their way into both those EP collections (Web & SQL 2008) and receive the cumulative effect of the antimalware policies created for those different workloads. The main policy differences are in what gets excluded from scanning.

Share this post


Link to post
Share on other sites

sure you can do it that way, use the Include rule.

not every customer will want all their servers updated the same way or time however hence having different ADR's can be beneficial (for reporting too...)

 

I didn't consider reporting. Good Point.

 

Thanks

Share this post


Link to post
Share on other sites

I appreciate your response.

 

Are you referring to ADRs or AntiMalware policies? "to allow for different download settings for EP updates" is in the Antimalware Policies not in ADRs unless I am mistaken. I see the benefit of many Antimalware Policies (for file/folder exceptions) but the 13 ADRs for EP seems redundant if you aren't making any changes to the ADRs. Since definitions are downloaded daily I am not sure how much tweaking you would want to do to an ADR between different server ADRs. ADRs for Sotware Updates are a different story. A point was made about reporting so I would take that into consideration.

 

Thanks Again

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.