Jump to content


nylentone

Best way to prevent Endpoint Protection installation on some clients?

Recommended Posts

We have a large number of Windows Embedded devices which we do want to have the SCCM client, but do not want to have Endpoint Protection. To prevent the installation of EPP on these devices, I have created alternate Client Settings with settings as so:

 

Manage Endpoint Protection client on client computers: Yes

Install Endpoint Protection client on client computers: No

 

I created a collection based on a query:

 

... SMS_R_System.OperatingSystemNameandVersion like "%Embedded%"

 

I checked the "Use incremental updates for this collection" box so that, theoretically, devices would get added immediately.

 

Is there a better way to accomplish this? What concerns me is that, even after showing up in my Embedded collection, Endpoint Protection Deployment Information for a client will still say "To be installed". And it seems that, on rare occasions, EPP will get installed on an Embedded device anyway.

Share this post


Link to post
Share on other sites

 

nd it seems that, on rare occasions, EPP will get installed on an Embedded device anyway.

 

are those rare systems in the right collection or not ?

Share this post


Link to post
Share on other sites

 

are those rare systems in the right collection or not ?

 

First of all, thanks for taking a look at my post.

 

I may have to retract my statement that some get EPP anyway. My coworkers have complained of this happening, but no one seems to have any proof.

 

One of the things that concerns me is that after a newly imaged Windows Embedded device is joined to the domain, the Endpoint Protection Deployment State shows "To be installed". It never seems to actually install, though (which is good). The logical question would be, what does it say after a few days? But that brings me to the other issue, which is that the WES devices drop out of SCCM a few hours after they're set up. Sometimes, a few days later, they'll randomly show up again. This doesn't happen to any of the thousands of PCs on our network.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.