I. Introduction to Endpoint Protection
Microsoft System Center 2012 R2 Endpoint Protection provides anti-malware and security solutions for the Microsoft platform. When using system center 2012 R2 Endpoint Protection with Microsoft System Center 2012 R2 Configuration Manager, it provides a comprehensive enterprise management solution that enables you to achieve the following goals:
1) Deploy and configure the Endpoint Protection Client in a centralized manner.
2) Configure Default and custom anti-malware policies for computer groups.
3) create a Windows Firewall setting and deploy it to the computer group.
4) use Configuration Manager software updates to automatically download the latest anti-malware definition files to keep the client computer up to date.
5) use the "Endpoint Protection administrator" security role to control users who can manage anti-malware policies and Windows Firewall settings.
6) use an email to send you an alert when the computer reports that the malware has been installed.
7) view summary and details from the Configuration Manager Console and reports
Using Endpoint Protection and Configuration Manager has the following benefits:
1) by using custom anti-malware policies and client settings, you can configure anti-malware policies and set them to the computers in the selected group and Windows Firewall.
2) You can use Configuration Manager software updates to download the latest anti-malware definition files to keep the client computer up to date.
3) You can send email notifications, use the monitoring console, and view reports to manage users when malware is detected on the client computer.
Endpoint Protection is installed on the Configuration Manager Client of your own client. The Endpoint Protection client has the following features:
1) malware and spyware detection and correction.
2) rootkit detection and correction.
3) critical security vulnerability assessment, automatic definition, and engine updates.
4) Network Vulnerability Detection through the network check system.
5) integrates with Microsoft activity protection to report malware to Microsoft. When added to this service, the Endpoint Protection Client can download the latest definition from the malware protection center and does not recognize malware detected on the computer.
The Endpoint Protection and guest computers can use the hyper-V server on the supported operating system to install the client. To prevent excessive CPU usage, the endpoint protection operation has a built-in random latency so that they do not appear on all guest computers on the server that are simultaneously hosted.
Ii. install and configure Endpoint Protection
1. log on to the Configuration Manager server and open the Configuration Manager Console.
2. Click "manage" to expand site configuration. Right-click the Site Server and select "add site system role ".
3. Add an endpoint protection to the site system. Click Yes.
650) This. width = 650; "Height =" 385 "Title =" clip_image002 "style =" margin: 0px; "alt =" clip_image002 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193995wD1M.jpg "/>
4. Select to accept the Endpoint Protection License Terms
650) This. width = 650; "Height =" 338 "Title =" clip_image004 "style =" margin: 0px; "alt =" clip_image004 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193995XkX8.jpg "/>
5. Specify the Microsoft Active protection service member and select not to add maps.
650) This. width = 650; "Height =" 337 "Title =" clip_image006 "style =" margin: 0px; "alt =" clip_image006 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193996bBXQ.jpg "/>
6. Wait until the site system role is added. Click Finish.
650) This. width = 650; "Height =" 223 "Title =" clip_image008 "style =" margin: 0px; "alt =" clip_image008 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193996eEuu.jpg "/>
7. Click monitoring, expand system status, click component Status, right-click "sms_endpoint_protection_manager", select Display message, and click all
650) This. width = 650; "Height =" 379 "Title =" clip_image010 "style =" margin: 0px; "alt =" clip_image010 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193996SGAv.jpg "/>
8. If the Message ID: 500 is found in the status message viewer, the endpoint protection point is installed successfully.
650) This. width = 650; "Height =" 106 "Title =" clip_image012 "style =" margin: 0px; "alt =" clip_image012 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193996L0X1.jpg "/>
9. Click Manage, right-click Client Management, right-click Default Client settings, and select Properties
650) This. width = 650; "Height =" 369 "Title =" clip_image014 "style =" margin: 0px; "alt =" clip_image014 "src =" http://img1.51cto.com/attachment/201409/8/8995534_14101939960MeF.jpg "/>
10. On the default settings page, click Endpoint Protection.
650) This. width = 650; "Height =" 297 "Title =" clip_image016 "style =" margin: 0px; "alt =" clip_image016 "src =" http://img1.51cto.com/attachment/201409/8/8995534_14101939968Wy7.jpg "/>
11. Specify the settings that apply to all clients in the hierarchy and can be modified through custom settings.
650) This. width = 650; "Height =" 322 "Title =" clip_image018 "style =" margin: 0px; "alt =" clip_image018 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410193999alwj.jpg "/>
12. Click OK to close the default settings dialog box.
13. Open the client machine, open the control panel, and click the Configuration Manager Client.
14. On the Configuration Manager properties page, select "Computer Policy retrieval and evaluation cycle" and click "Run now ".
650) This. width = 650; "Height =" 414 "Title =" clip_image019 "style =" margin: 0px; "alt =" clip_image019 "src =" http://img1.51cto.com/attachment/201409/8/8995534_14101940009acX.png "/>
15. After closing the dialog box, click Start to check whether the system center Endpoint Protection is installed.
650) This. width = 650; "Height =" 414 "Title =" clip_image021 "style =" margin: 0px; "alt =" clip_image021 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194001fzOf.jpg "/>
650) This. width = 650; "Height =" 410 "Title =" clip_image023 "style =" margin: 0px; "alt =" clip_image023 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194001XHdo.jpg "/>
16. Open System Center Endpoint Protection and prompt that the current computer is at risk. You need to update the virus database.
650) This. width = 650; "Height =" 387 "Title =" clip_image025 "style =" margin: 0px; "alt =" clip_image025 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194001N6pK.jpg "/>
17. In the Configuration Manager Console, click assets and compliance to expand Endpoint Protection
18. Right-click anti-malware policy and select create anti-malware Policy
650) This. width = 650; "Height =" 384 "Title =" clip_image027 "style =" margin: 0px; "alt =" clip_image027 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194001zOyc.jpg "/>
19. specify the name of the endpoint protection anti-malware policy in the create anti-malware policy wizard
Select the type to be configured as needed.
650) This. width = 650; "Height =" 278 "Title =" clip_image029 "style =" margin: 0px; "alt =" clip_image029 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194001FBK2.jpg "/>
20. Click "scheduled scan" to specify the scheduled scan settings.
650) This. width = 650; "Height =" 280 "Title =" clip_image031 "style =" margin: 0px; "alt =" clip_image031 "src =" http://img1.51cto.com/attachment/201409/8/8995534_14101940029UjY.jpg "/>
21. Click scan settings to specify scan settings
650) This. width = 650; "Height =" 226 "Title =" clip_image033 "style =" margin: 0px; "alt =" clip_image033 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194002R6Bq.jpg "/>
22. Click the default operation and specify the endpoint protection according to the following alarm level classification threats. The recommended responses to each threat are specified in the definition file.
650) This. width = 650; "Height =" 214 "Title =" clip_image035 "style =" margin: 0px; "alt =" clip_image035 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194002ywT3.jpg "/>
23. Click Real-time protection to specify the Real-time protection settings.
650) This. width = 650; "Height =" 247 "Title =" clip_image037 "style =" margin: 0px; "alt =" clip_image037 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194003c4rm.jpg "/>
24. Click Advanced to specify advanced settings.
650) This. width = 650; "Height =" 274 "Title =" clip_image039 "style =" margin: 0px; "alt =" clip_image039 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194003GDW9.jpg "/>
25. Click threat substitution to specify the threat substitution settings.
650) This. width = 650; "Height =" 173 "Title =" clip_image041 "style =" margin: 0px; "alt =" clip_image041 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194003Pbfd.jpg "/>
26. Click maps to specify maps settings.
650) This. width = 650; "Height =" 182 "Title =" clip_image043 "style =" margin: 0px; "alt =" clip_image043 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194003DHwJ.jpg "/>
27. Click "definition Update", click "Set Source", and configure the definition update source.
650) This. width = 650; "Height =" 323 "Title =" clip_image045 "style =" margin: 0px; "alt =" clip_image045 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194003MUAH.jpg "/>
28. Configure the Endpoint Protection Client to receive and define the update method based on the actual environment of the enterprise.
650) This. width = 650; "Height =" 278 "Title =" clip_image047 "style =" margin: 0px; "alt =" clip_image047 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194004eEJt.jpg "/>
29. Click set path
650) This. width = 650; "Height =" 414 "Title =" clip_image049 "style =" margin: 0px; "alt =" clip_image049 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194004jhEZ.jpg "/>
30. Right-click the anti-malware policy created and click deploy
650) This. width = 650; "Height =" 380 "Title =" clip_image051 "style =" margin: 0px; "alt =" clip_image051 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194005RgUe.jpg "/>
31. Select a restricted set
650) This. width = 650; "Height =" 163 "Title =" clip_image053 "style =" margin: 0px; "alt =" clip_image053 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194005Kd5v.jpg "/>
32. log on to the client machine, open the control panel, and click Configuration Manager Client.
33. Click operations, select "Computer Policy retrieval and evaluation cycle", and click "Run now ".
650) This. width = 650; "Height =" 414 "Title =" clip_image054 "style =" margin: 0px; "alt =" clip_image054 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194005HvrN.png "/>
34. Open the system center Endpoint Protection Client and click Update.
650) This. width = 650; "Height =" 388 "Title =" clip_image056 "style =" margin: 0px; "alt =" clip_image056 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194006gY3q.jpg "/>
35. Wait until the endpoint protection data source is synchronized. The virus database has been updated.
650) This. width = 650; "width =" 757 "Height =" 529 "Title =" as.png "style =" width: 699px; Height: 502px; "src =" http://s3.51cto.com/wyfs02/M02/49/08/wKioL1QN2w6TZv-GAAKw4AeZ3X0795.jpg "alt =" wKioL1QN2w6TZv-GAAKw4AeZ3X0795.jpg "/>
36. Click monitoring, expand the endpoint protection status, click system center 2012 R2 endpoint protection status, and click the running summary on the home page.
650) This. width = 650; "Height =" 381 "Title =" clip_image060 "style =" margin: 0px; "alt =" clip_image060 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194006uUdH.jpg "/>
37. After the "Run Summary" is completed, view the protected computer and the computer at risk
650) This. width = 650; "Height =" 381 "Title =" clip_image062 "style =" margin: 0px; "alt =" clip_image062 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194007ZHAE.jpg "/>
650) This. width = 650; "Height =" 384 "Title =" clip_image064 "style =" margin: 0px; "alt =" clip_image064 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194007k2rE.jpg "/>
38. Click monitoring, expand report, click Endpoint Protection, right-click anti-malware Activity Report, and click Run
650) This. width = 650; "Height =" 384 "Title =" clip_image066 "style =" margin: 0px; "alt =" clip_image066 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194007HzSk.jpg "/>
39. In the anti-malware Activity Report dialog box, select a restricted set and click View Report.
650) This. width = 650; "Height =" 237 "Title =" clip_image068 "style =" margin: 0px; "alt =" clip_image068 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194007X5lu.jpg "/>
40. view the generated report
650) This. width = 650; "Height =" 247 "Title =" clip_image070 "alt =" clip_image070 "src =" http://img1.51cto.com/attachment/201409/8/8995534_1410194007CHbW.jpg "/>
This article is from "Xu Ting's blog", please be sure to keep this source http://ericxuting.blog.51cto.com/8995534/1550034
Install and configure system center 2012 R2 Endpoint Protection