Deploy Client settings and Antimalware policies

Author Nawaz and Mamata

Greetings,

In the first part of this guide, we did look at the installation of the System Center Endpoint Protection role. In the second part of the guide, we configured client settings and anti-malware policies.

Now its time to deploy those policies and see what happens from an admin point of view, let’s check out different parameters which will lead us to successful endpoint protection configuration on clients. After this blog, we should be in a position to see

  • If the client settings and Anti-malware policies are applied.
  • Windows defender to be managed by SCCM.

Lab Details :

  • Client Settings Name: SCEP Client Settings
  • AniMalwarePolicies: SCEP Policies for Clients
  • Machine Names :
    • CM01 (Windows server 2016)
    • DC01 (Windows server 2016)
    • W10PEER-001 ( Windows 10).
    • Collection Name: SCEP Testing

NOTE: In the previous blog we have named client setting and antimalware policy name as “SCEP Windows 10 1909” those same settings are covered in Client settings and antimalware polices named in this blog

Let’s look at what does console says before we deploy client settings and antimalware policies. There are no entries stating anything about Endpoint Protection

 

Deploy Client Settings named “SCEP Client Settings” to Collection: “SCEP Testing”

 

Deploy Antimalware Policy: SCEP Policies for Clients to Collection: “SCEP Testing”

Let’s evaluate machine policy on windows 10 and windows server 2016 to fetch endpoint protection setup

Log File Name: EndpontProtectionAgent.log.

 

Let us check if Antimalware policy SCEP Policies for Clients is applied or the default one. As per the above screenshot let’s open C:\Windows\CCM\EPAMPolicy.xml  in notepad  which holds the policy details

 

Now you can check out the major difference over client settings

Windows device:

Before

 

After

Changes at console side :

 

You can also verify the look about Endpoint Protection Status @\Monitoring\Overview\Security\Endpoint Protection Status. This Dashboard shows all the active clients who are protected with Endpoint protection and also the client who is at risk.

 

Summarisation:  We deployed Client Settings and Antimalware policies on to windows server 2016 and windows 10 machine. We also elaborated more about which log files to be check and verify about the settings applied. In the next blog we should be looking at how to updates clients to the latest definition updates.

 

Leave a Comment

Your email address will not be published. Required fields are marked *