Q: How do I use System Center Configuration Manager to deploy malware protection?
A: System Center Endpoint Protection is a native capability in System Center 2012. It's quite easy to deploy by simply enabling protection in the agent and then configuring policies that should apply to the various collections of machines.
- Open the Administration workspace.
- Navigate to Overview, Client Settings.
- Either create a new settings object (device) or edit an existing one; the required settings group is Endpoint Protection.
- Select the Endpoint Protection group.
Change the Manage Endpoint Protection client on client computers option to Yes and configure other options, as the following figure shows. Click OK.
- If you created a new settings object, select the Deploy action and deploy to a certain collection containing machines that should have endpoint protection enabled.
- Create a new anti-malware policy. Open the Assets and Compliance workspace.
- Select Endpoint Protection, Antimalware Policies from the navigation pane.
- Select the Create Antimalware Policy action to create a new policy. Alternatively, you can select the Import action and use one of the built-in templates (C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates), which contain configurations for many types of environment such as file server, Hyper-V server, desktop, and so on. Select a template that matches and click Open.
- Modify settings from the imported template, select a new name in the General tab, and click OK.
- Select the Deploy action for the new policy and select the same collection(s) that were enabled for endpoint protection. Note: you'll probably want different anti-malware policies for your different types of machines because the requirements and exceptions will be different.
The next time the Configuration Manager client checks for policies, it will enable the anti-malware agent and use the policy you defined.