Book Image

Microsoft System Center Endpoint Protection Cookbook - Second Edition

By : Nicolai Henriksen
Book Image

Microsoft System Center Endpoint Protection Cookbook - Second Edition

By: Nicolai Henriksen

Overview of this book

System Center Configuration Manager is now used by over 70% of all the business in the world today and many have taken advantage engaging the System Center Endpoint Protection within that great product. Through this book, you will gain knowledge about System Center Endpoint Protection, and see how to work with it from System Center Configuration Manager from an objective perspective. We’ll show you several tips, tricks, and recipes to not only help you understand and resolve your daily challenges, but hopefully enhance the security level of your business. Different scenarios will be covered, such as planning and setting up Endpoint Protection, daily operations and maintenance tips, configuring Endpoint Protection for different servers and applications, as well as workstation computers. You’ll also see how to deal with malware and infected systems that are discovered. You’ll find out how perform OS deployment, Bitlocker, and Applocker, and discover what to do if there is an attack or outbreak. You’ll find out how to ensure good control and reporting, and great defense against threats and malware software. You’ll see the huge benefits when dealing with application deployments, and get to grips with OS deployments, software updates, and disk encryption such as Bitlocker. By the end, you will be fully aware of the benefits of the System Center 2016 Endpoint Protection anti-malware product, ready to ensure your business is watertight against any threat you could face.
Table of Contents (16 chapters)
Microsoft System Center Endpoint Protection Cookbook Second Edition
Credits
About the Author
Acknowledgment
About the Reviewer
www.PacktPub.com
Preface
Index

Index

A

  • Active Directory Group Policy Management Console / How to do it…
  • Advanced Group Policy Management (AGMP) / How to do it…
  • Advanced Threat Protection (ATP) / How to do it…
  • alerts
    • configuring, Endpoint Protection in Configuration Manager / Configuring alerts for Endpoint Protection in Configuration Manager, How to do it…, How it works…
    • reference link / How to do it…
  • All Systems Collection / How to do it…
  • antimalware
    • executing / What you need to consider when running antimalware on your computer, How to do it…
  • antimalware policies
    • deploying, for Endpoint Protection in Configuration Manager / Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager, How to do it…
    • creating, for Endpoint Protection in Configuration Manager / Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager, How to do it…
    • order, merging / Order and combination of policies to be merged
    • combination, merging / Order and combination of policies to be merged
    • exclusions / Exclusions
  • AppLocker
    • references / See also
  • Automatic Definition / How to do it…
  • Automatic Deployment Rule (ADR) / Keeping third-party applications up-to-date
  • Automatic Deployment Rules (ADR) / How to do it…, How to do it…, How to do it…
  • automatic sample submission
    • configuring / Configuring automatic sample submission, How to do it…
  • Automatic Updates / How to do it…

B

  • Background Intelligent Transfer Service (BITS) / How it works…, How to do it…
  • Bitdefender / How to do it…
  • BitLocker
    • about / What you need to consider regarding BitLocker and Endpoint Protection
    • viewing / What you need to consider regarding BitLocker and Endpoint Protection, How to do it…
  • Boundary settings / How to do it…

C

  • Central Administration Site (CAS) / How to do it…, How to do it…
  • Cloud Block Level / Introduction
  • Configuration Manager
    • about / Introduction
    • Endpoint Protection, working / How does Endpoint Protection in Configuration Manager work, How to do it…
    • reference link / How to do it…
    • Endpoint Protection, best practices / How to do it...
    • Endpoint Protection, workflow administrating / Administrating workflow for Endpoint Protection in Configuration Manager
    • Endpoint Protection, configuring / Configuring Endpoint Protection in Configuration Manager, Getting ready, How to do it…, How it works…
    • Endpoint Protection, configuring alerts / Configuring alerts for Endpoint Protection in Configuration Manager, How to do it…, How it works…
    • Endpoint Protection, definition updates configuring / Configuring definition updates for Endpoint Protection in Configuration Manager, How to do it..., See also
    • Endpoint Protection client, provisioning in disk image / Provisioning the Endpoint Protection client in a disk image in Configuration Manager, How to do it…
    • antimalware policies, deploying for Endpoint Protection / Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager, How to do it…
    • antimalware policies, creating for Endpoint Protection / Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager, How to do it…
    • Windows Firewall policies, creating for Endpoint Protection / Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager, How to do it…
    • Windows Firewall policies, deploying for Endpoint Protection / Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager, How to do it…
    • Endpoint Protection, monitoring / Monitoring Endpoint Protection in Configuration Manager, How to do it…
    / How to do it…
  • critical updates / Introduction
  • Cryptolocker malware
    • Windows File Server, protecting from / Protecting the Windows File Server from known Cryptolocker malware
  • Current Branch for Business (CBB) / How to do it…, How to do it…

D

  • Defender agent / How to do it…
  • Definition Updates / How to do it…
  • definition updates
    • configuring, Endpoint Protection in Configuration Manager / Configuring definition updates for Endpoint Protection in Configuration Manager, How to do it..., See also
  • Diagnostics And Recovery Toolset (DART) / How to do it…
  • Diagnostics and Recovery Toolset (DaRT) / How to do it…
  • disk image
    • Endpoint Protection client, provisioning in disk image / Provisioning the Endpoint Protection client in a disk image in Configuration Manager, How to do it…
  • Distributed File Shares (DFS) / How it works…
  • Distribution Points / How to do it…

E

  • Early Launch Antimalware (ELAM) / How to do it…
  • Email notification / How to do it…
  • Endpoint Protection / Introduction
    • about / Introduction
    • working, in Configuration Manager / How does Endpoint Protection in Configuration Manager work, How to do it…
    • performance / What made Endpoint Protection that good
    • planning / Planning for the Endpoint Protection, How to do it…
    • reference link / How to do it…, How to do it…
    • URL, for prerequisites / How to do it…
    • best practices, in Configuration Manager / How to do it...
    • workflow, administrating in Configuration Manager / Administrating workflow for Endpoint Protection in Configuration Manager
    • configuring, in Configuration Manager / Configuring Endpoint Protection in Configuration Manager, Getting ready, How to do it…, How it works…
    • configuring, alerts in Configuration Manager / Configuring alerts for Endpoint Protection in Configuration Manager, How to do it…, How it works…
    • definition updates, configuring in Configuration Manager / Configuring definition updates for Endpoint Protection in Configuration Manager, How to do it..., How it works…
    • client, provisioning for disk image in Configuration Manager / Provisioning the Endpoint Protection client in a disk image in Configuration Manager, How to do it…
    • antimalware policies, creating in Configuration Manager / Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager, How to do it…
    • antimalware policies, deploying in Configuration Manager / Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager, How to do it…
    • Windows Firewall policies, creating in Configuration Manager / Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager, How to do it…
    • Windows Firewall policies, deploying in Configuration Manager / Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager, How to do it…
    • monitoring, in Configuration Manager / Monitoring Endpoint Protection in Configuration Manager, How to do it…
    • updates / Understanding Endpoint Protection updates, How to do it…
    • updates, working from WSUS / Working with updates from WSUS, How to do it…
    • updates, working from SCCM / Working with updates from SCCM, How to do it…
    • issues, dealing with / Dealing with Endpoint Protection issues, Getting ready, How to do it…
    • policy issues, solving / Solving Endpoint Protection Policy issues, How to do it…
    • Registry.pol files / Registry.pol files
  • Endpoint Protection 1511 / How to do it…
  • Endpoint Protection client, provisioning in disk image
    • reference link / How to do it…
  • Engine Updates / How to do it…
  • Enhanced Mitigation Experience Toolkit (EMET)
    • about / Monitoring infectious outbreaks
  • Exploits / How to do it…

F

  • Forefront / Introduction
  • Forefront Endpoint Protection 2010 / How to do it…

G

  • Group Policy / How to do it…

I

  • infrastructure, Windows Server Update services (WSUS)
    • prerequisites / Prerequisites of the infrastructure, Getting ready, How it works…
  • Input/Output operations per second (IOPS) / How to do it…
  • Internet-Based Client Management (IBCM)
    • about / How to do it…
    / How to do it…
  • Internet-Based Client Management (IBCM), prerequisites
    • references / How to do it…

K

  • KB update
    • reference link / Configuring definition updates for Endpoint Protection in Configuration Manager

L

  • Long Term Servicing Branch (LTSB) / How to do it…, How to do it…
  • low bandwidth locations
    • considering / What you need to consider and optimize when working with low bandwidth locations, How to do it…
    • optimizing / How to do it…

M

  • machine encountering issues
    • reference link / How to do it…
  • malware
    • handling / How to handle malware, How to do it…
    • responding to / Responding to infections that often occur, How to do it..., See also
    • monitoring / Monitoring infectious outbreaks, How to do it…
    • Windows File Server, protecting from Cryptolocker malware / Protecting the Windows File Server from known Cryptolocker malware
  • Malware Protection Center page
    • URL / See also
  • Microsoft
    • URL, for excluding / Order and combination of policies to be merged
  • Microsoft Desktop Optimization Pack
    • URL / How to do it…
  • Microsoft Edge / Keeping third-party applications up-to-date
  • Microsoft Enhanced Mitigation Experience Toolkit (EMET)
    • about / How to do it…
    • URL, for downloading / How to do it…
    • URL, for guidance / How to do it…
  • Microsoft Security Center
    • about / The Microsoft Security Center, How to do it…
    • reference link / How to do it…

N

  • non-Preview production version / Introduction

O

  • offline updates
    • using / Why and how to use offline updates, How to do it…
    • URL, for downloading / How to do it…
  • Organizational Units (OU) / How to do it…
  • Organization Unit (OU) / Order and combination of policies to be merged, How to do it…
  • OS Deployment
    • System Center Endpoint Protection, integrating with / Integrating Endpoint Protection with OS Deployment, How to do it…

P

  • PKI certificates
    • reference link / How to do it…
  • Power BI
    • URL / Monitoring Endpoint Protection in Configuration Manager
  • PowerShell commands
    • reference link / How to do it…
  • PowerShell script
    • reference link / See also
  • Pre-boot eXecution Environment (PXE) / Integrating Endpoint Protection with OS Deployment
  • Prerequisite Service / Getting ready

S

  • scripts
    • reference link / How to do it…
  • Security Center / How to do it…
  • security updates / Introduction
  • SMS Agent / How to do it…
  • Software Restrictions Policies
    • reference link / See also
  • Software Update Point / How to do it…
  • Software Update Point (SUP) / How to do it…
  • Software Updates / Getting ready
    • URL / How to do it…
  • Software Updates, security in Configuration Manager
    • reference link / Security and privacy for Endpoint Protection in Configuration Manager
  • Symantec / How to do it…
  • System Center 2012 Endpoint Protection / How to do it…
  • System Center Configuration Manager (SCCM) / Introduction, Configuring Endpoint Protection in Configuration Manager, Introduction, How to do it…
    • Endpoint Protection, updates working from / Working with updates from SCCM, How to do it…
  • System Center Configuration Manager 2012
    • reference link / How to do it…
  • System Center Endpoint Protection
    • security, in Configuration Manager / Security and privacy for Endpoint Protection in Configuration Manager, How to do it…
    • privacy, in Configuration Manager / Security and privacy for Endpoint Protection in Configuration Manager, How to do it…
    • configuring, for configuring Windows 10 / Configuring Endpoint Protection or Defender for Windows 10, How to do it…
    • integrating, with OS Deployment / Integrating Endpoint Protection with OS Deployment, How to do it…
    • reference link / How to do it…
    • viewing / What you need to consider regarding BitLocker and Endpoint Protection, How to do it…
  • System Center Update Publisher / How to do it…
  • System Center Update Publisher (SCUP) / How to do it…, How to do it…
  • System Volume (SYSVOL) / Order and combination of policies to be merged

T

  • Tamper protection / How to do it…
  • TechNet Gallery
    • URL / How to do it…
  • Technical Preview / Introduction
  • third-party applications
    • maintaining, up-to-date / Keeping third-party applications up-to-date, How to do it…
  • Trusted Platform Module (TPM) / What you need to consider regarding BitLocker and Endpoint Protection, How to do it…

U

  • Uniform Naming Convention (UNC) / Why and how to use offline updates
  • Universal Naming Convention (UNC) / How to do it..., How to do it…
  • update issues / Understanding update issues, How to do it…
  • User Account Control (UAC) / The Microsoft Security Center

W

  • Windows 10
    • System Center Endpoint Protection, configuring for / Configuring Endpoint Protection or Defender for Windows 10, How to do it…
    • Windows Defender, configuring for / Configuring Endpoint Protection or Defender for Windows 10, How to do it…
  • Windows Defender
    • configuring, for configuring Windows 10 / Configuring Endpoint Protection or Defender for Windows 10, How to do it…
  • Windows Defenders / How to do it…
  • Windows File Server
    • protecting, from Cryptolocker malware / Protecting the Windows File Server from known Cryptolocker malware
  • Windows Firewall policies
    • creating, for Endpoint Protection in Configuration Manager / Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager, How to do it…
    • deploying, for Endpoint Protection in Configuration Manager / Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager, How to do it…
  • Windows Management Instrument (WMI) / Dealing with Endpoint Protection issues
  • Windows Server Update services (WSUS)
    • about / How to do it…
  • Windows Server Update Services (WSUS) / Getting ready, Understanding update issues
    • about / How to do it…
    • Endpoint Protection, updates working from / Working with updates from WSUS, How to do it…
    • URL, for downloading / How to do it…
  • Windows Update Agent, on client
    • URL, for installing / How to do it…
  • Windows Update settings / How to do it…