Book Image

Microsoft System Center Endpoint Protection Cookbook - Second Edition

By : Nicolai Henriksen
Book Image

Microsoft System Center Endpoint Protection Cookbook - Second Edition

By: Nicolai Henriksen

Overview of this book

System Center Configuration Manager is now used by over 70% of all the business in the world today and many have taken advantage engaging the System Center Endpoint Protection within that great product. Through this book, you will gain knowledge about System Center Endpoint Protection, and see how to work with it from System Center Configuration Manager from an objective perspective. We’ll show you several tips, tricks, and recipes to not only help you understand and resolve your daily challenges, but hopefully enhance the security level of your business. Different scenarios will be covered, such as planning and setting up Endpoint Protection, daily operations and maintenance tips, configuring Endpoint Protection for different servers and applications, as well as workstation computers. You’ll also see how to deal with malware and infected systems that are discovered. You’ll find out how perform OS deployment, Bitlocker, and Applocker, and discover what to do if there is an attack or outbreak. You’ll find out how to ensure good control and reporting, and great defense against threats and malware software. You’ll see the huge benefits when dealing with application deployments, and get to grips with OS deployments, software updates, and disk encryption such as Bitlocker. By the end, you will be fully aware of the benefits of the System Center 2016 Endpoint Protection anti-malware product, ready to ensure your business is watertight against any threat you could face.
Table of Contents (16 chapters)
Microsoft System Center Endpoint Protection Cookbook Second Edition
About the Author
About the Reviewer


System Center Endpoint Protection, or Windows Defender, is a great security product when using System Center Configuration Manager or Microsoft Intune.

Its ability to protect computers in business increases every day, and it continually improves its features to meet today's security risks and attacks.

Because over 75% of all business around the world are now using the popular and great management tool System Center Configuration Manager, Endpoint Protection has also become widespread over that past few years.

In this book, we will explore the main motivation of using the well-known and established System Center Endpoint Protection and Windows Defender. You will gain knowledge about how to set up and configure the products for your organization based on real-life experience and best practices from a field expert and Microsoft Most Valuable Professional. Throughout the book, you will see several best practice tips and recipes for you to use in your daily life as a security administrator.

This book is suitable for everyone who works with computers, but especially useful for IT administrators who work with System Center Configuration Manager, Endpoint Protection, and Intune.

The book will be useful for most kinds of businesses, from small to large, with making decisions, whether they are already using the product or just considering it. And there will be some recipes of value to you even if you are not using Endpoint Protection or Windows Defender.

Either way, reading this book will give you value that you can take with you in the future. Windows Defender comes built in with Windows 10 as well as Windows Server 2016 and you need to decide whether you choose to use it or disable it.

You will also gain deeper knowledge as a System Center Configuration Manager admin of how to handle and administrate the Endpoint Protection role to suite your antimalware admin needs, and also perhaps give you some good tips regarding Configuration Manager.

What this book covers

Chapter 1, Planning and Getting Started with System Center Endpoint Protection, walks you through an easy approach to what you need to consider when planning and designing an System Center Configuration Manner hierarchy with the Endpoint Protection in mind. You will gain knowledge of real-life best practices when setting up SCCM.

Chapter 2, Configuring Endpoint Protection in Configuration Manager, walks through all the necessary steps to configure SCCM with Endpoint Protection environment, how to configure Definition Updates, and shows how to run it successfully along with SCCM and WSUS.

Chapter 3, Operations and Maintenance for Endpoint Protection in Configuration Manager, describes the workflow of creation and deploying antimalware policies using SCCM. The chapter also shows how to configure Windows Firewall and monitor the Endpoint Protection clients.

Chapter 4, Updates, dives into advanced and crucial Endpoint Protection update functionalities. This chapter also covers the different supported ways of handling updates, as well as taking in to consideration working with low bandwidth-connected branch offices.

Chapter 5, Security and Privacy for Endpoint Protection in Configuration Manager, focuses on security and privacy concerning SCCM and Endpoint Protection, with some best practices. It gives also the opportunity gain knowledge of Microsoft Security Center with Automatic Sample submission.

Chapter 6, Configuring and Troubleshooting Performance and Advanced Protection, discusses what to consider when thinking of safety and making applications work properly with the antimalware solution and recipes on how to handle OS deployment and BitLocker.

Chapter 7, Troubleshooting and Fixing Issues, provides best practices to troubleshoot SCCM with a focus on Endpoint Protection when it generates errors during its setup and utilization. It starts by tackling major issues presented in SCCM that reflect many other components and explains how to escalate problem resolution using debugging tools and hands-on tips.

Chapter 8, Malware Handling, the best chapter, comes last in this book and provides real-life experience of handling malware with a focus on Endpoint Protection. But in this chapter, you will also gain valuable knowledge about how you can improve your security even more and protect against ransomware.

What you need for this book

This book assumes a medium-level of System Center Configuration Manager knowledge, basic knowledge of Windows Workstation, and moderate experience with Windows Server. The book will go through simply toward a more advanced SCCM environment, which may require a basic understanding of networking and virtualization concepts. As this is a cookbook, there will be several recipes that you can try out and benefit from using in your production environment after testing that they work in your business.

With the Microsoft-wide evaluation licence, you will be able to try this product for 180 days.

SCCM can be installed and run either on a bare metal or virtual machine. However, this book requires that you have enough resources to the whole setup. Minimum hardware or virtual requirements are as follows:

  • CPU: 2 cores

  • Memory: 8 GB RAM

  • Disk space: 80 GB

In this book, you will need the following software list:

  • Microsoft Windows Server

  • Microsoft SQL Server

  • Microsoft Windows Assessment and Deployment Kit ADK

  • Microsoft System Center Configuration Manager (SCCM)

Internet connectivity is required to install the necessary to get all the setup updates during installation. Although it can be predownloaded, you will need Internet connectivity to get the WSUS and Software Update Point working.

Who this book is for

To make use of the content of this book, basic prior knowledge of SCCM as well as handling Windows is expected. If you do not have this knowledge, it is always possible to catch up the basic requirements by having a quick read of the major components of the Microsoft Technet. Refer to the following link:

There are several books about SCCM and online guides that can improve your knowledge of the product. As SCCM is a huge product, I recommend you start with the basics first so that you have a good foundation and understanding of how it all works.

But this book will also explain very well all the terminology and recipes so that you can actually understand them with very little experience in advance.

This book is well-suited for antivirus and antimalware administrators, as well as security administrators, to gain more understanding and knowledge of how this works. But the book is also highly valuable for SCCM admins to understand the needs for security admins.

And even if you are not at all interested in System Center Endpoint Protection or Windows Defender, as an admin, you feel a security responsibility to keep up with today's threats and how you can protect your business computers even more. There is information and recipes regarding how to protect against ransomware.


In this book, you will find several headings that appear frequently (Getting ready, How to do it, How it works, There's more, and See also).

To give clear instructions on how to complete a recipe, we use these sections as follows:

Getting ready

This section tells you what to expect in the recipe and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

See also

This section provides helpful links to other useful information for the recipe.


In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "You need to make a package of the scepinstall.exe with the policy file."

Any command-line input or output is written as follows:

New-FsrmFileScreen -Path "$i" -Active: $true -IncludeGroup "CryptoWall" -Notification $Notification

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "I recommend putting its database to the full SQL Server and not Internal Database"


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail , and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.


Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.


If you have a problem with any aspect of this book, you can contact us at , and we will do our best to address the problem.