System Center 2012 Endpoint Protection (SCEP) is Microsoft's third-generation corporate anti-malware solution. At the core, it shares many similarities with their "free for home use" anti-malware product, Microsoft Security Essentials, which has been installed on over 50 million PCs the world over.
The explosion in popularity of the Microsoft Security Essentials benefits SCEP users through the malware telemetry data of 50 million users of the Microsoft Security Essentials that share with Microsoft through their MAPS (formerly known as Spynet) program. By integrating SCEP with the newly-released System Center 2012 Configuration Manager, they have created one of the easiest solutions to deploy and manage anti-malware products on the market.
In this book, you will see System Center 2012 Configuration Manager referred to as simply SCCM. Although Microsoft often refers to it as ConfigMgr in their documentation, the majority of the people the author has worked with over the years refer to the product as SCCM. System Center 2012 Endpoint Protection will be referred to as SCEP, although this is not an official acronym that Microsoft uses for the product.
Many of the recipes in this book begin with a step that asks you to log into your Central Administration Server (CAS). Depending on how your SCCM environment was designed, you may not have a CAS server, you may simply have a single Primary Site server as the top level of administration in your architecture. If this is the case, all the recipes can be completed on your Primary Site server.
Also, in most cases, it is not essential to physically log into the CAS or Primary site server. If you have the SCCM consoles installed on your workstation and are logged in with the correct permissions, the recipe can be performed on the local console.
Chapter 1, Getting Started with Client-Side Endpoint Protection Tasks, provides a number of recipes for performing tasks at the local client level, such as forcing a definition update or modifying the SCEP client policy.
Chapter 2, Planning and Rolling Installation, will walk you through some of the considerations you will need to make before deploying SCEP, as well as showing you how to enable the SCEP role on your SCCM server.
Chapter 3, SCEP Configuration, will show you recipes for performing essential tasks, such as configuring SCEP policies and alerts, as well as walking you through the process of setting up SCEP's reporting features.
Chapter 4, Client Deployment Preparation and Deployment, includes a number of recipes to assist you with every step of client deployment from preparation to actually deploying the clients.
Chapter 5, Common Tasks, covers a number of day-to-day tasks that every SCEP administrator will need to know how to do it correctly in order to keep SCEP healthy and your Endpoints protected from malware.
Chapter 6, Management Tasks, covers important high level tasks, such as using policy templates, merging polices, and responding to SCEP alerts.
Chapter 7, Reporting, makes a deep dive into the reporting capabilities offered with SCEP. You will be shown how to execute reports, as well as provide access to reports. You will also be shown how to create your own custom reports.
Chapter 8, Troubleshooting, provides you with some tools to assist you with the time-consuming effort of troubleshooting an anti-malware product. The recipes in this chapter will help you deal with Definition Update issues, as well as how to approach false positives.
Chapter 9, Building an SCCM 2012 Lab, is a great chapter for anyone who has not yet taken the plunge on SCCM 2012. There is just a single recipe in the chapter that will show you the quickest down-and-dirty method for standing up an SCCM 2012 server in a lab environment. This is vital to anyone considering deploying SCEP, because with the total integration of SCEP with SCCM 2012, you can't experience SCEP without an SCCM environment.
Appendix, walks you through the installation of the System Center Security Monitoring Pack for Endpoint Protection.
To complete the recipes in this book, you will need a Windows 2008 level (or above) Active Directory environment, a Windows 2008 R2 server, SCCM 2012, and SQL server 2008.
This book is intended for any SCCM 2012 administrator, who needs to quickly ramp up his or her skill sets in order to support SCEP. It is also intended for anti-malware administrators of an existing anti-malware solution (such as McAfee or Symantec) that needs to learn quickly the SCCM-related skills that he or she would need to have in to manage an anti-malware solution integrated with SCCM.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "The local SCEP client logs are stored in the program data folder".
Any command-line input or output is written as follows:
Threat Name:VirTool:JS/Obfuscator ID:2147632206 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OG2NNMHR\badwebpage.htm
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Click on File from the menu bar and select Exit to close the logfile ".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.