The Endpoint Protection Client is deployed as part of System Center Configuration Manager.Deployment of the Endpoint Protection Client assumes that you have Configuration Manager already installed in your environment. The following steps need to be followed to configure and deploy Endpoint Protection Client.
Create Endpoint Protection Site System role
The Site System role, which must be deployed at the top of the hierarchy on a central administration or standalone primary site, needs to be installed first. In the Administration workspace of the System Center 2012 console, select Servers And Site Settings from the Site Configuration node and then choose Add Site System Roles from the context menu for the server on which Endpoint Protection is to be deployed.
Doing so launches the Add Site System Roles Wizard, as shown in Figure 3-30.
FIGURE 3-30 Adding a Site System role.
Following this wizard, you next choose the Site System role to apply. When choosing the Endpoint Protection role you might receive a warning, like the one shown in Figure 3-31.
Following this wizard, you next choose the Site System role to apply. When choosing the Endpoint Protection role you might receive a warning, like the one shown in Figure 3-31.
FIGURE 3-31 A warning to change policy to configure Software Updates Management or to remove Configuration Manager as an update source.
Dismissing the warning reveals the System Role Selection pane shown in Figure 3-32.
FIGURE 3-32 Adding the Endpoint Protection Site System role.
Configure alerts
You configure alerts to notify when specific events occur. You can configure alerts for Endpoint Protection in the Assets and Compliance workspace within the Device Collections node.
In the Device Collections node, shown in Figure 3-33, selecting Properties from the collection to which the alerts should be deployed reveals the properties for that collection.
FIGURE 3-33 The Device Collections node in Configuration Manager.
Use the Alerts tab within the collection’s Properties sheet to add alerts. Several criteria are available, as shown in Figure 3-34.
FIGURE 3-34 Add alerts for a collection.
After you click OK, the Alerts tab shows the selected alerts (see Figure 3-35).
FIGURE 3-35 Configuring alerts for a collection.
Configure the default antimalware policy
The next step in configuring Endpoint Protection is to configure the default antimalware policy. This topic is discussed in the next section.
Configure custom client settings
After the default antimalware policy is configured, you next need to configure custom settings for the client. In the Client Settings node of the Administration workspace, click Create Custom Client Device Settings. Doing so reveals a dialog box like the one in Figure 3-36.
FIGURE 3-36 Creating a custom client device setting.
An important piece of configuration that needs to happen within this dialog box is found in the Endpoint Protection pane, as shown in Figure 3-37. By default, the policy isn’t set to be managed and installed, so you need to change Manage Endpoint Protection Client On Client Computers to True.
FIGURE 3-37 Changing Manage Endpoint Protection Client On Client Computers to True.
Deploying a policy
You deploy a policy after creating a custom policy; the default antimalware policy cannot be deployed. To deploy a policy, choose Deploy from the Home tab of the Endpoint Protection node in the Assets and Compliance workspace. When you click Deploy for the policy to be deployed, you’re prompted to select the collection to which the policy will be deployed.
