Endpoint Protection in System Center 2012 Configuration Manager allows you to manage antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.
 Important |
|---|
| You must be licensed to use Endpoint Protection to manage clients in your Configuration Manager hierarchy. |
When you use Endpoint Protection with Configuration Manager, you have the following benefits:
- You can configure antimalware policies and
Windows Firewall settings to selected groups of computers, by using
custom antimalware policies and client settings.
- You can use Configuration Manager software
updates to download the latest antimalware definition files to keep
client computers up-to-date.
- You can send email notifications, use
in-console monitoring, and view reports to keep administrative
users informed when malware is detected on client computers.
Endpoint Protection installs its own client in addition to the Configuration Manager client. The Endpoint Protection client has the following capabilities:
- Malware and Spyware detection and
remediation.
- Rootkit detection and remediation.
- Critical vulnerability assessment and
automatic definition and engine updates.
- Network vulnerability detection through
Network Inspection System.
- Integration with Microsoft Active Protection
Services to report malware to Microsoft. When you join this
service, the Endpoint Protection client can download the latest
definitions from the Malware Protection Center when unidentified
malware is detected on a computer.
 Note |
|---|
| The Endpoint Protection client can be installed on a server that runs Hyper-V and on guest machines with supported operating systems. To prevent excessive CPU usage, Endpoint Protection actions have a built-in randomized delay so that they do not occur simultaneously on all guest machines that are hosted by the server. |
In addition, Endpoint Protection in Configuration Manager allows you to manage Windows Firewall settings in the Configuration Manager console.
For an example scenario that shows how you might configure and manage Endpoint Protection and the Windows Firewall, see Example Scenario for Protecting Computers From Malware by Configuring Endpoint Protection in Configuration Manager.
Managing Malware with Endpoint
Protection
Endpoint Protection in Configuration Manager allows you to create antimalware policies that contain settings for Endpoint Protection client configurations. You can then deploy these antimalware policies to client computers and monitor them in the System Center 2012 Endpoint Protection Status node in the Monitoring workspace, or by using Configuration Manager reports. See List of Antimalware Policy Settings for a list of the settings that you can configure.
For more information about how to create, deploy, and monitor antimalware policies, see How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager and How to Monitor Endpoint Protection in Configuration Manager.
For information about how to remediate malware that is found on client computers, see How to Manage Antimalware Policies and Firewall Settings for Endpoint Protection in Configuration Manager.
Managing Windows Firewall with
Endpoint Protection
Endpoint Protection in Configuration Manager provides basic management of the Windows Firewall on client computers. For each network profile, you can configure the following settings:
- Enable or disable the Windows Firewall.
- Block incoming connections, including those
in the list of allowed programs.
- Notify the user when Windows Firewall blocks
a new program.
| Note |
|---|
| Endpoint Protection supports managing the Windows Firewall only. |
For more information about how to create and deploy Windows Firewall policies for Endpoint Protection, see How to Create and Deploy Windows Firewall Policies for Endpoint Protection in Configuration Manager.
Endpoint Protection Workflow
Use the following diagram to help you understand the workflow to implement Endpoint Protection in your Configuration Manager hierarchy.
