Installing and Configuring System Center Configuration Manager (SCCM)

0%

0/1 Lessons

Getting Started with this Course

• 26min

0 / 3 lessons complete

System Center Configuration Manager - Features and Capibilities

• 31min

0 / 5 lessons complete

SCCM 1902 Lab Setup

• 50min

0 / 12 lessons complete

Installing SCCM 1902 Installation

• 1hr 17min

0 / 11 lessons complete

Configuration Manager Basics

• 1hr 53min

0 / 8 lessons complete

Updating SCCM

• 30min

0 / 7 lessons complete

SCCM Client Installation

• 46min

0 / 4 lessons complete

User and Device Collections

• 1hr 0min

0 / 13 lessons complete

Application Management

• 2hr 34min

0 / 12 lessons complete

Operating System Deployment

• 23min

0 / 7 lessons complete

Endpoint Protection

• 1hr 12min

0 / 10 lessons complete

Troubleshooting

• 37min

0 / 4 lessons complete

Problems and Solutions from the Message Board

• 14min

0 / 5 lessons complete

You need to sign up to get access!

Sign up to get full access to this course.

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

The Anti-malware Policy Settings Overview

We need to understand the settings before we can build custom policies. With that in mind in we will present an overview of the various policy settings available to us in Endpoint Protection.

Open the SCCM console

  • From the Workspace click Assets and Compliance, from the navigation pane click Endpoint Protection, then click Antimalware Policies. Displayed are two policies, the SCEP Standard Desktop custom policy and the Default Antimalware Policy.

From the List View, right-click on Default Client Antimalware Policy, then select properties.

We see the categories on the left and the options or settings for each category on the right.

Scheduled Scans – These settings customize the schedule that you will utilize in your organization

  • Run a scheduled scan – the choices are Yes or no
  • Scan type – The choices are Quick Scan or Full Scan
  • Scan day – Select Daily or select one of the days Sunday through Saturday • Set the Scan Time  
  • Check for the latest definition updates before running a scan
  • You can Limit the amount of CPU utilization that should be used during the scan so that the system is still usable.

Scan Settings - These settings determine what will be scanned

  • Scan email and attachments
  • Scan USB thumb drives
  • Scan network files
  • Scan mapped network drives
  • Allow users to configure CPU usage during scans
  • Allow users control of scheduled scans – Normally set to no control

Default Actions - Specifies how Endpoint Protection responds based upon the rated severity Levels

  • Severe – We can choose remove, which will remove the malware.
  • High - We can choose remove, which will remove the malware.
  • Medium and Low – We can choose Quarantine

Real Time Protection – These settings enable you to configure the continuous monitoring capabilities on an Endpoint Protected client.  

  • Enable real-time protection – Set to Yes
  • Scanning system files -  Options are the scanning of incoming and outgoing files or incoming or outgoing files only
  • Enable behavior monitoring – Not just relying on known malware, but we are looking for suspicious activity to set alarms.
  • Enable protection against network-based exploits – Helps protect you against zero-day vulnerabilities.

Exclusion Settings - You can exclude files and folders because those files continually set off false alarms

  • Files, folders – Set the path to the files and folders
  • Files types – You can set file types like.jpeg or .bat
  • Excluded Processes – Here you can exclude processes like spoolsv.exe, which manages printing in the background without tying up your computer. You may not need to scan that process.

Advanced Settings – This contains things that you can allow the users to do.

  • Most of these settings I normally set to no
  • Delete quarantined files after (days) you can set this to whatever is appropriate.  

Threat Overrides - Here you can set a specific threat name like Adware:Win32/WebProtect, then select an Override action like allow, remove, quarantine

Cloud Protection Service – This setting enables the client to send information about detected malware to Microsoft for analysis.

Definition Updates – Determines how often EP clients should check updates for the endpoint protection engine, as well virus definitions

  • You can setup an hourly time interval that the client will check for Endpoint Protection definitions.
  • Check for EP definitions at a specified time

Set Source – You can set one or more settings in order, that will pull down updates depending upon what is checked.  This is saying that the client will receive it’s updates from one or more of these locations in the order that you select.

  • Updates distributed from Configuration Manager
  • Updates distributed from WSUS
  • Updates distributed from Microsoft Update
  • Updates distributed from Microsoft Malware Protection Center
  • Updates distributed from UNC shares

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Saving Progress...

0 0 votes
Lesson Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments