0%

0/1 Lessons

Getting Started with this Course

• 26min

0 / 3 lessons complete

System Center Configuration Manager - Features and Capibilities

• 31min

0 / 5 lessons complete

SCCM 1902 Lab Setup

• 51min

0 / 12 lessons complete

Installing SCCM 1902 Installation

• 1hr 32min

0 / 11 lessons complete

Configuration Manager Basics

• 1hr 58min

0 / 8 lessons complete

Updating SCCM

• 30min

0 / 7 lessons complete

SCCM Client Installation

• 46min

0 / 4 lessons complete

User and Device Collections

• 1hr 6min

0 / 13 lessons complete

Application Management

• 2hr 34min

0 / 12 lessons complete

Operating System Deployment

• 23min

0 / 7 lessons complete

Endpoint Protection

• 1hr 11min

0 / 10 lessons complete

Troubleshooting

• 37min

0 / 4 lessons complete

Problems and Solutions from the Message Board

• 14min

0 / 5 lessons complete

The Anti-malware Policy Settings Overview

Instructions

Q&A (0)

Notes (0)

Resources (0)

Saving Progress...

Resources

There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

We need to understand the settings before we can build custom policies. With that in mind in we will present an overview of the various policy settings available to us in Endpoint Protection.

Open the SCCM console

  • From the Workspace click Assets and Compliance, from the navigation pane click Endpoint Protection, then click Antimalware Policies. Displayed are two policies, the SCEP Standard Desktop custom policy and the Default Antimalware Policy.

From the List View, right-click on Default Client Antimalware Policy, then select properties.

We see the categories on the left and the options or settings for each category on the right.

Scheduled Scans – These settings customize the schedule that you will utilize in your organization

  • Run a scheduled scan – the choices are Yes or no
  • Scan type – The choices are Quick Scan or Full Scan
  • Scan day – Select Daily or select one of the days Sunday through Saturday • Set the Scan Time  
  • Check for the latest definition updates before running a scan
  • You can Limit the amount of CPU utilization that should be used during the scan so that the system is still usable.

Scan Settings - These settings determine what will be scanned

  • Scan email and attachments
  • Scan USB thumb drives
  • Scan network files
  • Scan mapped network drives
  • Allow users to configure CPU usage during scans
  • Allow users control of scheduled scans – Normally set to no control

Default Actions - Specifies how Endpoint Protection responds based upon the rated severity Levels

  • Severe – We can choose remove, which will remove the malware.
  • High - We can choose remove, which will remove the malware.
  • Medium and Low – We can choose Quarantine

Real Time Protection – These settings enable you to configure the continuous monitoring capabilities on an Endpoint Protected client.  

  • Enable real-time protection – Set to Yes
  • Scanning system files -  Options are the scanning of incoming and outgoing files or incoming or outgoing files only
  • Enable behavior monitoring – Not just relying on known malware, but we are looking for suspicious activity to set alarms.
  • Enable protection against network-based exploits – Helps protect you against zero-day vulnerabilities.

Exclusion Settings - You can exclude files and folders because those files continually set off false alarms

  • Files, folders – Set the path to the files and folders
  • Files types – You can set file types like.jpeg or .bat
  • Excluded Processes – Here you can exclude processes like spoolsv.exe, which manages printing in the background without tying up your computer. You may not need to scan that process.

Advanced Settings – This contains things that you can allow the users to do.

  • Most of these settings I normally set to no
  • Delete quarantined files after (days) you can set this to whatever is appropriate.  

Threat Overrides - Here you can set a specific threat name like Adware:Win32/WebProtect, then select an Override action like allow, remove, quarantine

Cloud Protection Service – This setting enables the client to send information about detected malware to Microsoft for analysis.

Definition Updates – Determines how often EP clients should check updates for the endpoint protection engine, as well virus definitions

  • You can setup an hourly time interval that the client will check for Endpoint Protection definitions.
  • Check for EP definitions at a specified time

Set Source – You can set one or more settings in order, that will pull down updates depending upon what is checked.  This is saying that the client will receive it’s updates from one or more of these locations in the order that you select.

  • Updates distributed from Configuration Manager
  • Updates distributed from WSUS
  • Updates distributed from Microsoft Update
  • Updates distributed from Microsoft Malware Protection Center
  • Updates distributed from UNC shares

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

0 0 votes
Lesson Rating
Subscribe
Notify of
profile avatar