How effective is System Center 2012 Endpoint Protection for Windows?

Similar Messages

• Can I use System Center 2012 Endpoint Protection in "Windows Server Remote Desktop Session Host" without buy the license ?

  Can I use System Center 2012 Endpoint Protection in Azure Virtual Machine Gallary's "Windows Server Remote Desktop Session Host" without buy the System Center 2012 Endpoint Protection license ?
  I want to protect my Azure RemoteApp against the malware.
  System Center 2012 Endpoint Protection installed Azure Virtual Machine Gallary's "Windows Server Remote Desktop Session Host".
  Now, I try to build Azure RemoteApp template by using the  Azure Virtual Machine Gallary's "Windows Server Remote Desktop Session Host" .
  Regards,
  Yoshihiro Kawabata

  Hi Yoshihiro,
  Unless and until Microsoft modifies the license terms for System Center 2012 Endpoint Protection and/or modifies the Online Services Terms (OST) and/or other document explicitly saying that use is included with the Azure RemoteApp (ARA) monthly
  fee I recommend you assume as that it is
  not included and license it separately for ARA if that is even possible, which is a separate question.
  For licensing it is best to be cautious and make decisions based on the official documents that are available that govern use of the software and services involved.  At this moment I'm not able to find a Microsoft document that grants use of System
  Center 2012 Endpoint Protection with Azure RemoteApp.
  When I first used the gallery template and noticed that Endpoint Protection was installed within it I had the same question as you.  I will update this thread if/when I obtain more information.
  -TP

• System Center 2012 Endpoint Protection for Mac

  Has anyone had any experience instlling and using Microsoft's Endpoint for Mac?
  I have tried it and am having some difficulty wihen using ARD to control systems that have Endpoint installed.  Communications failures seem to occur and client systems quit responding to the ARD admin.  Eventually the systems do seem to come back but it might take 15 or 20 minutes.  When they have quite responding, the only way to get them back if you do not want to wait thm out is to force a "Power button 10 sec. reset" 
  The problem does not seem to be completely repeatable in that earlier in the day, I used this same manner of control on another room full of very similar systems and no problems took place.  The problem first surfaced Friday afternoon shortly after Endpoint was installed.  At that time 13 of 26 systems indicated "Communications Failure".  But today, tin he morning things worked as expected but the afternoon resulted in 11 of 23 systems showing the "communications failure".
  These clients are all iMac systems running 10.8.4 and have have permissions repairs done to them using ARD if they did not quit responding as mentioned above.
  I have found almost no information on Endpoint with the Mac version.  This version, for Mt. Lion seemed to have been released just this past May.  Prior to that there was not a Mt. Lion version available.
  Anyone have any experience with this Endpoint version for Mac Mt. Lion version?

  Didn't mean to propose that MS love (yes we all know that you love MS Jason) post as an answer to your question.
  Truth is SCEP may be good at how it works, it doesn't whine to users and it integrates to ConfigMgr. That's where it's good at.  And I get Jason's point there, I'd just like to know what are those "other products" that haven't found the malware
  when SCEP did? MS may gather telemetry, but so do all the other players.
  There are several companies that do ONLY and ONLY AV products so they put their 100% effort in them, I don't think that AV is the business priority number 1 for MS.
  Check this:
  http://lifehacker.com/microsoft-admits-that-third-party-antivirus-is-more-eff-1441135677
  And for your info Security Essentials uses the same AV engine that SCEP does.
  If you want REAL protection, tested in the REAL world, I suggest you read some reviews of the products.
  http://www.av-test.org/en/tests/corporate-user/windows-8/janfeb-2013/
  http://chart.av-comparatives.org/chart1.php
  --- ADVERT (I don't think it's illegal here, eh Jason?)
  I'd go with F-Secure, it's not that expensive and you get some neat features like USB (or any other device for that matter) blocker. And yes, it can be configured to use individual USB sticks and so on..

• System Center 2012 Endpoint Protection - any user may reboot Windows Server

  Hello,
  I've got System Center 2012 Endpoint Protection client installed on a Windows Server 2008 R2 Terminal Server. I've just noticed that if System Center Endpoint Protection detects some malware that requires system restart in order to successfully clean it,
  the notification will be seen by all logged users on Terminal Server and if anyone will press on "Restart" than the Server will reboot even if User hasn't the required permission and I think this is totally unacceptable, Microsoft has to do something
  about it. In all situations only an Administrator should have the right to restart the Server.
  Please fix this issue asap, thank you.

  While there is no setting that just controls the 'SCEP needs to reboot', there are other settings that might help.
  Have you tried setting "Disable the client user interface" to Yes on the antimalware policy?  How about "Show notifications messages..."?  I don't have a way to reproduce the behavior you were seeing, but maybe you can give it a shot.
  I understand why Microsoft would want to give non-admin users a prompt to reboot a machine that needs it to remove malware.  This is the typical scenario for most workstations. However, your exception with a terminal server is definitely something that
  needs a workaround. 
  If you put in Connect feedback asking for a discreet setting to control this, please post a link to it.
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you've found a bug or want the product worked differently,
  share your feedback.
  <-- If this post was helpful, please click "Vote as Helpful".

• Can I get the detecting malware alert by System Center 2012 Endpoint Protection in Azure RemoteApp ?

  Can I get the detecting malware alert by System Center 2012 Endpoint Protection in Azure RemoteApp ?
  I want to get the alert and cleanup malware and alert our Azure RemoteApp users.
  the System Center 2012 Endpoint Protection exist Azure Virtual Machine gallery "Windows Server Remote Desktop Session Host”.
  I test the behavior of System Center 2012 Endpoint Protection by TrendMicro Malware sample "EICAR".
  Regards,
  Yoshihiro Kawabata

  Thank you Pavithra for reply.
  I have 3 points for alerting users and admins of Azure RemoteApp template image.
  point 1: Fix action.
    When the user detect a malware, There are some reasons,
    like viewing a malicious web site, like using the vulnerable applications.
    The User must fix his action in Azure RemoteApp session.
    "Hey, the reason is that you open this web site, Don't open this web site"
  point 2: Fix server.
    When the user detect a malware, ITpro of Azure RemoteApp fix the current Azure Virtual Machine of Azure RemoteApp.
    There may be infected with other malwares.
    ITpro need to fix the current Azure Virtual Machine of Azure RemoteApp before infecting other users.
    "Hey, This Azure RemoteApp collection will update with the template image after ten minutes."
  point 3: Fix damage.
    When the user detect a malware, ITpro of Azure RemoteApp research the damage of all system,
    like whether or not sent the infected email to other persons by other malware,
    like whether or not broken other related systems by other malwares.
    "Hey, Are other systems OK ?"
  Regards,
  Yoshihiro Kawabata     

• Microsoft System Center 2012 Endpoint Protection compared to Sophos endpoint protection.

  Hi All,
  We are currently running Sophos Enterprise Console with Sophos Endpoint protection in our environment. We use most of the Sophos functionality with Device Control, Application Control, Disk Encryption and Tamper Protection. We are looking to move to
  Microsoft System Center 2012 Endpoint Protection, but is not sure if the Microsoft product will be able to offer us the same functionality as the Sophos product with the same level of protection.
  I have done some research and found that we will have to implement MDOP with System Center to come close to achieve our Sophos functionality. Is this true? Or can everything be centrally managed?
  Please advise with suggestions before we get rid of Sophos will be highly appreciated.
  Kind Regards,
  Francois Kaljee
  Regards Francois Kaljee IT Systems Administrator MCITP Svr2k8 Direct: +2712 381 1000 Cell: +2782 852 2367 Fax: +2786 602 8482 GPS: S 25 39.639 E 27 50.699 Hernic's Street Address: R/E of PTN 103 De Kroon 444 JQ Brits 0250 South Africa Hernic's
  Postal Address: P.O.Box 4534 Brits 0250 South Africa

  Most third-party security vendors have multiple products that they bundle together. You need to sit down and define your requirements in terms of functionality and features and then map those to Microsoft's offerings. Trying to find equivalent "products"
  won't really work.
  You also need to look at the cost. It's quite possible that many of the required MS technologies are available to you through your EA. This is the way to sell a strategy like this to your business.
  Simply comparing product features won't work. It should be a combination of
  1. what do I actually need?
  2. what will it cost?
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• System Center 2012 Endpoint Protection

  I am trying to install System Center 2012 Endpoint Protection on my computer for Windows 8.1 and keep getting  Error code:0x8004FF71. The license is
  offered through our school. Not sure what to do so it will install. 

  Hi,
  You need to use System Center Endpoint PRotection 2012 R2 as that it is the version that supports Windows 8.1.
  https://social.technet.microsoft.com/Forums/en-US/d9e257f2-3959-430e-a687-749ce43376c2/sccm-2012-endpoint-protection-on-windows-81?forum=configmanagersecurity
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• System Center 2012 Endpoint Protection manual scan from UNC

  We run SCCM 2012 R2, and 2012 Endpoint protection on a few servers.  I tried navigating to a UNC path, then right clicking and selecting 'Scan with System CEnter endpoint protection", but when doing so I get Scan completed on 0 items, regardless
  of the folder size I select.
  Is it not possible to scan a UNC path manually with SCEP 2012?
  Tony

  Hi,
  I think this is by design. There is no options from Antimalware Policies in console to control this.
  You could also have a look at the following thread.
  http://social.technet.microsoft.com/Forums/sqlserver/en-US/3713c941-f176-4b0f-897d-a0c4e14b4d4f/scep-2012-not-able-to-scan-network-sharesdrives
  Best Regards
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• System Center 2012 Endpoint Protection - Need to allow user definable exclusions

  I have a group of developers (40+) who I need to allow to define exclusions from scanning in Endpoint protection. This would need to be for 'Files and Locations' and 'Excluded Processes' and potentially 'File types' - Although 'Files types' is the least
  important.
  How would I do this?
  I know how to define and add for a collection of objects, but not to allow people to do this as a collection of computers.
  Doing this globally for their collection isn't an option, as there are to many varying configurations, prefferences and changes over the course of a developers day for me to administer correctly.
  Your help is appreciated.

  Hi,
  the settings for allowing local exlusions is made per computer so you would have to create a Collection for these computers and deploy the custom policy to these computers.
  You cannot deploy this settings to users..
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• System Center 2012 Endpoint Protection - Real-time Protection won't turn on

  Real-time protection is enabled in settings, but fails to turn on:
  Error when I try and start it:
  System Center Endpoint Protection coun't turn on real-time protection.  This operation returned because the timeout period expired. Error code: 0x800705b4

  Hi, 
  Based on your description, this might happen when the previous forefront files are not being completely uninstalled from the computer. 
  Another important aspect for troubleshooting is to look into computer registry. You need to clean the residual records of previous forefront.
  Also, you should install a new .NET framework. If the current version does not work after repairing, you need to download the latest one on Microsoft official website and install it on your computer.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• System Center 2012 Endpoint Protection Deployment State of Client= unmanaged

  Hello Everyone,
  We are facing issues deploying SCEP on machines. The deployment state for clients shows as un-managed. Client settings & AntiMalware policy have been configured properly. SCCM Client has been installed successfully, however the Endpoint Protect deployment
  state would not change to "To be Installed"/'Managed" from "unmanaged". Even after trying to install SCEP manually along with policy it shows as unmanaged. Please suggest how do i proceed further in this case.
  Thanks
  Sumit

  Below is what it shows in EndpointProtectionAgent.log
  =========
  Handle EP Deployment policy. EndpointProtectionAgent 06/05/2014 15:53:48 4648 (0x1228)
  Failed to get EP event code under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 06/05/2014 15:53:48 4648 (0x1228)
  Failed to get EP event message under registry key SOFTWARE\Microsoft\CCM\EPAgent EndpointProtectionAgent 06/05/2014 15:53:48 4648 (0x1228)
  start to send State Message with topic type = 2001, state id = 1, and error code = 0x00000000 EndpointProtectionAgent 06/05/2014 15:53:48 4648 (0x1228)
  Start to send state message. EndpointProtectionAgent 06/05/2014 15:53:48 4648 (0x1228)
  Send state message successfully EndpointProtectionAgent 06/05/2014 15:53:48 4648 (0x1228)
  Service startup notification received EndpointProtectionAgent 06/05/2014 15:54:54 2504 (0x09C8)
  Endpoint is triggered by CCMTask Execute. EndpointProtectionAgent 06/05/2014 15:54:54 2504 (0x09C8)
  File C:\Windows\ccmsetup\SCEPInstall.exe version is 4.1.522.0. EndpointProtectionAgent 06/05/2014 15:54:54 2504 (0x09C8)
  EP version 4.1.522.0 is already installed. EndpointProtectionAgent 06/05/2014 15:54:54 2504 (0x09C8)
  Expected Version 4.1.522.0 is exactly same with installed version 4.1.522.0. EndpointProtectionAgent 06/05/2014 15:54:54 2504 (0x09C8)

• System Center 2012 Enpoint Protection Version Numbers

  Hello All,
  I'm attempting to run a report or a query in SCCM 2012 regarding the various version numbers in Endpoint Protection.
  Essentially I'm looking for a listing/report of all my servers and clients that gives back the following information:
  Is this type of report or query even possible?
  Thanks,
  Bill

  Hi,
  You could see these information stored in HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Microsoft Antimalware -> Signature Updates.
  Then you can extend hardware inventory to collect these registries' values, create an custom report.
  For your reference:
  http://it.peikkoluola.net/2013/06/20/extend-sccm-client-hardware-inventory-with-a-custom-attribute-value/
  (Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Failed to import drivers System Center 2012 Config Manager on Windows 2008 R2 Datacenter

  Hello, I am having a problem importing Surface Pro 3 drivers into SCCM 2012 on Win2008 R2 Datacenter for OSD.  I get the message that the selected drivers are not applicable to any supported platforms.  I know there was a hotfix for SCCM 2007
  and Win7 only drivers.  Is there one for SCCM 2012 and Win8.1 drivers?  Or is there something else I need to be looking at?  Everything I find is for SCCM 2007 not 2012.  Any push in the right direction is greatly appreciated.

  Hi,
  Please check the answer of the thread below to see if it can also resolve your issue.
  Quote:
  They verified that this is NOT an SCCM 2012 Issue,  but is in fact an issue with the underlying server OS of (in this case) Server 2008 R2 SP1.  There is a known bug with inf file verfication: http://support.microsoft.com/kb/979492, but the hotfix
  doesn't currently fix it. 
  The workaround is to edit the Manufacture section of the affected inf files, and add NTx86.6.1.1 to the line, like this:
  [Manufacturer]
  %Microsoft% = Microsoft, NTamd64,NTx86.6.1.1
  https://social.technet.microsoft.com/Forums/en-US/534b67e5-d2db-457a-863c-f0bd381eaf4d/driver-is-not-applicable-to-any-supported-platforms?forum=confi
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to access for Virtual machines in System Center 2012 r2 by remote console through code?

  Hi All,
  I am new in System Center. I am using System Center 2012 R2. I have a web application written by dot net, which shows the list of virtual machines created in the SCVMM.  Now, I need to select a Virtual Machine from the list, and click a link named "console
  access". This will allow the console access to the virtual machine. How can I perform this task?
  Thanks in advance,
  Moohak

  The SCVMM VM console is an ActiveX application.
  It is installed with the SCVMM Console application.
  If you search around for the old SCVMM Self Service portal, you will discover how MSFT originally enabled this from a web front end.
  If you look at Windows Azure Pack you will find a new pattern using RDP gateway.
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.

• Error installing DPM Agent in Update Rollup 5 for System Center 2012 R2 Data Protection Manager

  I have updated my main DPM server to Update Rollup 5 for System Center 2012 R2 Data Protection Manager and all went well.
  All Protected servers updated and rebooted and continued protection - EXCEPT one;
  Physical Windows Server 2012 R2 Datacenter.
  Tried Manual install - no luck
  Removed Protection Agent / rebooted / re-installed - no luck
  Installed all updates / re-install - no luck
  this seems to be the only indicated problem in MSDPMAgentInstall.LOG.....
  Property(S): PATCHMediaSrcProp = C:\Windows\Microsoft Data Protection Manager\DPM\ProtectionAgents\RA\4.2.1292.0\DPMProtectionAgent_KB3021791.msp
  MSI (s) (04:34) [09:24:23:772]: Product: Microsoft System Center 2012 R2 DPM Protection Agent - Update 'Microsoft System Center 2012 R2 DPM Protection Agent Update - KB3021791' could not be installed. Error code 1603. Additional information is available in
  the log file C:\Windows\\Temp\MSDPMAgentInstall.LOG.
  MSI (s) (04:34) [09:24:23:772]: Windows Installer installed an update. Product Name: Microsoft System Center 2012 R2 DPM Protection Agent. Product Version: 4.2.1292.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Update Name: Microsoft System
  Center 2012 R2 DPM Protection Agent Update - KB3021791. Installation success or error status: 1603.
  MSI (s) (04:34) [09:24:23:772]: Note: 1: 1729
  MSI (s) (04:34) [09:24:23:772]: Note: 1: 2205 2:  3: Error
  MSI (s) (04:34) [09:24:23:772]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1729
  MSI (s) (04:34) [09:24:23:772]: Note: 1: 2205 2:  3: Error
  MSI (s) (04:34) [09:24:23:772]: Note: 1: 2228 2:  3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
  MSI (s) (04:34) [09:24:23:772]: Product: Microsoft System Center 2012 R2 DPM Protection Agent -- Configuration failed.
  MSI (s) (04:34) [09:24:23:772]: Windows Installer reconfigured the product. Product Name: Microsoft System Center 2012 R2 DPM Protection Agent. Product Version: 4.2.1292.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success
  or error status: 1603.
  Any help would be greatly appreciated.

  Hotfix for known issue with Update Rollup 5 for System Center 2012 R2 Data Protection Manager
  http://www.microsoft.com/en-us/download/details.aspx?id=45914&WT.mc_id=rss_alldownloads_all
  Have a nice day !!!
  DPM 2012 R2: Remove Recovery Points