Overview of SCCM and Endpoint Protection...

I'm very new to the whole SCCM environment and I'm having the damnedest time finding just basic information concerning SCCM and it's separate modules. I have three basic questions that I hope someone here can answer before I move forward with anything to
do with SCCM:
1. My main need at this time is to deploy the Endpoint Protection portion to all of the machines in our Domain. Does EP require the Configuration Manager to get the central administration I'm looking for?
2. Can modules be added to SCCM any time? For example, if I were able to just get the Endpoint Protection installed now, could I add the rest of the suite later?
3. Where can I find installation instructions for SCCM, Configuration Manager and Endpoint Protection?
Thanks
Brian Brehart Network Administrator SurePayroll, Inc.

1.  Yes, to manage Endpoint Protection, you need ConfigMgr.
2.  ConfigMgr has many different roles (but not separate modules) which can be implemented later like Application Management and Operating System Deployment.
3.  You can find detailed step-by-step guides that are meant to help a person learn the product.
http://gerryhampsoncm.blogspot.com/2013/02/sccm-2012-sp1-step-by-step-guide.html
http://www.windows-noob.com/forums/index.php?/topic/4045-system-center-2012-configuration-manager-step-by-step-guides/
However, these guides are not prescriptive for the real world, just learning.  ConfigMgr is arguably one of the most powerful and complex tools that Microsoft sells.  Consider engaging an experienced consultant to architect and implement it, and/or
take an in person training course.
I hope that helps,
Nash
Nash Pherson, Senior Systems Consultant
Now Micro -
My Blog Posts
If you found a bug or want the product to work differently,
share your feedback.
<-- If this post was helpful, please click the up arrow or propose as answer.

Similar Messages

  • SCCM 2012 Endpoint Protection initial update not downloaded

    Hi,
    I'm new to SCCM 2012. I recently started deploying the Endpoint  Protection to all of clients (Windos 7 and XP Pro). 
    I've noticed that some clients have not been updating their initial definitions after the Endpoint Protection Software is installed. 
    Since they are not updating their detonation the client remains unprotected with the status icon in red.
    The odd thing is that some of our computers do the initial update just fine while others are effected. 
    Also if I click update manually then the update goes through no issue, but with 100+ clients not updated its not something I want to do manually. 
    The clients are set to receive auto updates via a auto deployment rule. 
    Also the antimalware policy is set to do updates as well in this order: 
    Config Mgr
    WSUS
    Microsoft Malware Protection Center
    Microsoft Update
    Has anyone seen this before? 
    If I need to upload any specific logs just let me know. 
    Many Thanks

    Do you have Software update configured (and working) thru ConfigMgr or using a standalone WSUS?
    Kent Agerlund | My blogs: blog.coretech.dk/kea and
    SCUG.dk/ | Twitter:
    @Agerlund | Linkedin: Kent Agerlund |
    Mastering ConfigMgr 2012 The Fundamentals

  • SCCM 2012 EndPoint Protection migration

    I have the old ConfigMgr 2012 name " BACKOFFICE" it is currently managing all the EndPoint Protection for all workstations/servers.
    I now have new ConfigMgr 2012 called "SCCM"  I just installed ForeFront EndPoint Protection and configured the Custom Client Deviec EndPoint Protection to roll out to workstations. What is the best practice to remove old ForeFront EndPoint
    Protection client from old site name and install new one?
    1. Do I have to manually uninstall EndPoint Client in control panel for each computer? or is there a way to just uninstall for all computers using the old COnfigMgr 2012 "BACKOFFICE"
    Thanks for your help!

    Hi !
    You have to reassign the desired clients.
    It can be scripted:
    http://msdn.microsoft.com/en-us/library/cc146558.aspx
    Otherwise, you could install again the client on your targets, with the following options: force install and site assignement.
    You can refer to this link:
    http://technet.microsoft.com/en-us/library/gg712298.aspx
    Hope this helps.
    Note: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights. Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and
    recognises useful contributions.

  • SCCM 2012 - Endpoint Protection Reporting only using static end date

    I have created a subscription to the Endpoint Protection/Antimalware Activity Report built into SCCM2012/Endpoint Protection.
    My problem is that I am having trouble getting the dates to work correctly.  I want to have the report automaticlly emailed out every monday morning with the status from the last 7 days (i.e. since the last monday report). 
    However the subscription seems to want a static end date.  That is, every monday when the report runs it gives me a status report from the exact same 7 days.  Not the most recent 7 days. 
    How do I go about changing this so it is useful and that every monday it runs, the report it creates/sends is from the the last 7 days?

    I hope this helps (I am still testing it) but I did this by:-
    "Editing" the default report such as "Antimalware activity report".
    To avoid corrupting this default report before you change anything select SaveAs and call it something like "Antimalware activity report
    for the last 7 days".
    Open Datasets, StartEndDates and replace the query with this for the last 7 days
    "select DATEADD(day,datediff(day,0,GetDate())- 7,0) as StartDate, DATEADD(day,datediff(day,0,GetDate()),0) as EndDate"
    Then open Parameters, StartDate and under General change it to "Hidden".
    Then open Parameters, EndDate and under General change it to "Hidden".
    Save and test
    I had to set the "default value" on each parameter, per Lillonel:
    StartDate : =DateAdd("d",-7,Globals!ExecutionTime)
    EndDate : =Globals!ExecutionTime
    It looks like it is using a 7 day window now.

  • Pb: IPSSVC and Endpoint protection

    I am getting "Target alerts" re thread stopped and then resumed at every log in, with event logs growing.
    Symantec endpoint objecting to  C:\\WINDOWS\system32\IPSSVC.EXE
    I see earlier posts re this problem but no fixes. 
    I am running XP Professional on Lenovo X60 refurbished just purchased.
    Ideas?
    Thnx.

    Use the Think Vantage System Updater and install the Maintenance Manager.  I believe it is found in the Optional updates tab.

  • SCCM 2012 Endpoint Protection Definition Update

    Hi Guys, can you please help me out with this, some of the clients are not pulling or seeing the latest definition updates from the server.
    What do I check?

    Again - Start with the EndpointProtectionAgent.log file on the clients
    http://technet.microsoft.com/en-us/library/c6675aac-4bb8-4b4b-9075-06b4ecec2a18#BKMK_ClientOpLogs
    Nick Moseley | http://t3chn1ck.wordpress.com
    What do I look for in the CIDownloader.log?

  • Automatic Install of Endpoint Protection fails on windows 8.1 clients with SCCM 2012 R2

    Running SCCM 2012 R2 and deploying CM clients and Endpoint Protection via software updates. CM client and EP install fine on Windows 7 clients. CM client installs fine but endpoint protection fails on Windows 8.1 clients with the following from the
    endpoint protection agent log:
    <![LOG[Create Process Command line: "C:\Windows\ccmsetup\SCEPInstall.exe" /s /q /policy "C:\Windows\CCM\EPAMPolicy.xml".]LOG]!><time="12:22:02.560+240" date="08-13-2014" component="EndpointProtectionAgent"
    context="" type="1" thread="4260" file="epagentutil.cpp:607">
    <![LOG[Detail error message is : [EppSetupResult]
    HRESULT=0x80070643
    Description=Cannot complete the System Center Endpoint Protection installation. An error has prevented the System Center Endpoint Protection setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal
    error during installation.
    So on the win8.1 client I run the above command line manually in a command window and receive Access is denied. Then I run the same command in an elevated command window and EP installs fine. Does this have something to do with why the automatic
    EP client install fails with the 0x80070643 error code? If so, what is the fix?

    Hi,
    Try uninstalling any other security software.
    For more information, please review the link below:
    I‘m getting an error code from my Microsoft security software
    http://www.microsoft.com/security/portal/mmpc/help/errorcodes.aspx
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Quiet removing Antivirus SCCM Endpoint Protection without user intervention

    Antivirus SCCM
    2012 Endpoint Protection is deployed on Workstations.Can
    I uninstall Endpoint Protection on the
    computers on the network automatically via SCCM or command-line tools
    invisible from the user?

    You need to create a package to uninstall the
    SCCM 2012 Endpoint Protection.
    Uninstall string: C:\Windows\ccmsetup\scepinstall.exe
    /u /s
    Make sure you disable End point protection policy and select False or No in
    Manage Endpoint Protection client on client computers, otherwise the client will be reinstall. 
    http://technet.microsoft.com/en-us/library/4acd0c29-e453-4863-8194-e479263291c8#BKMK_EndpointProtectionDeviceSettings
    Please take a moment to Vote as Helpful and/or Mark as Answer where applicable.
    Thanks.

  • Deploying SCCM EndPoint Protection Client with updates?

    Am using SCCM 2012 r2 and need to get the EndPoint Protection Client built int o my image. 
    If I deploy it post-imaging the laptop, how do I get the latest definitions?
    Because it shows up with a red icon in the system tray and I have to go in and manually update the definitions after I install it. 
    Is there a task that could be done in an OSD to update the definitions?
    Otherwise only way I can think of is preinstall and update and get the full scan done before capturing an image of my system to deploy to other systems. 

    Hi,
    If you use Endpoint Protection on all computer including the latest definitions in your Build and Capture saves time.
    Otherwise ,the command line in windows works fine ,trigger an update of SCEP at the end of the task sequence:
    "%Program Files%\Microsoft Security Client\mpcmdrun.exe" -SignatureUpdate
    Here are some great articles for you reference:
    Operating System Deployment and Endpoint Protection Client Installation
    http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx
    How to Configure Definition Updates for Endpoint Protection in Configuration Manager
    http://technet.microsoft.com/en-us/library/jj822983.aspx 
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Steps to install Forefront Endpoint Protection 2010?

    I've been searching on how to install Forefront Endpoint Protection 2010 on a Windows Server 2012 R2 Server.  I can't seem to find anything about this.  Can someone tell me the steps I need to take.  I installed SQL 2012, then SCCM
    2012, but when I launch the Forefront 2010 installer its saying it can't find SCCM 2007.  I take it its not supported in Forefront 2010? Anyways, if there are instructions on how to install the Endpoint Protection and Exchange Online protection I'd appreciate
    it.  
    Fernando

    Hi,
    In SCCM 2012 Endpoint Protection 2012 is integrated so you cannot install FEP 2010 in it. Add the Site System role called "Endpoint Protection" on your Primary site server, CAS if you use a CAS and then you are good to go.
    the steps are described here:
    http://blogs.technet.com/b/anilm/archive/2012/02/19/how-to-enable-configuration-manager-2012-endpoint-protection.aspx
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • What is Licensing Method for SCCM and SCOM 2012

    What is Licensing Method for SCCM and SCOM 2012
    We have 75000 clients, so we going to implement SCCM and SCOM 2012 environment in azure. Actually we plan to go for One Central Administration site and three primary sites (to manage this clients), going to host in Azure. I need to know how the licensing
    process work for this environment, how many licenses we need to get for this? is charging for Client based, Site based or environment based?  Please update.
    Thank you
    Fazal
    Fazal(MCTS)

    Hi,
    Running the SCCM and SCOM servers themselves in Azure to manage clients outside azure is not really supported if I remember correctly..
    http://blogs.technet.com/b/configmgrteam/archive/2013/10/23/configmgr-and-endpoint-protection-support-for-windows-azure-vms.aspx
    Licensing is explained here.
    http://www.microsoft.com/licensing/about-licensing/SystemCenter2012-R2.aspx
    In short for Client OS you need a cal per client, included in Core CAL and Enterprise CAL.
    For servers it is licensed per CPU and can be licensed for all virtual servers on a host as well, included in the guide above.
    ps. side note a CAS is not really necessary in most case if you don't have more than 100'000 clients, it adds a lot of complexity and I would avoid it if I could.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCEP 2012R2 downloading Endpoint Protection definitions from Microsoft, rather than using internal Distribution Point

    Hi all, 
    Need your help figuring out why SCEP definitions are being updated from Microsoft and not from the local DP. 
    * I have a new 5 site SCCM hierarchy with a Primary site installed in EMEA HQ and a secondary site in 4 x USA offices. 
    * A Software update point and Endpoint protection point are deployed in HQ primary site. 
    * Software updates for SCEP have been synched down to the Primary site server which has WSUS role installed, a software update group created and an Automatic Deployment rule created to push these definition updates to the relevant device collection. 
    * Distribution > Content Status shows the software update package has been replicated successfully to all 5 DP's in the environment. 
    * An antimalware policy that specifies only SCCM as the definition updates has been created and is deployed to the relevant device collection. 
    * Custom client settings that disable alternate sources for initial definition update have also been created and deployed to the relevant device collection. 
    **** Yet, a closer look at the MPRUNCMD.log on client machines, shows that definition updates are coming from Microsoft
    I'm baffled why they still download from Microsoft despite disallowing this and making the DP the only source. 
    MpCmdRun: Command Line: "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -UnmanagedUpdate
     Start Time: ‎Mon ‎Apr ‎27 ‎2015 07:28:02
    Start: Signatures Update Service
    Update Started
    Search Started (MU/WU update) (Path: http://www.microsoft.com)...
    Time Info - ‎Mon ‎Apr ‎27 ‎2015 07:28:55 Search Completed 
    Update completed succesfully. no updates needed
    End: Signatures Update Service
    MpCmdRun: End Time: ‎Mon ‎Apr ‎27 ‎2015 07:28:55
    Note - One of the secondary sites has a very poor internet connection, so it's not feasible for definitions to be downloaded from the web. This is why a solution is required. 
    Thanks....

    Hi,
    Could these clients get other updates from SCCM?
    You could check the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\EPAgent\LastAppliedPolicy to see if the definition updates policy is applied to the client.
    Best Regards,
    Joyce
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • System Center 2012 Endpoint Protection

    I am trying to install System Center 2012 Endpoint Protection on my computer for Windows 8.1 and keep getting  Error code:0x8004FF71. The license is
    offered through our school. Not sure what to do so it will install. 

    Hi,
    You need to use System Center Endpoint PRotection 2012 R2 as that it is the version that supports Windows 8.1.
    https://social.technet.microsoft.com/Forums/en-US/d9e257f2-3959-430e-a687-749ce43376c2/sccm-2012-endpoint-protection-on-windows-81?forum=configmanagersecurity
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • Creating an application for SC endpoint protection

    We are in the process of deploying SCCM 2012 R2 with EP to our environment.  The server is up and running, and we have both clients deployed out to our initial batch of test clients.  However, during the deployment we encountered errors when deploying
    the Endpoint protection.  The issue is that we are using Symantec Endpoint Protection version 12, which SCEP is not supported to uninstall.  My solution is to import both anti-virus clients into SCCM Applications.  Then set the SCEP application
    to supersede the Symantec client, forcing the removal of the Symantec client using the uninstall string provided by Symantec's msi, when we push the SCEP client.  I have imported the Symantec msi's into SCCM, but I need some guidance on importing the
    System Center EP msi.  I located the install in: Program Files\Microsoft Configuration Manager\Client, however the install is in EXE format not MSI, preventing me from using the benefits of using applications. So I have the following questions:
    Where can I get the MSI version of the install, will it install both the x64 and x86, or will it be 2 separate MSI's?
    Assuming I can get the MSI, are there any special commands needed when I launch the install?
    Is this the correct course of action? or if I can not get the MSIs is there another way I can remove SEP 12 and then install SCEP?
    Mark

    First of all, your all applications do not need to be .MSI -packages if you want to deploy them, they can be any commandline that can be executed silently (for example .exe, .vbs, .ps1, .cmd, .bat...). What you're trying to do is a good way, you configure
    the SCEP application and configure it to supersede your SEP12. After that you deploy SCEP, it will uninstall the SEP12 and install itself and your good to go.
    Here are some links that provide good info for you:
    http://www.css-security.com/blog/how-to-perform-a-manual-fep-client-installation/
    http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx
    According to those the correct installation string for your SCEP Application would be: "scepinstall.exe /s /q"  note that there are several other switches which you can use, but with that you should simply install the SCEP.

  • SCCM and ForeFront Endpoint Protection point site system role

    Thanks for looking at this......I am working with SCCM 2012, and ForeFront Endpoint Protection has been set up as an Endpoint Protection point site system role.  Up to now we just haven't had to mess with it much, it just has worked.  I
    have been busy packaging applications for the eager public. I have one pc that has had the Endpoint client self destruct.  Had to remove it via the control panel.  I next did a machine policy retrieval and evaluation cycle (among others) and sccm
    shows that it is aware that this particular machine needs FEP. It lists it as "To Be Installed".  How long will this take?  I have things set for "as soon as possible".   Am I at the mercy of Sccm?  Also, is there
    a way to force the install?  Thanks for any light you can shed on this!

    This will depend on your SCCM client policy settings to allow SCEP installation outside of maintenance windows (if you have any).
    It will also depend if you are using 2 hour deployment "randomizer" option in your SCCM client policy.
    Lastly, you can install it with BITS that have already been downloaded with SCCM client install.
    c:\windows\ccmsetup\scepintall.exe

Maybe you are looking for

  • Publishing bw workbooks to the portal

    I am trying to find out what portal role a bw designer would need in order to publish workbooks\queries to KM in the portal and also to publish reports as an iview.  We have a few bw folks who are trying to accomplish this.  In the portal I had assig

  • HT1657 Why is only one of the two movies I've payed for from iTunes store refusing to download onto my iTouch 4 gen?

    I payed for two movies through iTunes store on my computer, after they were ready to be transfered to the iTouch from my rental library, only one successfully went through. The other film completely disregarded the attempt to show even a 'loading' ba

  • Report 3.0 Problems

    i have 3 problems: 1-How can i open a rep file without asking the user,password,and the database instance? 2- months_between function (01-mar-2001,28-mar-2000) return 11.90 --->false it must be 12) 3-when calling a report using run_product function i

  • Which Adapter? External Monitor to Macbook Pro

    I'm confused as to which adapter I need in order to connect my external monitor to my Macbook Pro. The monitor is a Samsung P2250 (21.5", LCD). Any help would be appreciated.

  • Blackberry message format

    After installing 'crunch sms' then uninstalling it after becoming annoyed with it, the message format has not changed back correctly. So now when i send messages they look like the blackberry messenger way. Is there an easy way to change it back to i