Microsoft System Center Endpoint Protection Cookbook - Second Edition
()
About this ebook
Over 31 simple yet incredibly effective recipes for installing and managing System Center 2016 Endpoint Protection
About This Book- This is the most practical and up-to-date book covering important new features of System Center 2016 Endpoint protection
- Gain confidence in managing IT and protecting your server against malware and other threats
- Configure and automate reporting features and also prepare yourself for a simple and pain-free migration process
If you are a System Administrator or Engineer using System Center 2016 Endpoint Protection, then this book is for you. You should have a good background with Microsoft products in general, although no knowledge of Endpoint Protection is required.
What You Will Learn- Explore the best practices for Endpoint Protection in System Center Configuration Manager
- Provision the Endpoint Protection Client in a Disk Image in Configuration Manager
- Get to know more about the Security Center
- Configure definition and engine client updates to be optimum for your bandwidth
- Make your application or server work with Endpoint Protection enabled
- Find out how to deal with typical issues that may occur with Endpoint Protection
- Know how to respond to infections that often occur
System Center Configuration Manager is now used by over 70% of all the business in the world today and many have taken advantage engaging the System Center Endpoint Protection within that great product.
Through this book, you will gain knowledge about System Center Endpoint Protection, and see how to work with it from System Center Configuration Manager from an objective perspective.
We'll show you several tips, tricks, and recipes to not only help you understand and resolve your daily challenges, but hopefully enhance the security level of your business.
Different scenarios will be covered, such as planning and setting up Endpoint Protection, daily operations and maintenance tips, configuring Endpoint Protection for different servers and applications, as well as workstation computers. You'll also see how to deal with malware and infected systems that are discovered. You'll find out how perform OS deployment, Bitlocker, and Applocker, and discover what to do if there is an attack or outbreak.
You'll find out how to ensure good control and reporting, and great defense against threats and malware software. You'll see the huge benefits when dealing with application deployments, and get to grips with OS deployments, software updates, and disk encryption such as Bitlocker. By the end, you will be fully aware of the benefits of the System Center 2016 Endpoint Protection anti-malware product, ready to ensure your business is watertight against any threat you could face.
Style and approachBuild robust SCEP and AV policies and discover the new potential of exciting new features of SCEP 2016.
Related to Microsoft System Center Endpoint Protection Cookbook - Second Edition
Related ebooks
Microsoft System Center Endpoint Protection Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsMicrosoft System Center 2012 Endpoint Protection Cookbook Rating: 0 out of 5 stars0 ratingsMicrosoft System Center Orchestrator 2012 R2 Essentials Rating: 0 out of 5 stars0 ratingsSpring Security: Secure your web applications, RESTful services, and microservice architectures Rating: 0 out of 5 stars0 ratingsWindows 10 for Enterprise Administrators: Modern Administrators' guide based on Redstone 3 version Rating: 0 out of 5 stars0 ratingsLinux Device Driver Development Cookbook: Develop custom drivers for your embedded Linux applications Rating: 0 out of 5 stars0 ratingsMicrosoft System Center 2016 Orchestrator Cookbook: Simplify the automation of your administrative tasks Rating: 0 out of 5 stars0 ratingsAlfresco 3 Business Solutions Rating: 0 out of 5 stars0 ratingsHands-On Microservices with C#: Designing a real-world, enterprise-grade microservice ecosystem with the efficiency of C# 7 Rating: 0 out of 5 stars0 ratingsImplementing Azure Solutions Rating: 0 out of 5 stars0 ratingsInvision Power Board : A User Guide Rating: 0 out of 5 stars0 ratingsPowershell Core 6.2 Cookbook: Leverage command-line shell scripting to effectively manage your enterprise environment Rating: 0 out of 5 stars0 ratingsImplementing Cloud Design Patterns for AWS Rating: 0 out of 5 stars0 ratingsDrupal 8 Development Cookbook: Harness the power of Drupal 8 with this practical recipe-based guide Rating: 0 out of 5 stars0 ratingsPyTorch 1.x Reinforcement Learning Cookbook: Over 60 recipes to design, develop, and deploy self-learning AI models using Python Rating: 0 out of 5 stars0 ratingsMastering Cloud Development using Microsoft Azure Rating: 0 out of 5 stars0 ratingsWindows Presentation Foundation Development Cookbook: 100 recipes to build rich desktop client applications on Windows Rating: 0 out of 5 stars0 ratingsAndroid Studio Cookbook Rating: 4 out of 5 stars4/5Learning Windows Server Containers: Build and deploy high-quality portable apps faster Rating: 0 out of 5 stars0 ratingsMastering Embedded Linux Programming - Second Edition Rating: 5 out of 5 stars5/5
System Administration For You
Networking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5Mastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5The Complete Powershell Training for Beginners Rating: 0 out of 5 stars0 ratingsMastering Salesforce CRM Administration Rating: 5 out of 5 stars5/5CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Linux Bible Rating: 0 out of 5 stars0 ratingsPowerShell: A Beginner's Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Linux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsWordpress 2023 A Beginners Guide : Design Your Own Website With WordPress 2023 Rating: 0 out of 5 stars0 ratingsLinux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Linux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5Practical Data Analysis Rating: 4 out of 5 stars4/5Improve your skills with Google Sheets: Professional training Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Linux Commands By Example Rating: 5 out of 5 stars5/5ServiceNow IT Operations Management Rating: 5 out of 5 stars5/5Learn SQL Server Administration in a Month of Lunches Rating: 3 out of 5 stars3/5Mastering ServiceNow - Second Edition Rating: 3 out of 5 stars3/5Learning Microsoft Endpoint Manager: Unified Endpoint Management with Intune and the Enterprise Mobility + Security Suite Rating: 0 out of 5 stars0 ratingsMastering Bash Rating: 5 out of 5 stars5/5Arduino: A Quick-Start Beginner's Guide Rating: 4 out of 5 stars4/5How To Speed Up Computer: Your Step-By-Step Guide To Speeding Up Computer Rating: 0 out of 5 stars0 ratingsLinux: A complete guide to Linux command line for beginners, and how to get started with the Linux operating system! Rating: 0 out of 5 stars0 ratings
Reviews for Microsoft System Center Endpoint Protection Cookbook - Second Edition
0 ratings0 reviews
Book preview
Microsoft System Center Endpoint Protection Cookbook - Second Edition - Nicolai Henriksen
Table of Contents
Microsoft System Center Endpoint Protection Cookbook Second Edition
Credits
About the Author
Acknowledgment
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Planning and Getting Started with System Center Endpoint Protection
Introduction
How does Endpoint Protection in Configuration Manager work
How to do it…
What made Endpoint Protection that good
Planning for the Endpoint Protection
How to do it…
Prerequisites of the infrastructure
Getting ready
How to do it…
How it works…
Best practices for Endpoint Protection in Configuration Manager
How to do it...
Administrating workflow for Endpoint Protection in Configuration Manager
Getting ready
How to do it…
2. Configuring Endpoint Protection in Configuration Manager
Introduction
Configuring Endpoint Protection in Configuration Manager
Getting ready
How to do it…
How it works…
Configuring alerts for Endpoint Protection in Configuration Manager
Getting ready
How to do it…
How it works…
Configuring definition updates for Endpoint Protection in Configuration Manager
Getting ready
How to do it...
How it works…
See also
Provisioning the Endpoint Protection client in a disk image in Configuration Manager
Getting ready
How to do it…
3. Operations and Maintenance for Endpoint Protection in Configuration Manager
Introduction
Creating and deploying antimalware policies for Endpoint Protection in Configuration Manager
How to do it…
Order and combination of policies to be merged
Exclusions
Creating and deploying Windows Firewall policies for Endpoint Protection in Configuration Manager
How to do it…
Monitoring Endpoint Protection in Configuration Manager
How to do it…
4. Updates
Introduction
Understanding Endpoint Protection updates
How to do it…
Working with updates from WSUS
Getting ready
How to do it…
Working with updates from SCCM
How to do it…
What you need to consider and optimize when working with low bandwidth locations
How to do it…
Why and how to use offline updates
How to do it…
5. Security and Privacy for Endpoint Protection in Configuration Manager
Introduction
Security and privacy for Endpoint Protection in Configuration Manager
How to do it…
The Microsoft Security Center
How to do it…
Keeping third-party applications up-to-date
How to do it…
Configuring automatic sample submission
How to do it…
6. Configuring and Troubleshooting Performance and Advanced Protection
Introduction
What you need to consider when running antimalware on your computer
How to do it…
Configuring Endpoint Protection or Defender for Windows 10
How to do it…
Integrating Endpoint Protection with OS Deployment
How to do it…
What you need to consider regarding BitLocker and Endpoint Protection
How to do it…
7. Troubleshooting and Fixing Issues
Introduction
Dealing with Endpoint Protection issues
Getting ready
How to do it…
Solving Endpoint Protection Policy issues
Getting ready
How to do it…
Registry.pol files
Understanding update issues
How to do it…
8. Malware Handling
Introduction
How to handle malware
How to do it…
See also
Responding to infections that often occur
Getting ready
How to do it...
See also
Monitoring infectious outbreaks
How to do it…
Protecting the Windows File Server from known Cryptolocker malware
Index
Microsoft System Center Endpoint Protection Cookbook Second Edition
Microsoft System Center Endpoint Protection Cookbook Second Edition
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the Nicolai Henriksen nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2012
Second edition: December 2016
Production reference: 1151216
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78646-428-6
www.packtpub.com
Credits
Author
Nicolai Henriksen
Reviewer
Ronni Pedersen
Commissioning Editor
Kartikey Pandey
Acquisition Editor
Prachi Bisht
Content Development Editor
Abhishek Jadhav
Technical Editor
Aditya Khadye
Copy Editors
Safis Editing
Dipti Mankame
Project Coordinator
Judie Jose
Proofreader
Safis Editing
Indexer
Pratik Shirodkar
Graphics
Kirk D'Penha
Production Coordinator
Shantanu N. Zagade
Cover Work
Shantanu N. Zagade
About the Author
Nicolai Henriksen works as a chief technical architect consultant presently and lives in Bergen, Norway, with his wife and three children.
He has worked in the information technology consulting business for almost two decades, working and implementing systems in all kinds of various businesses from small to enterprises, mostly with products within the Microsoft family. But he has gained great experience and knowledge about many vendors and products.
Nicolai's educational background started with electronic engineering, and he worked for a while as a technician. That has also been his great interest, besides computers.
He started exploring computers in 1980 as a teenager and somehow then understood the meaning and future perspective that computer science had for the world.
For the past 12 years, he has been dedicatedly working with System Center Configuration Manager in customer projects. Since 2012, Endpoint Protection got integrated into this great product and Nicolai says that by then the amount of companies using this product has increased enormously.
Since 1990, when malware and computer viruses started to evolve, he started helping business to protect their computers with all kinds of antimalware products.
This is the first book Nicolai has written, yet he has done several reviews on System Center books in the past couple of years, and has thought of writing a book for quite some time. It's not unlikely that we will see more books from Nicolai in the future.
Nicolai also speaks in public conferences while he loves to teach and share his knowledge with others. The fact that people are willing to listen and you have burning desire to share without demanding anything back gives a great feeling according to him. He spends some time blogging, Twittering, and answering questions on Technet forums.
In 2012, Nicolai was awarded the Microsoft Most Valuable Professional (MVP), which only a few people in the world have achieved. He then specialized in the popular and great management product called System Center Configuration Manager.
Nicolai has been balancing a life as a family man with intense creativity and passion within computer science for many years.
Acknowledgment
I would like to thank my wife, Kristina, for putting up with my many late night working, and our children, Tuva, Malin, and Olav for being patient and kind to their dad. The love and care from these important persons in my life have been essential for my work and career. And I want to thank Packt Publishing for giving me the opportunity to write this book. I would also like to thank the Microsoft MVP Program and MVP members for all the support and inspiration, and MVP Ronni Pedersen for doing a good job reviewing this book. Finally, I want to thank my mom and dad, Ella and Eigil, for always being there for me.
About the Reviewer
Ronni Pedersen works as a Cloud solution architect, Microsoft Enterprise Mobility MVP, Certified Trainer, event speaker, and author. Today, he works for EG A/S, where he also contributes to the community by writing articles and sharing tips and tricks on http://www.ronnipedersen.com/. In recent years, he has been invited as a speaker at various international conferences and User Groups meetings, such as TechEd, Microsoft Management Summit, Midwest Management Summit, Microsoft Ignite, TechTalks, and the global Microsoft Cloud Roadshow. In 2008, he was one of the cofounders of the Danish System Center User Group.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
eBooks, discount offers, and morehttps://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Instant updates on new Packt books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page.
Preface
System Center Endpoint Protection, or Windows Defender, is a great security product when using System Center Configuration Manager or Microsoft Intune.
Its ability to protect computers in business increases every day, and it continually improves its features to meet today's security risks and attacks.
Because over 75% of all business around the world are now using the popular and great management tool System Center Configuration Manager, Endpoint Protection has also become widespread over that past few years.
In this book, we will explore the main motivation of using the well-known and established System Center Endpoint Protection and Windows Defender. You will gain knowledge about how to set up and configure the products for your organization based on real-life experience and best practices from a field expert and Microsoft Most Valuable Professional. Throughout the book, you will see several best practice tips and recipes for you to use in your daily life as a security administrator.
This book is suitable for everyone who works with computers, but especially useful for IT administrators who work with System Center Configuration Manager, Endpoint Protection, and Intune.
The book will be useful for most kinds of businesses, from small to large, with making decisions, whether they are already using the product or just considering it. And there will be some recipes of value to you even if you are not using Endpoint Protection or Windows Defender.
Either way, reading this book will give you value that you can take with you in the future. Windows Defender comes built in with Windows 10 as well as Windows Server 2016 and you need to decide whether you choose to use it or disable it.
You will also gain deeper knowledge as a System Center Configuration Manager admin of how to handle and administrate the Endpoint Protection role to suite your antimalware admin needs, and also perhaps give you some good tips regarding Configuration Manager.
What this book covers
Chapter 1, Planning and Getting Started with System Center Endpoint Protection, walks you through an easy approach to what you need to consider when planning and designing an System Center Configuration Manner hierarchy with the Endpoint Protection in mind. You will gain knowledge of real-life best practices when setting up SCCM.
Chapter 2, Configuring