Академический Документы
Профессиональный Документы
Культура Документы
Contents
Lab: Implementing Endpoint Protection ....................................................................................................................... 3
Exercise 1: Configuring the Endpoint Protection Point and Client Settings ........................................................ 3
Task 1: Pr epa r ing the Site for Endpoint Pr otection Definitions Upda te .......................................... 3
Task 2: Add Endpoint Pr otection Point ...................................................................................................... 6
Task 3: Configure Client Settings ........................................................................................................................ 10
Task 4: Install Endpoint Protection on the client machine ................................................................................... 12
Exercise 2: Configuring and Deploying Endpoint Protection Policies ................................................................ 17
Task 1: Cr ea te Antim a lwar e Policy for server s ...................................................................................... 17
Task 2: Cr ea te Antim a lwar e Policy for wor ksta tions ........................................................................... 22
Task 3: Deploy Antima lwar e Policy to collections ................................................................................ 25
Task 4: Cr ea te AD R for Endpoint Pr otection Definitions .................................................................... 27
Task 5: For ce the Endpoint Pr otection policy on client com puter .................................................. 37
Task 6 : Endpoint Pr otection in Action .................................................................................................... 45
Task 7 : Cr ea te a nd Deploy W indows Fir ewa ll Policy ........................................................................... 47
Exercise 3: Monitoring Endpoint Protection ...................................................................................................... 53
Task 1: C onfig ur e Aler t on W or ksta tions C ollection ............................................................................ 53
Task 2: M onitor ing Endpoint Pr otection ................................................................................................. 58
Virtual Machines
na-dc-01
na-sccm-01
na-cli-01
Domain Controller
Configuration Manager
server
Client Computer
Domain Info
Domain name
Credentials
dnosi.cv
Administrator / Pa$$w0rd
System Administration
Ernndia Lima
2. On the Configuration Manager server,na-sccm-01, right click on Start and click Search
5. Click Products tab and select Forefront Endpoint Protection 2010. Click OK.
6. Navigate to Software Library, expand Software Updates, right click on All Software
Updates and select Synchronize Software Updates
7. Click Yes
2. Click Next
6. Click Next
7. Click Next
8. Click Close
1. On the SCCM Console, click in Administration workspace, click Client Settings. Ritgh
click on NOSiAcademy Client Device Settings and click Properties
3. On the left hand click Endpoint Protection and configure the settings like show the
picture bellow anc click OK.
4. Click Actions tab and select Machine Policy Retrieval & Evaluation Cycle and then
click Run Now. Click OK
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and
right click on Antimalware Policies, select Create Antimalware Policy
2. In the field Name type NOSiAcademy Servers Antimalware Policy and select ALL
options
6. Click Real-time protection, and select Yes near to Allow users on client computers to
configure real-time protection settings
7. Click Exclusion settings, click Set near to Excluded files and folders
8. Click OK
10. Type .bat and click Add. Type .bak and click Add. Click OK.
12. Click Definition updates and accept the default and click OK
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and
right click on Antimalware Policies, select Create Antimalware Policy
2. In the field Name type NOSiAcademy Workstations Antimalware Policy and select
ALL options
6. Click Definition updates change the Check for Endpoint Protection definitions daily
at: option to 12:00PM. Click OK.
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and
click on Antimalware Policies. Right click on NOSiAcademy Servers Antimalware
Policy and click Deploy
2. Type Endpoint Protection Definition Updates in the Name dialog box. Near the
Collection click Browse and select All Systems and click OK and then Next.
5. Click <items to find> near Product and select Forefront Endpoint Protection 2010 and
click OK
6. Click <items to find> near Product Classification and select Definition Updates and
click OK
7. Click Next
8. Click Run the rule on a schedule and click Customize. Click Custom Interval and select
8 Hours on the Recur every dialog box. Click OK and then Next.
10.In the User notifications select Display in Software Center and show all notifications.
In the Deadline behavior select Software Installation and click Next
12.In the Deployment options select Download software updates from distribution
point and install and click Next
13.Select Create a new deployment package and type Endpoint Protection Definition
Updates in the name field. In the Package Source type \\na-sccm01\SourceUpdates\EndpointProtection and click Next
14.Click Add and then Distribution Point. Select na-sccm-01.dnosi.cv and click OK
15.Click Next
16.Click Next
17.Click Next
18.Click Next
19.Click Close
20.Click Software Library workspace, click Automatic Deployment Rule and right click on
Endpoint Protection Definition Updates and select Run Now
21.Click OK
4. Click Actions tab and select Machine Policy Retrieval & Evaluation Cycle and then
click Run Now. Click OK twice
5. Click Actions tab and select Software Updates Scan Cycle and then click Run Now.
Click OK twice
6. Click Actions tab and select Software Updates Deployment Evaluation Cycle and then
click Run Now. Click OK twice
12.Review the endpoint protection definition updates and select all and click Install
Selected
13.Open System Center Endpoint Protection again and notice that is now up-to-date.
14.Click Settings.
Note: All options that we configure in the EP antimalware workstation policy are
displayed in this section.
3. Remove <remove> entry in the begin and in the end of the first line
7. Click History, select All Detected Items and then click View Details
Note: Notice that the antimalware was Removed (Action taken)
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and
click on Windows Firewall Policies, in the ribbon click Create Windows Firewall Policy
2. Type in the Name box: NOSiAcademy Windows Firewall Policy and click Next
3. Select Yes in the Enable Windows Firewall - Domain Profile and Notify the user
when Windows Firewall blocks a new programs Domain profile
4. Click Next
5. Click Close
6. Right click on the NOSiAcademy Windows Firewall Policy and click Deploy
1. On the SCCM console, click Assets and Compliance, click Device Collections and right
click on Workstations Collection and select Properties
2. Select View this collection in the Endpoint Protection dashboard and click Add
4. Select Malware outbreak and change the value to 5 near to Percentage of computers
with malware detected
5. Select Repeated malware detection and change the value to 24 near to Interval of
detection (hours)
6. Select Multiple malware detection and change the value to 4 near to Interval of
detection (hours)
4. Expand Reporting, click Reports and type endpoint protection on the Search box and
click Search
6. On the Collection Name click Values and select Workstations Collection. Click OK.