SCCM 2012 – p.11 - Installazione Endpoint p. 2/2

 
<--------->








E’ importante usare UNC

 


Si vede che non risulta eseguito:

 

Dopo qualche minuto risulterà:

 

Personalizzare il settaggio dei client
N.B. Eseguire tali modifiche solo se siamo sicuri di poterle applicare a tutti i client

Ecco alcune info generiche:

Manage Endpoint Protection client on client computers   
  • Select True if you want to manage existing Endpoint Protection clients on computers in your hierarchy.
  • Select this option if you have already installed the Endpoint Protection client and want to manage it with Configuration Manager.
  • You should also select this option if you want to create a script to uninstall an existing antimalware solution, install the Endpoint Protection client and deploy this script using a Configuration Manager application or package and program.
Install Endpoint Protection client on client computers   
  • Select True to install and enable the Endpoint Protection client on client computers where it is not already installed.
Automatically remove previously installed antimalware software before Endpoint Protection is installed   
  • Select True to uninstall existing antimalware software.
   Note Endpoint Protection uninstalls the following antimalware software only:   

All current Microsoft antimalware products except for Windows InTune and Microsoft Security Essentials
Symantec AntiVirus Corporate Edition version 10
Symantec Endpoint Protection version 11
Symantec Endpoint Protection Small Business Edition version 12
Mcafee VirusScan Enterprise version 8
Trend Micro OfficeScan
Suppress any required computer restart after the Endpoint Protection client installed   
  • Select True to suppress a computer restart if it is required after the Endpoint Protection client installs.
Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)   
  • Specify the number of hours that users can postpone a computer restart if this is required after the Endpoint Protection client installs.
Disable alternate sources (such as Windows Update, Microsoft Windows Server Update Services or UNC shares) for the initial definition update on client computers   
  • Select True if you want to allow only Configuration Manager to install the initial definition update on client computers. This setting can be helpful to avoid unnecessary network connections and reduce network bandwidth during the initial installation of the definition update.


 




Facciamo il deployment di questo nuovo settings:



Configuriamo la policy antimalware:

 





Per lo scarico delle definition facciamo in modo che venga eseguito il controllo ogni due ore. Se il server SCCM non ha accesso ad internet possiamo far in modo che vengano scaricato da una share UNC

 


A questo punto si fa il deployment:

 

In caso di problemi possiamo guardare i log indicati al seguente link:
http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_EPLog
  • EndpointProtectionAgent.log - Records details about the installation of the Endpoint Protection client and the application of antimalware policy to that client.

  • EPCtrlMgr.log - Records details about the synchronization of malware threat information from the Endpoint Protection role server into the Configuration Manager database.

  • EPMgr.log - Monitors the status of the Endpoint Protection site system role.

  • EPSetup.log - Provides information about the installation of the Endpoint Protection site system role.