System Center Endpoint Protection Logs Location

Today i am posting the System Center Endpoint Protection Log locations. which is useful to make your day to day task and troubleshooting easy.

Please find given below log location .

Log locations:

  • %allusersprofile%\Microsoft\Microsoft Antimalware\Support—Log files specific for the antimalware service
  • %allusersprofile%\Microsoft\Microsoft Security Client\Support—Log files specific for the SCEP client software
  • %windir%\WindowsUpdate.log—Windows Update log files, which include information about definition updates
  • %windir%\CCM\Logs\EndpointProtectionagent.log – Shows Endpoint version and policies applied
  • %windir%\temp\MpCmdRun.log – Activity when performing scans and signature updates
  • %windir%\temp\MpSigStub.log – Update progress for signature and Engine updates

References:

http://technet.microsoft.com/en-us/library/gg477022.aspx

 

How to configure domain controller in Windows Server

Today in this post we are going to provide you  the step by step guide for how to configure Domain controller in windows server 2012 R2. To configure Domain controller you need a machine with windows server 2012 R2.

What is domain controller ?

A domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within a Windows domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

How we can configure a domain Controller. 

  1. Login with local administrator account.
  2. Open Server Manager and Click on Local Server then click on computer to change name.
  3. Click on Change to change the server name. 
  4. Now change the name of you DC serve as per naming convention and then click on OK.

Endpoint Protection in System Center Configuration Manager

 

-> What is System Center Endpoint Protection in SCCM 2012.
Endpoint Protection in System Center Configuration Manager lets you to manage antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.

Benefits of Endpoint Protection

When System Center 2012 Endpoint Protection is used with Microsoft System Center 2012 Configuration Manager, it provides a comprehensive enterprise management solution that lets you do the following:

  • Centrally deploy and configure the Endpoint Protection client.
  • Configure default and custom antimalware policies that apply to groups of computers.
  • Create and deploy Windows Firewall settings to groups of computers.
  • Use Configuration Manager software updates to automatically download the latest antimalware definition files to keep client computers up-to-date.
  • Control who manages the antimalware policies and Windows Firewall settings by using the Endpoint Protection Manager security role.
  • Use email notifications to alert you when computers report that malware is installed.
  • View summary and detailed information from the Configuration Manager console and reports.

Introduction to Endpoint Protection in Configuration Manager

Endpoint Protection installs its own client in addition to the Configuration Manager client. The Endpoint Protection client has the following capabilities:

  • Malware and Spyware detection and remediation.
  • Rootkit detection and remediation.
  • Critical vulnerability assessment and automatic definition and engine updates.
  • Network vulnerability detection through Network Inspection System.
  • Integration with Microsoft Active Protection Services to report malware to Microsoft. When you join this service, the Endpoint Protection client can download the latest definitions from the Malware Protection Center when unidentified malware is detected on a computer.

Endpoint Protection Workflow

Use the following diagram to help you understand the workflow to implement Endpoint Protection in your Configuration Manager hierarchy.

 

Prerequisites for Endpoint Protection in Configuration Manager

Dependencies External to Configuration Manager

The following table lists the external dependencies for running Endpoint Protection in Configuration Manager.

  1. Windows Server Update Services (WSUS) must be installed and configured for software updates synchronization if you want to use Configuration Manager software updates to deliver definition and engine updates.
  2. Some definition update methods require that client computers have Internet access.
  3. An SMTP server if you want to send email alerts.
  4. Hotfix requirement to deploy Windows Firewall policies.

Prerequisites for Endpoint Protection in Configuration Manager

  • Your standalone primary or central administration site must be running System Center 2012 Configuration Manager and have the Endpoint Protection point site system role installed and configured.

“The Endpoint Protection point site system role must be installed before you can use Endpoint Protection. It must be installed on one site system server only, and it must be installed at the top of the hierarchy on a central administration site or a stand-alone primary site”

  • A software update point site system role must be installed and configured to deliver definition updates if you want to use Configuration Manager software updates to deliver definition and engine updates.
  • Client settings that install the Endpoint Protection client and configure Endpoint Protection.
  • The reporting services point site system role must be installed before Endpoint Protection reports can be displayed.
  • Security permissions to manage Endpoint Protection

How to Configure Endpoint Protection in Configuration Manager

Step 1: Create an Endpoint Protection point site system role.

The Endpoint Protection point site system role must be installed before you can use                         Endpoint Protection. It must be installed on one site system server only, and it must be                     installed at the top of the hierarchy on a central administration site or a stand-alone primary             site.

Step 2 : Configure alerts for Endpoint Protection.

Alerts inform the administrator when specific events have occurred, such as a malware infection. Alerts are displayed in the Alerts node of the Monitoring workspace, or optionally can be emailed to specified users.

Step 3 : Configure definition update sources for Endpoint Protection clients.

Endpoint Protection can be configured to use various sources to download definition updates.

Step 4 : Configure the default antimalware policy and create any custom antimalware policies.

The default antimalware policy is applied when the Endpoint Protection client is installed. Any custom policies you have deployed are applied by default, within 60 minutes of deploying the client. Ensure that you have configured antimalware policies before you deploy the Endpoint Protection client.

Step 5 :  Configure custom client settings for Endpoint Protection.

Use custom client settings to configure Endpoint Protection settings for collections of computers in your hierarchy.

How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager

Potential Unwanted Application (PUA) is a threat classification based on reputation and research-driven identification. Most commonly, these PUA applications are unwanted application bundlers or their bundled applications .

You can protect your users from PUA by deploying an antimalware policy in your Microsoft System Center 2012 Endpoint Protection Configuration Manager. The protection policy setting is disabled by default. If enabled, this feature will block PUA at download and install time. However, you can exclude specific files or folders to meet the specific needs of your environment.