How to Manage Antimalware Policies and Firewall Settings for Endpoint Protection in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 R2 Endpoint Protection, System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 Endpoint Protection SP1, System Center 2012 Endpoint Protection, System Center 2012 R2 Configuration Manager SP1
Use the information in this topic to help you manage Endpoint Protection antimalware policies and Windows Firewall policies in Microsoft System Center 2012 Configuration Manager, to perform on-demand scans, to force computers to download the latest available definitions, and to remediate detected malware.
Note
For information about how to create Configuration Manager antimalware policies and Windows Firewall policies, see How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager and How to Create and Deploy Windows Firewall Policies for Endpoint Protection in Configuration Manager.
How to Manage Antimalware Policies
In the Assets and Compliance workspace, expand Endpoint Protection, click Antimalware Policies, select the antimalware policy that you want to manage, and then select a management task.
Use the following table for more information about the management tasks that might require some information before you select them.
Task |
Details |
---|---|
Increase Priority |
If multiple antimalware policies are deployed to the same computer, they are applied in order. Use this option to increase the priority by which the selected antimalware policy is applied. Use the Order column to view the order in which the policies are applied. The antimalware policy that has the highest numbered priority is always applied first. |
Decrease Priority |
If multiple antimalware policies are deployed to the same computer, they are applied in order. Use this option to decrease the priority by which the selected antimalware policy is applied. Use the Order column to view the order in which the policies are applied. |
Merge |
Merges the two selected antimalware policies. In the Merge Policies dialog box, enter a name for the new, merged policy. The Base policy is the antimalware policy that is merged with this new antimalware policy. Note If two settings conflict, the most secure setting is applied to computers. |
Deploy |
Opens the Select Collection dialog box. Select the collection to which you want to deploy the antimalware policy, and then click OK. |
How to Manage Windows Firewall Policies
In the Assets and Compliance workspace, click Endpoint Protection, click Windows Firewall Policies, select the Windows Firewall policy that you want to manage, and then select a management task.
Use the following table for more information about the management tasks that might require some information before you select them.
Task |
Details |
---|---|
Increase Priority |
If multiple Windows Firewall policies are deployed to the same computer, they are applied in order. Use this option to increase the priority by which the selected Windows Firewall policy is applied. Use the Order column to view the order in which the policies are applied. |
Decrease Priority |
If multiple Windows Firewall policies are deployed to the same computer, they are applied in order. Use this option to decrease the priority by which the selected Windows Firewall policy is applied. Use the Order column to view the order in which the policies are applied. |
Deploy |
Opens the Deploy Windows Firewall Policy dialog box from where you can deploy the firewall policy to a specified collection. |
How to Perform an On-demand Scan of Computers
You can perform a scan of a single computer, multiple computers, or a collection of computers in the Configuration Manager console. This scan occurs outside any scheduled scans that you configured. Use the following procedure to perform an on-demand scan.
Important
If any of the computers that you select do not have the Endpoint Protection client installed, the on-demand scan option is unavailable.
To perform an on-demand scan of computers
-
In the Configuration Manager console, click Assets and Compliance.
-
In the Devices or Device Collections node, select the computer or collection of computers that you want to scan.
-
On the Home tab, in the Collection group, click Endpoint Protection, and then click Full Scan or Quick Scan.
The scan will take place when the computer or collection of computers next downloads client policy. To monitor the results from the scan, use the procedures in How to Monitor Endpoint Protection in Configuration Manager.
How to Force Computers to Download the Latest Definition Files
You can force a single computer, multiple computers, or a collection of computers to download the latest definition files from the Configuration Manager console by using the following procedure.
Important
If any of the computers that you select do not have the Endpoint Protection client installed, the Download Definition option is unavailable.
To force computers to download the latest definition files
-
In the Devices or Device Collections node, select the computer or collection of computers for which you want to download definitions.
-
On the Home tab, in the Collection group, click Endpoint Protection, and then click Download Definition. The definition download will take place when the computer or collection of computers next downloads client policy.
Note
Use the System Center 2012 Endpoint Protection Status node in the Monitoring workspace to discover clients that have out-of-date definitions.
How to Remediate Detected Malware
When malware is detected on client computers, this will be displayed in the Malware Detected node under Endpoint Protection Status in the Monitoring workspace of the Configuration Manager console. Select an item from the Malware Detected list, and then use one of the following management tasks to remediate or allow the detected malware:
Task |
Details |
---|---|
Allow this threat |
Creates an antimalware policy to allow the selected malware. The policy is deployed to the All Systems collection and can be monitored in the Client Operations node of the Monitoring workspace. |
Restore files quarantined by this threat |
Opens the Restore quarantined files dialog box where you can select one of the following options:
|
View infected clients |
Displays a list of all clients that were infected by the selected malware. |
Exclude selected files or paths from scan |
When you select this option from the malware details pane, the Exclude files and paths dialog box opens where you can specify the files and folders that you want to exclude from malware scans. |