共用方式為


What is new about System Center 2012 Endpoint Protection?

"System Center 2012 Endpoint Protection is going to consolidate desktop security and management into a single on-premise solution"

So what's new? It been there ever since FEP 2010 was integrated into SCCM 2007. Is there anything new about it? What is going to change for a business user? These are a few questions which I will try to answer in this post.

First of all it is now called System Center 2012 Endpoint Protection! EP2012 is what I'll call it mostly in this post :)

And some of the key highlights are:

It Builds on Configuration Manager 2012 User Centric Approach

You might have already found that Configuration manager 2012 is bringing the User Centric approach, Unified Infrastructure, User Empowerment, Simple Administration and more. So 2012 Endpoint Protection is also going to take advantage of those benefits. With the User Centric approach, you'll see more information around users rather than just systems. It means that Endpoint protection now helps you to identify users who are more prone to bring malware into the environment and need to be trained on security best practices.

Administrators can control any reboots that might be required after the EP agent installation, upgrade or definition update or can give control to end users to restart they devices conveniently.

Lesser Infrastructure required

  • Another benefit is the lesser infrastructure required to operate Endpoint Protection 2012. In FEP 2010 with SCCM 2007, we still required WSUS to configure auto-approval rules for definition updates, which will be replaced by Automatic Deployment Rules in EP 2012.
  • Policies will be distributed via Configuration Manager policy infrastructure (you might be familiar with Management Point) and now it doesn't require the complexity of packages and programs for this task.
  • The refresh cycle for antimalware and firewall policies will also be controlled by the client's polling interval (60 minutes by default). 
  • EP 2012 has randomization at deadlines, so the load on the infrastructure during Definition Updates, Quick scan or Full Scan there will be reduced. This will also minimize the performance impact in VDI environments.

 More up to date Endpoint Protection Dashboard

  • Any changes on the EP client like definition updates, malware detections will be sent to the server whenever the event happens. Hence the status update is up to date on the Endpoint Protection Dashboard.

 Built-in role for Endpoint Protection Manager

The predefined role lets you easily grant permissions to a new administrator, and makes sure that he does not mess-up with anything else on the console. Compare this with assigning security classes, instances and permissions in SCCM 2007!

 

*Screenshot taken from a Configuration Manager 2012 RC2 installation

Central Policy Creation

For a multi site environment with one Central Administration Site( CAS site ), one will now create and assign policies from the CAS site server itself. Administrator can easily create policy using a template and assign to a collection and control the relative priority among policies.

Control alerts at Collection level

Administrators can apply antimalware settings per collection and can also control alert settings from collection properties. This helps to focus on critical group of machines than getting everything highlighted on the dashboard.

 

*Screenshot taken from a Configuration Manager 2012 RC2 installation

 

Active Dashboard and remediation

  • The Dashboard now includes links to affected collections of machines, so you can see a list of computers affected on console itself (earlier you were forced to go to reports)

*Screenshot taken from a Configuration Manager 2012 RC2 installation

  • Administrator can also force a policy based action from the console itself on the affected group of machines.

 

 *Screenshot taken from a Configuration Manager 2012 RC2 installation

  

So these are some of the highlights of System Center 2012 Endpoint Protection. In my coming posts I will talk about how to setup Endpoint protection using Configuration Manager 2012 RC2, so stay tuned!