Endpoint Protection in System Center 2012 SP1 Jason GithensSenior Program Manager LeadMicrosoft Corporation

Microsoft Virtual Academy SP1

System Center 2012 Endpoint Protection Service Pack 1Real time Endpoint Protection operations from console

Simplified Administration

Single administrator experience for simplified endpoint protection and

management

Simplified, 3X delivery of definitions through software updates

Malware-driven operations from the console

Client-side merge of antimalware policies

Integrated optimizations for Windows Embedded clients

New and improved Endpoint Protection client

Real-time Operations• EP operations to

clients in <1 minute• Monitor one-time

operations• Available EP

operations:• Run Definition Updates• Run Quick Scan• Run Full Scan• Allow threats• Exclude paths and/or files• Restore files quarantined by threat

Real-time Administrative Actions

Administrator

“Dial tone”• Active TCP Session

with the MP• Client Checking for

urgent tasks

1

2

In administrative console selects “Run Full Scan” on a collection

“Call is placed”• Client via this TCP

connection is told there are urgent tasks to run

• Client then connects to the MP to get policy

• Client runs the Full Scan Task

4

Client

Task = “Run Full Scan”

• A task is created• MP is told that new

urgent task has been requested

3

Site Server and MP

Malware Driven OperationsAdmin can easily view and take follow up actions on

specific malware by type, and remediation status

Demo

Real time Administrative Actions

Client-side merge• Create granular policies for specific

scenarios and have those merged on the clients

• Removes overhead of redundant policies• Policies still honors relative priority, and

merge when possible (exclusions, for example)

Improved software update integration• Architectural changes to support 3X a day• Category-based scans from clients• Delta synchs between SUP and WSUS

• Architectural changes to simplify SUP setup• Simplify SUP setup (add multiple SUPs as needed, no NLB or active

SUP requirements)• Source top-level SUP from internal WSUS server (removes WU/MU-

based catalog dependency)

Windows Embedded Optimizations• Endpoint Protection client installation can

honor maintenance windows• Endpoint Protection client installation can

install in the overlay, or disable write filters and commit the changes

• Definition update deployments through SUM can commit changes or write in overlay

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.