Auto-create Endpoint Protection policies for System Center

As the title suggests, this post is about automatic creation of and Endpoint Protection policy for System Center servers and clients. It seems odd to me as a consultant that we would make recommendations on antivirus exclusions but each time a new environment is implemented we  would manually create an Endpoint Protection policy. So I’m going to use PowerShell and a template policy to show you how, you can always use to the console too if you prefer.

First of all you may not already know that Configuration Manager supplies us with a bunch of predefined Endpoint Protection policies out of the box. There are policies for various products as you can see from the list, some of the products are a little dated now as they are lifted directly from the days of Forefront Endpoint Protection which I’m guessing you know is essentially the same product. There are 4 policies in there created specifically for System Center Endpoint Protection (SCEP) 3 of which are fairly generic for high security clients, performance optimised and a standard desktop and the fourth being specific to Configuration Manager 2012.

The policies are simply xml files which contain the various best practices for exclusions, scan frequency and scan type etc. They really just contain registry keys and values which will be applied to the client such as in the screenshot below.

imageimage

 

 

 

 

 

 

 

 

So that's what’s in the policy now how to import them? Simple really, you can use the console or PowerShell.

Console

In Configuration Manager navigate your way to Assets and Compliance > Endpoint Protection > Antimalware Policies and right click, choose Import. You can also use the ribbon option if you prefer.

imageimage

Browse to C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates. This is the default path assuming you haven’t changed yours.

Select the policy you want (I’m choosing SQL 2008 in this example) and make any further amendments you might require.

image

Select OK and you’ve imported your policy. You can now set your priority order and deploy it to the collection of your choice.

PowerShell

Using PowerShell will allow you use this as part of an automation process with something like Orchestrator or SMA. We are going to use the “Import-CMAntimalwarePolicy” cmdlet which can be found here on the TechNet library.

First you will need to fire up a PowerShell window with the Configuration Manager module imported. You can do this from the console or a regular PowerShell window and running;

Import-Module “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1”

Now all we have to do is run the following:

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\FEP_Default_SQL2008.xml”

You can also add a –Confirm on the end if you do you want a confirmation prompt, this obviously won’t work well in an automation situation though. That will import the template with everything that is specified in the XML. You can check this in the console or with PowerShell using the Get-CMAntimalwarePolicy cmdlet.

Policies for System Center

Now I did plan to create a policy for each product but after a quick search on the TechNet library I found that this has been done with an amount of success already by Matthias Cecillon here. So using these templates here are the commands that you will need specifically for your System Center products, you should amend the path as required.

Configuration Manager

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\SCEP Server SCCM.xml”

Operations Manager

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\SCEP Server SCOM.xml

Service Manager

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\SCEP Server SCSM.xml”

Virtual Machine Manager

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\SCEP Server SCVMM.xml”

Orchestrator

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\SCEP Server SCO.xml”

Data Protection Manager

Import-CMAntimalwarePolicy  -ImportFilePath “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates\SCEP Server SCDPM.xml”

Useful Links

If you want to know more about Configuration Manager cmdlets go here - http://technet.microsoft.com/en-us/library/jj821831(v=sc.20).aspx
If you want to know more about recommended AV exclusions try here - http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx