Sunday, February 12, 2012

4.0 Configure and Install Antivirus Definition

To be performed by SCCM Administrators and security team


SCCM ASUP Server will be configured to download the antivirus definitions on a daily basis. The Antivirus definitions are downloaded by the ASUP component of the SCCM Server.
In order to configure the ASUP server to download antivirus defintions, log on to the central adminiration site server
  • open the SCCM Console -> Go to Administration -> Sites -> Central Administration Site Server ->Settings -> Configure Site Components -> Software update Point
  • Click on Classifications and select Definition Updates
  • Click on Products and select Forefront EndPOint Protection
  • Click on Sync Schedule and set the synchronization schedule as desired

Once configured, SCCM will sync the patches with Microsoft website and all antivirus definitions will show up under Software Library -> All Software updates


Manage Antivirus Definitions

To be performed by SCCM Administrators and security team
Once the definitions show up in SCCM, the next logical steps include:
  1. Create a grouping of relevant updates. These are referred as Software Update Groups
  2. Download the definitions in SCCM
  3. Deploy the definitions on a target collection
Operationally this entire process will be automated by utilizing the Automatic Deployment Rules feature of SCCM. Ensure the following entities are available before creating an Autotic Deployment Rule:
  1. A common share to deploy the defintions
  2. Target collection to deploy the definitions
Follow the following steps to create Automatic Deployment Rules for SCEP:
  1. On the SCCM Console, go to Software Library -> Automatic Deployment Rule-> Right Click and Click on Create Automatic Deployment Rule
  2. Name the Deployment Rule and link it to an appropriate collection. Ther are two options to select either to add the definitions to existing software update group or to create a new one. Select to create a new software update group so that a new update gets created periodically and the security team can monitor which definition gets deployed when. There is an additional overhead to delete earlier software update groups which can be automated.
  1. Click Next and Select appropriate deployment settings
  2. Click Next and select the Filter for deploying the Antivirus Defintions.
  3. Click Next, and set the Evaluation Schedule. Ensure that the evaluation is scheduled to run after the patches are synced up by the Activue Software update Point e.g. in our case the update sync happens at 10:00am and the evaluation happens at 2:00pm everyday.

  4. Click Next and set the deployment schedule for the definitions. The defintions will be available as soon as possible while the installation deadline will be set to expire 2 hours after the deployment.

  5. Click Next and set the User Experience and Alerts as required
  6. Click Next and set the Download Settings. For the first time that we create the automated rule, a new deployment package can be created a linked to the share where all the definitions should be downloaded.

  7. Click Next and specify the Distribution Points where the defintions should be distributed. In a production environment, a defintion should go to all the DPs in the environment.

  8. Once the rule is set, the definitions will start getting downloaded at the location specified


Other guides:
  1. Setup End Point Protection Server
  2. Configure and Install SCEP Antimalware Policies
  3. Configure and Install Antivirus Definition
  4. Validate SCEP Settings on Client
  5. Configure Alerts in SCEP
  6. Configure and Install SCEP Client Agent

No comments:

Post a Comment