Custom Configuration of "System Center Endpoint Protection" for Macs

Many organisations have started using "Microsoft System Center Endpoint Protection (SCEP)" on their macs and replacing other antivirus (like, Symantec, TrendMicro, AVG and others) from it.

If i talk about Microsoft SCEP, it is basically a part of SCCM and it is managed by SCCM itself, it also works fine on macs without any problem and it can be installed on enterprise macs but its has many limitations. So according to me, you should test it, analyze it and check its all limitations and then consider it for your enterprise environment.
I am going to discuss about it in more details below with manual configuration which you can do when you plan to have it in your environment.

How does it look and is it user friendly?
This is the first and easy question comes in our mind, like how does it look and will it be really easy to handle and use. So guys, it has a normal look as we have for all antivirus and yes it is easy to use if you want to do some basic things like, updates schedule, system scans, logs, exclusion and others. It has Advance mode of many options where you can do more as per your need.
Download SCEP Guide for more information about this antivirus. This guide will give you information about each option which is available in SCEP.

Ok, now you know what all it can do but you want to know about all its limitations.
Whenever we choose any antivirus for enterprise, first thing we check that is it manageable or not? Sorry to say this, SCEP is not a managed antivirus for macs but for windows it is managed by SCCM so bad luck for mac administrators.
Even you have to download it separately from Microsoft Volume Licensing Site, it does not come as default with SCCM Windows client package. It will install normally on your mac like any other package does.
When you will download it from Microsoft Volume Licensing Site, you will get the executable file, so don't worry and just run it. It will extract the DMG file on the location which you will suggest at the time of installing the executable file. Mount the DMG file and you will see three things in it as the image below.
Install : It will install "System Center Endpoint Protection" to your mac.
Uninstall : It will uninstall it.
Read Me : It will give you some more information about it.

Till here, you have checked its installation, its information and you have taken its feel now. So now we want to deploy it but before that we need to do some custom configuration as per our environment, like update schedule, system scan time, USB blocking, Admin accesses and others. Whatever changes we make in "System Center Endpoint Protection" AV, they all get saved in a configuration file. Which is saved at [ /Library/Application\ Support/Microsoft/scep/etc/scep.cfg ]. Copy it on your desktop and see about all changes which you have made to the antivirus. It will lock it this.
This is my SCEP configuration file in which i have schedule update and scan task with USB blocking. If you are looking for a deployment of SCEP on all macs in your organization with custom configuration then you have to create a shell script with commands to create a new configuration file after installation of SCEP.

I have created a small script to make these changes in configuration file. You can copy or edit edit as per your requirement.
Script:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
#!/bin/sh

# Admin Users
"/Applications/System Center 2012 Endpoint Protection.app/Contents/MacOS/scep_set" --set='privileged_users = "macadmin:clientadmin"'

# Update and scan schedule
"/Applications/System Center 2012 Endpoint Protection.app/Contents/MacOS/scep_set"  --set='scheduler_tasks = "1;Log maintenance;;0;0 3 * * * *;@logs;5a161317;Daily Update;;0;repeat 240;@update;94e302a3;Quick Scan;;0;0 20 * * * *;@uscan scan_smart:/:-/Network:-/Network/Servers:;"'

# Block USB
"/Applications/System Center 2012 Endpoint Protection.app/Contents/MacOS/scep_set" --section=mac --set='block_media = yes'
"/Applications/System Center 2012 Endpoint Protection.app/Contents/MacOS/scep_set" --section=mac --set='block_media_exceptions = "cdrom"'

# Unload and load SCEP deamon.
launchctl unload -w /Library/LaunchDaemons/com.microsoft.scep_daemon.plist
launchctl load -wF /Library/LaunchDaemons/com.microsoft.scep_daemon.plist

exit 0
It is important to unload and load SCEP daemon otherwise your changes will not take place. Still there are many settings which can not be managed from configuration file. So, these type of changes need to be made manually.

Now you know mainly all things which are available all over internet. As soon as i will get some information about it or any new thing. I will post it on this blog.

3 comments:

  1. Hi,
    Any script to check for the definition version / and infected clients?

    ReplyDelete
  2. Hi,

    Apologize for the late reply. Right now, it has very limited commands which are working. Let me check if it has something as per your requirements or not. If there will be anything related to it. I will post it on my blog.

    ReplyDelete
  3. There is a reason why I bought a Mac, it was not to be one of the cool kids that wanted the best of the best. No it was because of the music production I do on it. Hours and hours sitting in front of my Mac copying, pasting, moving, deleting, hour after hour just beating on my Mac in a endless assault to get my work done. That is the key part, my work. I work from home, it is great, but even if it is from home it is still work and it still needs to get done. So my Mac, I have it because it is fast, gets the job done and comes back for more.
    But what happens when it doesn't want to do those things anymore?
    I move around massive amounts of information and yes even on the almighty Mac this can cause a problem after a while. Things fragment, programs get corrupted issues come up. My light speed Mac slows down to a crawl and all of the sudden I simply can not get any work done. Because I work from home there is no IT guy to call and ask to come fix it. No instead I have to figure out what is wrong. I am lucky, I did, but not after trying everything under the sun first and wasting countless hours looking for one program that can do what I needed instead of ten programs. One program to lead them all….okay that was a lame Lord of the rings reference, but that program was/is Detox My Mac. A simple to use program that did not just fix my issues, it put my Mac on overdrive again. A few clicks and my Mac was clean and ready to rock and roll again.
    Read more here:- http://detox-my-mac.com?duhhf9265hskfhf98346

    ReplyDelete