LabAnswerKey_Module7_ImplementingEndpointProtectionbyUsingSC2012CM.pdf
-
Upload
maria-pili -
Category
Documents
-
view
12 -
download
1
Transcript of LabAnswerKey_Module7_ImplementingEndpointProtectionbyUsingSC2012CM.pdf
Administering System Center
2012 R2 Configuration Manager
Module 7 – Implementing Endpoint Protection by Using SC 2012 CM
Student Lab Manual
18.0 8.2015
Contents Lab: Implementing Endpoint Protection ....................................................................................................................... 3
Exercise 1: Configuring the Endpoint Protection Point and Client Settings ........................................................ 3
Task 1: Prepar ing the Site for Endpoint Protection Definitions Update .......................................... 3
Task 2: Add Endpoint Protection Point ...................................................................................................... 6
Task 3: Configure Client Settings ........................................................................................................................ 10
Task 4: Install Endpoint Protection on the client machine ................................................................................... 12
Exercise 2: Configuring and Deploying Endpoint Protection Policies ................................................................ 17
Task 1: Create Antimalware Pol icy for servers ...................................................................................... 17
Task 2: Create Antimalware Pol icy for workstations ........................................................................... 22
Task 3: Deploy Antimalware Pol icy to col lections ................................................................................ 25
Task 4: Create ADR for Endpoint Protection Definitions .................................................................... 27
Task 5: Force the Endpoint Protection pol icy on cl ient computer .................................................. 37
Task 6 : Endpoint Protection in Action .................................................................................................... 45
Task 7 : Create and Deploy Windows Firewal l Pol icy ........................................................................... 47
Exercise 3: Monitoring Endpoint Protection ...................................................................................................... 53
Task 1: Configure Alert on Workstations Col lection ............................................................................ 53
Task 2: Monitor ing Endpoint Protection ................................................................................................. 58
Module 7 – Implementing Endpoint Protection by Using
System Center 2012 R2 Configuration Manager
________________________________________________
Student Lab Manual
Virtual Machines
na-dc-01 Domain Controller
na-sccm-01 Configuration Manager
server
na-cli-01 Client Computer
Domain Info
Domain name dnosi.cv
Credentials Administrator / Pa$$w0rd
System Administration Ernândia Lima
Lab: Implementing Endpoint Protection
Exercise 1: Configuring the Endpoint Protection Point and Client Settings
Task 1: Preparing the Site for Endpoint Protection Definit ions Update
1. On the configuration manager server na-sccm-01 login with dnosi\administrator / Pa$$w0rd
2. On the Configuration Manager server,na-sccm-01, right click on Start and click Search
3. Type Configuration Manager and click on Configuration Manager Console
4. On the Configuration Manager Console, click Administration workspace, expand Site Configuration and click Sites. Select NAC-NOSi Academy and in the ribbon click Settings, Configure Site Components and then Software Update Point
5. Click Products tab and select Forefront Endpoint Protection 2010. Click OK.
6. Navigate to Software Library, expand Software Updates, right click on All Software Updates and select Synchronize Software Updates
7. Click Yes
Task 2: Add Endpoint Protection Point
1. On the SCCM Console, click in Administration workspace, expand Site Configuration and click Servers and Site System Roles
2. Click Next
Task 3: Configure Client Settings
1. On the SCCM Console, click in Administration workspace, click Client Settings. Ritgh click on NOSiAcademy Client Device Settings and click Properties
2. Select Endpoint Protection
3. On the left hand click Endpoint Protection and configure the settings like show the picture bellow anc click OK.
Task 4: Install Endpoint Protection on the client machine
1. Logon on the na-cli-01 with dnosi\administrator and Pa$$w0rd
2. From Desktop rithg click Start and select Control Panel
3. Click Configuration Manager
4. Click Actions tab and select Machine Policy Retrieval & Evaluation Cycle and then click Run Now. Click OK
6. Type Endpoint Protection and click System Center Endpoint Protection Note: If the System Center Endpoint Protection icon doesn’t appear in the first time, type multiple times antil appear.
7. There is the first look of the Endpoint Protetion when installed
Exercise 2: Configuring and Deploying Endpoint Protection Policies
Task 1: Create Antimalware Policy for servers
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and right click on Antimalware Policies, select Create Antimalware Policy
2. In the field Name type NOSiAcademy Servers Antimalware Policy and select ALL options
3. Click Scheduled Scans and complete the following information:
a. Scan type: Full Scan
b. Scan day: Thursday
c. Scan time: 10:00PM
d. Run a daily quick scan on client computers: Yes
e. Daily quick schedule time: 9:00PM
f. Check for the latest definition updates before running a scan: Yes
g. Start a schedule scan only when the computer is idle: No
4. Click Scan settings and complete the following information: a. Scan removable storage devices such as USB drive: Yes
b. Scan network drives when running a full scan: Yes
c. Allow Users to configure CPU usage during scans: Yes d. User Control of scheduled scans: Full Control
5. Click Default actions and complete the following information:
a. Severe: Recommended
b. High: Recommended
c. Medium: Remove
d. Low: Quarantine
6. Click Real-time protection, and select Yes near to Allow users on client computers to configure real-time protection settings
7. Click Exclusion settings, click Set near to Excluded files and folders
8. Click OK
9. Click Set near to Excluded file types
10. Type .bat and click Add. Type .bak and click Add. Click OK.
11. Click Advanced and complete the following information:
a. Show notification messages on the client computer when the user need to run a full scan, updates definitions or run windows defender offline: Yes
b. Allow users to configure the settings for quarantined file deletion: Yes
c. Allow users to exclude files and folders, file types and processes: Yes
d. Allow all users to view the full History results: Yes
e. Enable reparse point scanning: Yes
f. Randomize scheduled scan and definition update start times: Yes
12. Click Definition updates and accept the default and click OK
Task 2: Create Antimalware Policy for workstations
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and right click on Antimalware Policies, select Create Antimalware Policy
2. In the field Name type NOSiAcademy Workstations Antimalware Policy and select ALL options
3. Click Scheduled Scans and complete the following information:
a. Scan type: Full Scan
b. Scan day: Thursday
c. Scan time: 12:00PM
d. Run a daily quick scan on client computers: Yes
e. Daily quick schedule time: 12:00PM
f. Check for the latest definition updates before running a scan: Yes
g. Start a schedule scan only when the computer is idle: No
h. Limit CPU usage during scans (%): 30
4. Click Scan settings and complete the following information:
a. Scan email and email attachments: Yes b. Scan removable storage devices such as USB drive: Yes
e. Scan network drives when running a full scan: Yes
5. Click Default actions and complete the following information:
a. Severe: Recommended
b. High: Recommended
c. Medium: Remove
d. Low: Quarantine
6. Click Definition updates change the Check for Endpoint Protection definitions daily at: option to 12:00PM. Click OK.
Task 3: Deploy Antimalware Policy to col lections
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and click on Antimalware Policies. Right click on NOSiAcademy Servers Antimalware Policy and click Deploy
2. Select Servers Collection and click OK
3. Right click on NOSiAcademy Workstations Antimalware Policy and click Deploy
4. Select Workstations Collection and click OK
Task 4: Create ADR for Endpoint Protection Definit ions
1. On the Configuration Manager Console, click Software Library, expand Software Updates, right click Automatic Deployment Rules and select Create Automatic Deployment Rule
2. Type Endpoint Protection Definition Updates in the Name dialog box. Near the
Collection click Browse and select All Systems and click OK and then Next.
3. Accept Default values and click Next
4. Select Product and Update Classification
5. Click <items to find> near Product and select Forefront Endpoint Protection 2010 and click OK
6. Click <items to find> near Product Classification and select Definition Updates and click OK
7. Click Next
8. Click Run the rule on a schedule and click Customize. Click Custom Interval and select
8 Hours on the Recur every dialog box. Click OK and then Next.
9. Select As soon as possible in the Installation Deadline and click Next
10. In the User notifications select Display in Software Center and show all notifications. In the Deadline behavior select Software Installation and click Next
11. Accept default and click Next
12. In the Deployment options select Download software updates from distribution point and install and click Next
13. Select Create a new deployment package and type Endpoint Protection Definition Updates in the name field. In the Package Source type \\na-sccm-01\SourceUpdates\EndpointProtection and click Next
19. Click Close
20. Click Software Library workspace, click Automatic Deployment Rule and right click on Endpoint Protection Definition Updates and select Run Now
Task 5: Force the Endpoint Protection policy on cl ient computer
1. Logon on the na-cli-01 with dnosi\administrator and Pa$$w0rd
2. From Desktop rithg click Start and select Control Panel
3. Click Configuration Manager
4. Click Actions tab and select Machine Policy Retrieval & Evaluation Cycle and then click Run Now. Click OK twice
5. Click Actions tab and select Software Updates Scan Cycle and then click Run Now. Click OK twice
6. Click Actions tab and select Software Updates Deployment Evaluation Cycle and then click Run Now. Click OK twice
8. Type Endpoint Protection and click System Center Endpoint Protection
9. This is the first look of System Center Endpoint Protection
10. From Desktop rithg click Start and select Search
11. Type Software Center anc click Software Center icon
12. Review the endpoint protection definition updates and select all and click Install
Selected
14. Click Settings.
Note: All options that we configure in the EP antimalware workstation policy are displayed in this section.
Task 6 : Endpoint Protection in Action
1. From the client machine na-cli-01, navigate to C:\Files
2. Double click on sample_virus to open it
3. Remove <remove> entry in the begin and in the end of the first line
4. Close the file and click Yes to save the file
5. On the System Center Endpoint Protection, make sure Quick is selected in the Home
page and click Scan now
6. Click Malware Detected
7. Click History, select All Detected Items and then click View Details
Note: Notice that the antimalware was Removed (Action taken)
Task 7 : Create and Deploy Windows F irewall Pol icy
1. On the SCCM console, click Assets and Compliance, expand Endpoint Protection and click on Windows Firewall Policies, in the ribbon click Create Windows Firewall Policy
2. Type in the Name box: NOSiAcademy Windows Firewall Policy and click Next
3. Select Yes in the Enable Windows Firewall - Domain Profile and Notify the user when Windows Firewall blocks a new programs – Domain profile
Exercise 3: Monitoring Endpoint Protection
Task 1: Configure Alert on Workstations Collection
1. On the SCCM console, click Assets and Compliance, click Device Collections and right click on Workstations Collection and select Properties
2. Select View this collection in the Endpoint Protection dashboard and click Add
4. Select Malware outbreak and change the value to 5 near to Percentage of computers with malware detected
5. Select Repeated malware detection and change the value to 24 near to Interval of detection (hours)
6. Select Multiple malware detection and change the value to 4 near to Interval of detection (hours)
7. Click Monitoring workspace, expand Alerts and click All Alerts
Note: All Alerts about Endpoint Protection are listed in this section.
Task 2: Monitoring Endpoint Protection
1. On the SCCM console, click Monitoring workspace, expand Endpoint Protection Status and click System Center 2012 R2 Endpoint Protection
Note: Review the Status of the machines in the Server Collections
2. Near to Collection select Workstations collection
Note: Review the Status of the machines in the Workstations Collection
3. Click Malware Detected
Note: In this section is listed all malware that was detected by Endpoint Protection