Manage compliance and endpoint protection settings - Managing Enterprise Devices and Apps

Information Technology Reference

In-Depth Information

Policy management

After you deploy antimalware and Windows Firewall policies, you can perform a number of

policy management tasks. Table 4-4 provides a summary of them.

TABLE 4-4 Policy management tasks

Task

Description

Increase priority

If multiple policies are deployed to the same computer, the policies

apply in the order shown in the Order column of the Antimalware Policies

or Windows Firewall Policies results pane. You can use Increase Priority to

increase the priority on a selected policy. This option is available for both

antimalware and Windows Firewall policies.

Decrease priority

Similar to Increase Priority, you can use Decrease Priority to decrease the

priority of a selected policy. This option is available for both antimalware

and Windows Firewall policies.

Merge antimalware policies

This option enables you to merge multiple antimalware policies into a single

policy. During the merge, if any policy conflicts occur they are resolved by

using the most secure option for the conflicting setting.

Perform an on-demand scan

You might need to perform an on-demand scan of a single computer or a

collection of computers outside the scheduled scan. If you select a device

collection, the Endpoint Protection button, when clicked, provides options

to perform a Full Scan or a Quick Scan on all computers within the col-

lection. If you select a specific computer within a collection, you also can

choose to perform a Full Scan or Quick Scan on the selected computer as

required. This creates a Configuration Manager client notification, which

attempts to initiate the scan as soon as possible.

Force computers to download

the latest antimalware defini-

tion files

You can force a download of the latest antimalware definition files by per-

forming the following procedure:

1. Select a device collection or a specific computer within a collection.

2. On the Collection tab, click Endpoint Protection.

3. Click Download Definition to open the Download

Definition dialog box.

4. In the Download Definition dialog box, select a definition update

source: Software Update Deployment or Endpoint Protection Client

Source Order.

5. The Download Definition dialog box provides an

option to randomize client execution of the download task. Config-

ure the randomization period. The randomization period is set to

120 minutes by default.

Set security scopes

For each antimalware policy, you can define a specific security scope. This

enables you to delegate policy management to specific administrative

users. For example, you might specify a policy for workstations and config-

ure another policy for servers. You can assign the workstation policy to a

scope named Workstations, and you can assign the server policy to a scope

named Servers. Then you can assign each scope to appropriate administra-

tive users.

Managing Enterprise Devices and Apps

Search WWH ::

Custom Search

Home