• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SCEP 2012 inside SCCM 2012

SCEP 2012 inside SCCM 2012



Presented by Kenny Buntinx.

Presented by Kenny Buntinx.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    SCEP 2012 inside SCCM 2012 SCEP 2012 inside SCCM 2012 Presentation Transcript

    • MANAGEMENTANTIMALWAREPLATFORMMicrosoft MalwareProtection CenterDynamic Signature SvcAvailable only in Windows 8EndpointProtectionManagementSoftwareUpdates +SCUPOperating SystemDeploymentSettingsManagementAntimalwareDynamicTranslationBehaviorMonitoringSoftwareDistributionVulnerabilityShieldingWindowsDefenderOfflineInternetExplorerBitLockerAppLockerAddress SpaceLayoutRandomizationDataExecutionPreventionUser AccessControlSecure Bootthrough UEFIWindowsResourceProtectionMeasured BootEarly LaunchAntimalware(ELAM)MDMSoftware UpdatesELAM &MeasuredBootCloud cleanrestore
    • Real time Endpoint Protection operations from consoleSimplifiedAdministrationSingle administratorexperience for simplifiedendpoint protection andmanagementSimplified, 3X delivery of definitions through software updatesMalware-driven operations from the consoleClient-side merge of antimalware policiesIntegrated optimizations for Windows Embedded clientsNew and improved Endpoint Protection client
    • PRIMARY SITEHierarchy (Forest1) Hierarchy (Forest2)ClientClientSoftwareUpdate Point 1SoftwareUpdate Point 2SoftwareUpdate Point 3SoftwareUpdate Point 4Client.Forest1 Client.Forest2
    • Common antimalware platform across Microsoft AM clientsProactive protection against known and unknown threatsReduced complexity while protecting clientsEnhanced ProtectionProtect against known andunknown threats withendpoint inspection atbehavior, application, andnetwork levelsIntegration with UEFI Trusted Boot, early-launch antimalware
    • Diagnostics andRecoveryToolkitWindowsDefenderOffline
    • UpdatesEngine andDefinitionsPolicyStatusEventsConfigMgrSamples, Telemetry, DSS
    • Windows 7 BIOSOS Loader(Malware)3rd Party Drivers(Malware)Anti-MalwareSoftware StartWindows LogonWindows 8 Native UEFIWindows 8OS LoaderAnti-MalwareSoftware Start3rd Party Drivers Windows Logon• Malware is able to boot before Windows and Anti-malware• Malware able to hide and remain undetected• Systems can be compromised before AM starts• Secure Boot loads Anti-Malware early in the boot process• Early Load Anti-Malware (ELAM) driver is specially signed by Microsoft• Windows starts AM software before any 3rd party boot drivers• Malware can no longer bypass AM inspection
    • Windows 8Windows 7• Measurements of some boot components evaluated as part of boot• Only enabled when BitLocker has been provisioned• Measures all boot components• Measurements are stored in a Trusted Platform Module (TPM)• Remote attestation, if available, can evaluate client state• Enabled when TPM is present. BitLocker not required
    • Simple interface Minimal, high-leveluser interactionsAdministrative Control User configurability options Central policy enforcement UI Lockdown and disableMaintains high productivity CPU throttling during scans Faster scans throughadvanced cachingMinimal network and clientimpact of definition updates