SCEP 2012 inside SCCM 2012

3,248 views
2,811 views

Published on

Presented by Kenny Buntinx.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,248
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
160
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

SCEP 2012 inside SCCM 2012

  1. 1. MANAGEMENTANTIMALWAREPLATFORMMicrosoft MalwareProtection CenterDynamic Signature SvcAvailable only in Windows 8EndpointProtectionManagementSoftwareUpdates +SCUPOperating SystemDeploymentSettingsManagementAntimalwareDynamicTranslationBehaviorMonitoringSoftwareDistributionVulnerabilityShieldingWindowsDefenderOfflineInternetExplorerBitLockerAppLockerAddress SpaceLayoutRandomizationDataExecutionPreventionUser AccessControlSecure Bootthrough UEFIWindowsResourceProtectionMeasured BootEarly LaunchAntimalware(ELAM)MDMSoftware UpdatesELAM &MeasuredBootCloud cleanrestore
  2. 2. Real time Endpoint Protection operations from consoleSimplifiedAdministrationSingle administratorexperience for simplifiedendpoint protection andmanagementSimplified, 3X delivery of definitions through software updatesMalware-driven operations from the consoleClient-side merge of antimalware policiesIntegrated optimizations for Windows Embedded clientsNew and improved Endpoint Protection client
  3. 3. PRIMARY SITEHierarchy (Forest1) Hierarchy (Forest2)ClientClientSoftwareUpdate Point 1SoftwareUpdate Point 2SoftwareUpdate Point 3SoftwareUpdate Point 4Client.Forest1 Client.Forest2
  4. 4. Common antimalware platform across Microsoft AM clientsProactive protection against known and unknown threatsReduced complexity while protecting clientsEnhanced ProtectionProtect against known andunknown threats withendpoint inspection atbehavior, application, andnetwork levelsIntegration with UEFI Trusted Boot, early-launch antimalware
  5. 5. Diagnostics andRecoveryToolkitWindowsDefenderOffline
  6. 6. UpdatesEngine andDefinitionsPolicyStatusEventsConfigMgrSamples, Telemetry, DSS
  7. 7. Windows 7 BIOSOS Loader(Malware)3rd Party Drivers(Malware)Anti-MalwareSoftware StartWindows LogonWindows 8 Native UEFIWindows 8OS LoaderAnti-MalwareSoftware Start3rd Party Drivers Windows Logon• Malware is able to boot before Windows and Anti-malware• Malware able to hide and remain undetected• Systems can be compromised before AM starts• Secure Boot loads Anti-Malware early in the boot process• Early Load Anti-Malware (ELAM) driver is specially signed by Microsoft• Windows starts AM software before any 3rd party boot drivers• Malware can no longer bypass AM inspection
  8. 8. Windows 8Windows 7• Measurements of some boot components evaluated as part of boot• Only enabled when BitLocker has been provisioned• Measures all boot components• Measurements are stored in a Trusted Platform Module (TPM)• Remote attestation, if available, can evaluate client state• Enabled when TPM is present. BitLocker not required
  9. 9. Simple interface Minimal, high-leveluser interactionsAdministrative Control User configurability options Central policy enforcement UI Lockdown and disableMaintains high productivity CPU throttling during scans Faster scans throughadvanced cachingMinimal network and clientimpact of definition updates

×