Hyper-V Hosts have also the requirement to be protected against viruses. There are needed special Endpoint Protection scan exclusions and we just want to assign them to Hyper-V hosts. For that reason we will create a query based collection and then deploy a specific Endpoint Protection policy to this collection.

In #1 will create the query based collection to collect all hyper-v hosts.

In the SCCM 2012 Console go to the wunderbar “Assets and Compliance”

 

Right click on “Device Collections” and choose “Create Device Collection”

 

Name the collection (in this example “Hyper-V Hosts) and click “Browse” to limit the collection based on another collection (new in SCCM2012) –> it’s not possible to create SUB-Collections!

Limit it to “All Desktop and Server Clients” and click OK

Click Next

Define now the membership of this collection. Click on “Add Rule” and choose “Query Rule”

Name the Query (Hyper-V Hosts) and click on “Edit Query Statement”

Choose the tab “Criteria” and click on the “sun” symbol

Choose “Select…”

 

We create the query based on a service which is running just on Hyper-V Hosts.

 

Attribute class: Services

Alias as: <No Alias>

Attribute: Display Name

 

Then click OK

Operator: is equal to

Value: Hyper-V Virtual Machine Management

 

click OK

Click OK

Click OK

We like to update the collection “incremental” so enable the checkbox “Use incremental updates for this collection”

 

Then click “Next”

Click “Next”

Click “Close”

 

Now we have a collection whit all your Hyper-V host in your environment (if they are in your SCCM Boundary!).

In the following blog #2 we will create a specific Endpoint Protection policy (Hyper-V file exclusions) and deploy it to this collection…

 

Kind regards

Chris