SCCM 2012 – Endpoint Protection Policy for Hyper-V hosts and deploy to the query based collection (#2)

In the last blog, we created a specific query based collection for hyper-v hosts. Now we will create a Endpoint Protection Policy -with scan exclusions for Hyper-V Hosts – just for this collection.

On the wunderbar in the SCCM 2012 RC1 Console click on “Assets and Compliance”. Open the folder “Endpoint Protection” and right click there on “Create Antimalware Policy”.

clip_image001

Give this policy a name like “Hyper-V Hosts”

clip_image003

On the left side of the windows click “Exclusion settings”, then on the right side behind “Excluded files and folders” on “Set…”

clip_image005

Here we can see, that a few exclusions are set by default – cool Smiley

clip_image006

We need two specific folder exclusions for the hyper-v hosts:

“%PROGRAMDATA%\Microsoft\Windows\Hyper-V”

C:\ClusterStorage

 

Enter the folder and click “Add”

clip_image007

clip_image008

Click “OK”

clip_image009

Additionally we need to exclude two processes. So click behind “Excluded processes” on “Set”…

clip_image010

… and add the following two services:

vmms.exe

vmwp.exe

clip_image011

Click “OK”

clip_image012

Click “OK”

clip_image014

The policy is created so we have to tell the system, who needs this policy! In the last blog we’ve created the dynamic collection to collect the Hyper-V Hosts.

Right click on the newly created Antimalware Policy “Hyper-V Hosts” and choose “Deploy”

clip_image015

Mark the collection “Hyper-V Hosts” and click “OK”

clip_image016

That’ it!

Good luck and kind regards

Chris

Advertisements

2 comments

  1. talmud

    Hi Chris,

    I want to know the Manufacturer and model of laptop , how can i do this in SCCM 2012 and should it be place the laptop on the same network as SCCM .

    Many Thanks,

    • Chris Greuter

      You want to know the model of laptop where? In the task sequence (–> wmi query) or for a collection (–> collection query)? You can have different vlan’s, domains, forests… the client don’t need to be placed in the same network…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s