SCCM 2012 – Endpoint Protection Policy for Hyper-V hosts and deploy to the query based collection (#2)
In the last blog, we created a specific query based collection for hyper-v hosts. Now we will create a Endpoint Protection Policy -with scan exclusions for Hyper-V Hosts – just for this collection.
On the wunderbar in the SCCM 2012 RC1 Console click on “Assets and Compliance”. Open the folder “Endpoint Protection” and right click there on “Create Antimalware Policy”.
Give this policy a name like “Hyper-V Hosts”
On the left side of the windows click “Exclusion settings”, then on the right side behind “Excluded files and folders” on “Set…”
Here we can see, that a few exclusions are set by default – cool 
We need two specific folder exclusions for the hyper-v hosts:
“%PROGRAMDATA%\Microsoft\Windows\Hyper-V”
C:\ClusterStorage
Enter the folder and click “Add”
Click “OK”
Additionally we need to exclude two processes. So click behind “Excluded processes” on “Set”…
… and add the following two services:
vmms.exe
vmwp.exe
Click “OK”
Click “OK”
The policy is created so we have to tell the system, who needs this policy! In the last blog we’ve created the dynamic collection to collect the Hyper-V Hosts.
Right click on the newly created Antimalware Policy “Hyper-V Hosts” and choose “Deploy”
Mark the collection “Hyper-V Hosts” and click “OK”
That’ it!
Good luck and kind regards
Chris
Hi Chris,
I want to know the Manufacturer and model of laptop , how can i do this in SCCM 2012 and should it be place the laptop on the same network as SCCM .
Many Thanks,
You want to know the model of laptop where? In the task sequence (–> wmi query) or for a collection (–> collection query)? You can have different vlan’s, domains, forests… the client don’t need to be placed in the same network…