Cumulative Settings are now possible!
In the SCCM 2012 RTM Version it was possible to create different SCEP Policies (Antimalware Policies). Unfortunately, if a client receives more than one of this policies, only the one with the higher priority (1, 2, 3, …) is applied.
In SP1 Beta it’s now cumulative!
I’ve created two test Policies (LAB1 and LAB2)
In the policy LAB1 I’ve excluded the process “Lab1” from scanning
In the policy LAB2 I’ve excluded the process “Lab2” from scanning
Both policies are deployed to the collection LAB. Members of this collection will exclude both processes from scanning, yeaaaahh!
Isn’t it a cool feature? Now it’s really possible to exclude files / folders / file types / processes dynamically!
Example: Create query based collections corresponding to special server roles (a collection for Domain Controllers, one for DNS servers, one for exchange server, one for sccm servers…). Then create different antimalware policies to exclude only the needed files. Deploy the policies to their corresponding collection.
If a domain controller is also sccm server (don’t do that…), he will be automatically a member of two collections and will receive automatically all the exclusions needed for domain controllers and sccm servers…