First you have to install the Endpoint Protection role via the console.
Going back to the first version of Windows Defender and going on today with the most used antivirus product on the market (Which is free) Microsoft Security Essentials.They have included the endpoint protection service with Configmgr 2012.Therefore now you can manage forefront via SCCM console.1: WSUS 2: SCCM3: Microsoft Update 4: Microsoft Malware Protection Center After you are done with the settings Click OK.It might take some time before the policy is updated on the computer.Since in the previous Client Policy all you did was install the scep software on the client. The values you see here are the defaults (So im going to leave it at that ) Next is the Scan settings, this is also default values ( You should change it to scan removavle storage devices ) Now a days many business computers gets infected by an employees usb drive. If SCEP find the signature of a know virus which is under the category of “Severe” the recommend action attatched to that virus is run (Which is most cases is delete/remove) Next is real-time protection, most values here should stay as default.You can also see in the Console under Assets – Antimalware Policies (There you will have a default client policy, which is the only we are going to alter, since this applies to all SCEP agents in the site)You can also choose import a policy, Forefront comes with a bunch of premade policies that Microsoft has created. Next is Exclusion settings (Here you need to figure out, on what computers is this policy going to be deployed?)If you have a Share Point servers, it would need different Exclusion settings from a Terminal Server or Exchange.Next is Advanced, the default values here is also recommended.They have included the endpoint protection service with Configmgr 2012.\u00a0\u00a0 Therefore now you can manage forefront via SCCM console.\n Not sure where Microsoft is headed with this, since if a business wants Forefront they would need to invest in SCCM as well (Even if they don\u2019t need it).\u00a0 On the other hand, Microsoft can now brag about having a system that does everything.(Just a thought)\n When you now install a agent on a computer that resides within that collection, I will get SCEP installed.