Deploying Endpoint Protection Updates Offline … 15, 2014 · prajwaldesai.com …

prajwaldesai.com http://prajwaldesai.com/deploying-endpoint-protection-updates-offline-using-sccm-2012-r2/

Prajwal Desai

Deploying Endpoint Protection Updates Offline Using SCCM 2012 R2

Deploying Endpoint Protection Updates Offline Using SCCM 2012 R2 – In this post we will look at the steps for Deploying Endpoint Protection Updates Offline Using SCCM 2012 R2. We know that with Endpoint Protection in Microsoft System Center 2012 Configuration Manager, you can use any of several available methods mentioned below to keep antimalware definitions up to date on client computers in your hierarchy. To update antimalware definitions, you can use one or more of the following methods:

Updates distributed from Configuration Manager – This method uses Configuration Manager software updates to deliver definition and engine updates to computers in your hierarchy.

Updates distributed from Windows Server Update Services (WSUS) – This method uses your WSUS infrastructure to deliver definition and engine updates to computers.

Updates distributed from Microsoft Update – This method allows computers to connect directly to Microsoft Update in order to download definition and engine updates. This method can be useful for computers that are not often connected to the business network.

Updates distributed from Microsoft Malware Protection Center – This method will download definition updates from the Microsoft Malware Protection Center.

Updates from UNC file shares – With this method, you can save the latest definition and engine updates to a share on the network. Clients can then access the network to install the updates.

I will not be covering the installation and configuration of Endpoint Protection role. If you are looking for the Endpoint Protection role deployment then please check the below links.

Installing And Configuring Endpoint Protection Role In SCCM 2012 R2 SCCM 2012 R2 Step by Step Guides

In this post we will download the Antivirus and Antispyware updates for Endpoint Protection from Malware Protection Center and deploy it using SCCM 2012 R2. Antivirus and Antispyware updates for Endpoint Protection are available for 32 bit and 64 bit versions. Depending upon the OS version (32 / 64 bit) download the update file, the update file will have either of these names mpam-fe.exe, mpas-fe.exe, or mpam-feX64.exe.

In this post we will be deploying Endpoint Protection updates offline using SCCM 2012 R2 for a Windows 7 computers device collection. So I have downloaded the update file mpam-feX64.exe and the update file is copied to a shared folder on SCCM server.

of 18Deploying Endpoint Protection Updates Offline Using SCCM 2012 R2PrajwalDesai.Com

4/15/2014http://prajwaldesai.com/deploying-endpoint-protection-updates-offline-using-sccm-2012-r2/

Let’s take a look at one of the computer which is installed with Endpoint Protection client. Note that the antivirus updates are not yet deployed so the PC status shows At Risk and is RED color.



In the Configuration Manager console, click Software Library, expand Application Management, right click Packages and click Create Package.



Specify details about the package. Choose the Source Folder where the update file is located and click Next.



Select the Program Type as Standard Program and click Next.



Specify information for the standard program, specify the command line as mpam-fex64 -q. Click Next

-q switch installs the definition update in quiet mode. Quiet mode suppresses the file extraction dialog box.



You may choose to specify the requirements for the program or you can leave it unchanged. Click Next.



Click Close.



Before you deploy the package distribute the content to the DP. To deploy the package, right click the package and click Deploy.



Choose the device collection to which you want to deploy the update package. Click Next.

of 18Deploying Endpoint Protection Updates Offline Using SCCM 2012 R2PrajwalDesai.C...


Set the Purpose as Required and click Next.



To schedule the deployment of the package click on New and schedule it to specific time or you can choose to make it available as soon as possible. Click Next.



Leave the options unchanged here and click Next.



Click Next.



We have deployed the update package to the device collection. Click Close.



After sometime we see the update package is downloaded and installed on the client machine. We now see that PC status as Protected and it is GREEN color.



If the updates don’t get installed or if you want to know whether the package has been download to client machine or not, look for log file named execmgr.log located in client machine under C:\Windows\CCM\Logs folder path.



Deploying Endpoint Protection Updates Offline … 15, 2014 · prajwaldesai.com …

Documents

Transcript of Deploying Endpoint Protection Updates Offline … 15, 2014 · prajwaldesai.com …