System Center Endpoint Protection

Microsoft System Center Endpoint Protection (SCEP) is an antivirus and anti-malware tool for Windows. With SCEP you can manage antimalware policies and Windows Firewall settings for multiple computers located throughout your network. The solution is used by many enterprises and educational institutions to protect endpoints from online threats like malware.

SCEP comes integrated with the system management software System Center and offers a client for Windows, Mac, and Linux devices. You can use Microsoft System Center Configuration Manager (SCCM) to manage SCEP.

However, it is worth noting that SCCM was recently updated to Microsoft Endpoint Manager (MEM), but in the interests of simplicity, we’re going to refer to SCCM throughout this article.

How does System Center Endpoint Protection Work?

System Center Endpoint Protection

SCEP works similarly to many other anti-malware solutions, with the ability to monitor computers in real-time and detect malicious software on a device. Types of threats that SCEP can detect include viruses, malware, and spyware that can cause tremendous damage to a device and its data.

When a malicious piece of software attempts to take root on your device, the tool sends you an alert to let you know so that you should take action to minimize the damage. Users also have the option to schedule regular scans to detect new threats periodically. Likewise, you can configure firewall settings for your network to reduce the chance of malicious software from getting in.

It is important to note that SCEP needs the configuration management tool Microsoft System Center Configuration Manager to distribute the SCEP software to push updates to devices throughout the Configuration Manager hierarchy. SCCM has the ability to deploy OS updates to multiple devices.

System Center Endpoint Protection Key Features

SCEP comes with a ton of different features that are useful for centrally managing computers and responding to malware threats. Some of the main features include:

  • Managing and configuring anti-malware policies for computers
  • Performing scheduled malware scans (quick scans and full scans)
  • Deploying Windows firewall policies
  • Downloading anti-malware definition files to update computers with Configuration Manager
  • Issuing email notifications to alert the user when malware is detected
  • Manage Microsoft Defender policies
  • Create anti-malware reports

Managing and Configuring Anti-malware Policies for Computers 

Perhaps the most significant feature included with SCEP is the ability to deploy and manage anti-malware policies for multiple computers. SCEP enables you to deploy anti-malware policies of your choice to computers with the Configuration Manager client. The platform comes with a preconfigured anti-malware policy for computers, but you can customize the settings as required.

Policy settings you can configure include scan schedule, scan type, what files and folders the program will scan, and the remediation actions to be taken if malware is discovered. There are four actions settings you can use:

  • Recommended – Responds with action recommended in the malware definition file.
  • Quarantine – Responds by quarantining the malware, but won’t remove it.
  • Remove – Removes the malware from the device.
  • Allow – Won’t remove or quarantine the malware.

Policy templates allow you to create custom anti-malware policies quickly. While configuring settings is easy, there are plenty of options for the user to determine how to search for threats and how to respond.

Deploy Anti-malware Definition Files 

To ensure that devices stay updated and protected against the latest threats, SCEP can automatically deliver malware definition updates to computers throughout the network. Updating malware definitions will enable the systems to detect new types of malware, which reduces the network’s exposure to new threats.

There are many ways you can distribute anti-malware definitions to devices including Configuration Manager, Windows Server Update Services, Microsoft Update, Microsoft Malware Protection Center, and UNC file shares.

Configure Alerts 

Whenever malware is detected on a computer, SCEP can send the user an email notification to notify them about the malicious content discovered. These alerts can also be viewed through the Endpoint Protection dashboard in the Configuration Manager console. Notifications are very useful because they tell users when a system has been compromised so they can start to resolve the issue.

Types of alerts you can use include malware detection, malware outbreak/percentage of computers with malware detected, repeatedly malware detection, and multiple malware detection. You can also configure alerts to let you know when Endpoint Protection clients are outdated. Alerts on outdated clients help you to make sure that your devices stay up to date so that no new threats slip through the net.

Deploying Windows Firewall Policies 

One of the most useful features included with SCEP is the ability to manage firewall policies and configurations. More specifically, users can determine whether the firewall is turned on, whether incoming connections are permitted to reach client computers, and to decide whether users receive notifications when the firewall blocks a program.

Managing these settings is simple and can be completed through the Windows Firewall Policies section in SCEP. Here the user can create new firewall policies with the Create Windows Firewall Policy Wizard and view a summary of the Windows Firewall Policies list.

Create Anti-malware Reports 

Another important feature included with SCEP is the ability to create reports. There is a range of built-in reports that can be used to report information on the status of endpoints. For example, there is an anti-malware Activity Report that lets you see information such as computers with failed remediations, computers with remediations with pending actions, and total remediations.

When generating the report, you can set start and end dates to determine what time frame you’re going to analyze. Reports increase visibility over the status of your infrastructure and your overall remediation strategy. Reports can be exported as PDFs and shared with other members of your team.

Why are Antivirus/Anti-malware Solutions Important? 

Using anti-virus and anti-malware solutions like SCEP is essential for protecting endpoints from cyberattacks. Scanning endpoints for threats helps you to identify when a device has been compromised. Without anti-malware software, there’s nothing to stop a piece of harmful software from entering a system and staying there.

As cyber threats have become more sophisticated, it’s very easy for an employee’s device to become infected. Even doing something as simple as opening a bogus email attachment can lead to an infection.

If you want to protect your devices against malicious software then using an antivirus or anti-malware tool like SCEP is vital. Regular scanning will enable you to discover when your system has been compromised and take action to prevent loss of data or damage to your hardware.

Advantages of System Center Endpoint Protection 

There are a number of reasons why SCEP remains a useful tool for enterprises. The main reason is the centralized management of anti-malware policies. Having the ability to monitor and manage multiple devices remotely allows you to ensure that the devices your employees rely on each day don’t become compromised.

With automated responses and notifications, the system helps you to considerably decrease the time to resolution of malware infections, resulting in less downtime and disruption.

The software is also easy to manage, with users being able to manage it out of SCCM. It’s also worth mentioning that SCEP has a low rate of false positives, which means you won’t have to spend lots of time chasing down non-existent security threats (although there will still be some false positives from time-to-time).

The solution is also useful for helping you to update malware definitions on computers throughout your environment. Updating malware definitions ensures that your devices can identify new threats without being caught off guard.

Disadvantages of System Center Endpoint Protection 

The most notable disadvantage of SCEP is its detection rate. Compared to other anti-malware providers on the market, the software’s detection rate is lower. So if you want complete coverage against malware threats, there are other alternatives such as McAfee Endpoint Security, which outperform it.

It also offers no protection from zero-day threats, which makes it vulnerable to the latest online cyber-attacks. So if you want protection against zero-day threats it’s advisable to look for another antivirus provider.

Another significant disadvantage of SCEP is the price. To use Endpoint Protection you need to purchase a license for System Center. The Standard Edition costs $1,323 for managing physical servers for two years. This is considerably more expensive than other antivirus solutions.

What’s the Difference Between SCEP and Windows Defender? 

SCEP and Windows Defender are essentially the same application. Each program is designed to detect threats. Like SCEP, Windows Defender can detect malicious software like viruses and spyware. You can manage Windows Defender through System Center Configuration Manager or Microsoft Intune.

Third-Party Endpoint Protection

SCEP isn’t your only choice when considering endpoint protection. There are many system security services that use a strategy of protecting endpoints as the primary method of blocking malware. While installing and maintaining a firewall at the boundary of your network is an essential strategy, the method you use behind that defense is a matter of corporate policy.

Endpoint protection can be carried out on a device-by-device basis, as a coordinated system that uses a cloud-based controller as well as onboard detection software, or as a system-wide software tool.

Some commercial products combine several system protection strategies. For example, Falcon Protect includes an Endpoint Detection and Response (EDR) element, which is installed on each device and operates in a similar way to SCEP. These onboard agents are coordinated and managed by a cloud-based console. The security service is supplemented by system-wide vulnerability scans and port scans on each device. This shows that security strategies can be blended and some vendors are providing combined protection product bundles.

System Center Endpoint Protection: A Solid Enterprise Antivirus 

Configuring antivirus software isn’t a fix-all solution for securing a network but it is certainly a good place to start. While opinions on SCEP differ depending on who you ask, it’s inarguable that the software is a useful anti-malware solution for enterprises, even if it doesn’t have the detection rate of some of its competitors.

If you need a solution for managing malware/firewall configurations and updating malware definitions across multiple devices, then SCEP is worth looking into (particularly if you already use SCCM or MEM).

Carefully configured anti-malware policies and firewall policies will ensure that your network has the basic measures in place to prevent malware from wreaking havoc on the network.

Microsoft SCEP FAQs

What is the difference between Windows Defender and System Center Endpoint Protection?

Windows Defender and System Center Endpoint Protection offer the same service. Both of these packages are anti-malware services.

How do I turn on System Center Endpoint Protection?

The process of activating System Center Endpoint Protection involves setting up an anti-malware policy. To do this:

  1. Open Microsoft System Center Configuration Manager
  2. In the console, click on Assets and Compliance.
  3. Expand Endpoint Protection and click on Antimalware Policies.
  4. Select Default Client Antimalware Policy, switch to the Home tab, go to the Properties group, and click on Properties.
  5. Configure your policy in the Default Antimalware Policy dialog box. Click OK.

How do I turn off Microsoft Endpoint Protection?

You can turn off Microsoft Endpoint Protection without having to remove the facility completely:


  1. Open Microsoft System Center Configuration Manager
  2. In the console, click on Assets and Compliance.
  3. Expand Endpoint Protection and click on Antimalware Policies.
  4. In the Default Client Antimalware Policy window, click on Real-time protection in the left menu.
  5. Look under Specify real-time protection settings and select No for Enable real-time protection. Click OK.