Educause Security Discussion mailing list archives

Re: [External] [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP)

From: "Camacaro Latouche, Jose David" <jcamacar () IU EDU>
Date: Mon, 14 Jan 2019 18:44:24 +0000

Welcome to the community, Doug.

 

Those sound like System Center Configuration Manager capabilities, so here is some of my experience:

 

*       Antimalware Policies:

Configure the ‘default’ one with what your organization deems as “baseline” configuration for antimalware on 
Windows-based clients (e.g. scan frequency, exclusions, quarantine, etc.). For additional granularity, configure other 
policies and deploy them to subset of computers (collections) as per business needs. E.g. a subset of computers run XYZ 
software that is often detected as malware, but both the vendor and your security office have vetted it as false 
positive; you can configure a antimalware policy to add the software (executables, extensions and/or file paths) as an 
exception.

 

*       Windows Defender Firewall Policies:

I would recommend to use GPO’s or other means to configure firewalls on your endpoints, as this feature is not fully 
developed, at least not with the granularity GPO’s offer to configure host-based firewalls.

 

*       WDEG:

You can see it as Microsoft’s next evolution of EMET[1]. Very powerful, equally destructive. A good start is 
familiarizing yourself with the documentation [2,3,4,5,6]. It requires excessive testing, before you can complete the 
fine-tune of the restrictions. But if you can invest the resources (man-hours), it is definitely worth the effort. I 
recommend you start with policies in ‘audit mode’, review logs to determine potential blocks that should be allowed on 
your endpoints.

 

*       WDAG:

If MS Edge is the predominant browser in your environment, you should definitely look into this feature, as it can 
bolster  defenses against web-based attacks, by leveraging virtualized components of Windows. However, I would also 
recommend considering the recent news and development about MS Edge [7], as it may impact your long-term 
implementation. Like WDEG, WDAG is also a feature that requires plenty of testing to achieve a fine-tuned policy, one 
which does not cause frustration to your end-users, by blocking benign behavior.

 

I hope this helps.

 

 

Sincerely,

 

Jose Camacaro Latouche

UITS Leveraged Services

Endpoint Management

INDIANA UNIVERSITY

 

Further reading:

[1]: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard

[2]: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard

[3]: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard

[4]: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard

[5]: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard
 

[6]: 
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard

[7]: 
https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#87G3tgMqtzR2wcWZ.97

 

 

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Douglas Stinnette
Sent: Monday, January 14, 2019 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [External] [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP)

 

This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from 
external sources.

Hi there,

 

This is my first post and am asking for insight. 


SCEP supports the following policies for protection.

*       Antimalware Policies
*       Windows Defender FireWall Policies
*       Windows Defender Exploit Guard
*       Windows Defender Application Guard

I'm just now testing deployment of antimalware policies and have started internet research on the others listed above.

 

I would like to know if others have deployed any of the SCEP solution in a managed manner. Also I would like to share 
questions and thoughts about the solution as well.

 

Thanks,

Doug

 

-- 

 

Doug Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933

 

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with 
your password, Social Security number or confidential personal information. For more details visit 
http://go.vcu.edu/phishing or http://phishing.vcu.edu.

Attachment: smime.p7s
Description:

Current thread:

Managed deployment of System Center Endpoint Protection (SCEP) Douglas Stinnette (Jan 14)
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Davis, Michael (Jan 14)
- Re: [External] [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP) Camacaro Latouche, Jose David (Jan 14)
- <Possible follow-ups>
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Douglas Stinnette (Jan 16)
  - Re: Managed deployment of System Center Endpoint Protection (SCEP) Davis, Michael (Jan 17)