Educause Security Discussion mailing list archives

Re: Managed deployment of System Center Endpoint Protection (SCEP)

From: "Davis, Michael" <MichaelDavis () LETU EDU>
Date: Thu, 17 Jan 2019 15:50:59 +0000

Hi Doug,

At LeTourneau we do have cloud protection enabled (what MS used to call MAPS, 
https://cloudblogs.microsoft.com/microsoftsecure/2015/01/14/maps-in-the-cloud-how-can-it-help-your-enterprise/). We 
also have a limited rollout of Windows Defender Exploit Guard Network Protection which similarly helps. Jose, over at 
IU mentioned WDEG in his email to the SECURITY list from this past Monday.

However, I was unable to download the test file linked because we have a SonicWall with Gateway Antivirus that appears 
to have blocked it before it ever made it down to the client :)

Michael A. Davis
Director, Information Security
Director, User Support & Engagement
[w] 903.233.3500 | [f] 903.233.3501
[l] LinkedIn/michaeldavis<http://www.linkedin.com/in/michael-davis-b042b84> | [t] @mdavis332<twitter.com/mdavis332> | 
[s] Skype for Business<sip:michaeldavis () letu edu>

[cid:image001.png@01D4AE4A.25391D60]

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Douglas Stinnette
Sent: Wednesday, January 16, 2019 6:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP)

Hi All,

Have you tested SCEP cloud protection which is enabled in antimalware policies?

If SCEP cloud protection was working correctly you would not have been able to download the file.

In my testing it only worked correctly once. But three other times I was able to download the file.

Please download the test file from here using Chrome and see if Defender detects it.

http://aka.ms/ioavtest<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2Fioavtest&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804202992770&sdata=lzcWvldhZ0tQXOMXvwD5%2BG3pAd3iiiYEO4W%2BHY8nWKo%3D&reserved=0>


Details:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-network-connections-windows-defender-antivirus&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804202992770&sdata=sTp8MPLR2ZpDIAocEwCXu7hJbrp6rgXID%2BroYwEYck0%3D&reserved=0>

Thanks,
Doug

-------- Original Message --------
From: Douglas Stinnette <dstinnet () vcu edu<mailto:dstinnet () vcu edu>>
Date: Mon, January 14, 2019 12:37 PM -0500
To: SECURITY () listserv educause edu<mailto:SECURITY () listserv educause edu>
Subject: Managed deployment of System Center Endpoint Protection (SCEP)
Hi there,

This is my first post and am asking for insight.
SCEP supports the following policies for protection.

  *   Antimalware Policies
  *   Windows Defender FireWall Policies
  *   Windows Defender Exploit Guard
  *   Windows Defender Application Guard
I'm just now testing deployment of antimalware policies and have started internet research on the others listed above.

I would like to know if others have deployed any of the SCEP solution in a managed manner. Also I would like to share 
questions and thoughts about the solution as well.

Thanks,
Doug

--



Doug Stinnette

VCU Technology Services

Endpoint Security Specialist

Virginia Commonwealth University

827-0933



Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with 
your password, Social Security number or confidential personal information. For more details visit 
http://go.vcu.edu/phishing<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.vcu.edu%2Fphishing&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804203002779&sdata=16of9Notb9qUbendK76R7G0S%2FDEPT1epczOP0ITcWI4%3D&reserved=0>
 or 
http://phishing.vcu.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fphishing.vcu.edu&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804203012787&sdata=xkVcjqdm83GGKw8zGUiq%2BtT9FsnEpDtn7%2Bvtmyckk%2Bw%3D&reserved=0>.

Current thread:

Managed deployment of System Center Endpoint Protection (SCEP) Douglas Stinnette (Jan 14)
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Davis, Michael (Jan 14)
- Re: [External] [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP) Camacaro Latouche, Jose David (Jan 14)
- <Possible follow-ups>
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Douglas Stinnette (Jan 16)
  - Re: Managed deployment of System Center Endpoint Protection (SCEP) Davis, Michael (Jan 17)