wilbywilson Posted April 7, 2014 Report post Posted April 7, 2014 I've been following the SCCM 2012 deployment guides posted on this site, and have a few questions about optimal configuration of the Endpoint Protection piece. Specifically with the Automatic Deployment Rules. I created a few of these ADRs in SCCM 2012 R2 CU1(one per SCCM collection that will be targeted for Endpoint Protection, per the guide's suggestion), but I'm curious about the resultant package and distribution behavior. 1) Each ADR is pointing to the same Endpoint Deployment Package. So what exactly happens when the next scheduled ADR runs? Is the package re-created and re-distributed for each of the 3 ADRs? I certainly don't want to stress my SCCM and network infrastructure. It almost seems like a single ADR makes more sense, but I'm not sure if that would work, since these ADRs target specific collections. I guess I'm looking for best recommended practice, without crushing my network with a constant flood of rule deployments and package pushes. (Right this second, all 3 of my EndPoint Protection ADRs are scheduled to run at exactly the same time. Not sure what the resultant behavior will be, since I just configured this today. I didn't necessarily want these Endpoint Protection ADRs running at different times, and stepping all over each other trying to recreate and redistribute the same exact package.) 2) Speaking of distribution, my initial Endpoint Protection deployment package (I filtered for just "Forefront Protection 2010" and "Definition Updates") was 263MB! Is that normal? I've got to send this out to a number of distribution points, and that just seems overly large for anti-virus definition updates. 3) What happens when the ADR runs the next time, and the package gets a new definition update added to it? Will the entire package try to re-distribute itself? Or will only new content get distributed out? Again, I'm concerned about network bandwidth. 4) Lastly, when configuring the antimalware policies, on the "definition updates source" options, there are 4 things listed. I'm curious about the difference between "Microsoft Update" and "Microsoft Malware Protection Center." I want to enable my laptop antimalware policy to allow updates from Microsoft, but I'm not sure which one of those 2 choices is best. Thanks for any advice on these questions. Quote Share this post Link to post Share on other sites More sharing options...
