After uninstalling the client, anti-malware policy settings remain in the version information area of Windows security.
SCCM CB 1902
Windows 10 1903

Setting location:
1. Run ms-settings:windowsdefender
2. Clieck on [Windows Security]
3. Click the "gear mark" in the lower left
4. Click the "Version information"
5. anti-malware policy settings remain

SCEP no longers scans PST files within Outlook 2003 or newer versions. Prior to this it had been working.

As of SCCM 1802 all Windows 10 devices show as managed in the SCCM console for Endpoint protection, even if those devices have another Antivirus product installed such Symantec Endpoint Protection.

While I'm all in favour of not requiring the SCEP client on Windows 10, devices where Windows Defender is disabled because another AV product is installed should not show as managed. This is just confusing and makes it hard to see how many devices are actually managed by SCCM.

Create a report that shows "Top Sources of Attack" that displays the source ip address for malware attacks.

It would be good if we could set different policy configurations for OS Drive, Fix Data Drive & Removable Data Drive.
Currently We are not able to configure only OS Drive only

Endpoint protection client

Would like to be able to use BitLocker Management portals when using non-standard SQL ports. Currently the install script\configuration requires standard ports in order to be able to install.

Scheduled quick scans will not run on a laptop using battery power. Laptops are only plugged in when turned off and stored in charging carts so they NEVER automatically scan. I am trying to manage thousands of laptops in a school system. An option should be available to run the scan even when not plugged in to AC power.

We had to move away from SCEP to a "real" AV product. The main reason was due to the lack of data loss prevention in SCEP. If you added DLP, better reporting, an easy way determine what files had been quarantined and an easy way to restore files I may consider switching back. I just don't feel like SCEP is a full thought out AV solution. Instead it seems to be some afterthought that MS can't figure out what they want to do with. It deserves a dedicated console or at least a dedicated node inside ConfigMgr.

Our security guys find that the OOB reports are not as details as let say Symantec Endpoint Protection Manager. Would love to see out of the box reports. Also, the Collection drop down list on the reports or console in relationship to SCEP does not work well with RBA. I have multiple I.T departments and I set up Collections for each sites for restriction where each site can only see their own collection. When in SCEP, the drop down collection list will show as empty.

I am currently migrating exclusions from MacAfee where they can use drive exclusions. Because we can put something in c:\programfiles\programname or d:\programfiles\programname I have to exclude all paths that someone may put the application into. In MacAfee they can do **\programname\exclusion.

One post in 2015.
2 posts in 2016.
None in 2017.
Last post over 12 months ago.
Not a Blog...

I would like to request for an downloadable link to the latest SCEP Installer. I have a restricted environment that is not managed by config manager. We have SCEP running on over 200k clients, configured by GPO. These machines are deployed using images. To ensure the client is not required to download SCEP+SP1+definition updates, the intent is to pre-load the updated VHD/WIM with the latest version of SCEP, so that the server is not taxed with having to download those updates from WSUS.

We're currently able to allow real time protection in Defender to be managed/disabled. It would be really nice if we could set a max time limit where it would re-enable itself if someone has disabled it.

Bitlocker computer compliance report does not show the C: drive compliance information if there is an extra drive in the machine (D: for example)

With CM 1910 MBAM BitLocker upgrade, MBAM BitLocker Helpdesk portal (BitLocker Administration and Monitoring) is available. "Manage TPM" is list one of available option, however, if you take a close look, it is actually alterative to unlock machine.

It would be nice that "Manage TPM" indeed to have manage TPM actions, select a action and submit to act on the target machine, such as, clear TPM, reset TPM, etc.

The feature can be helpful to force a machine lockout at the next reboot in case there is a need and helpdesk professional can help.

It should be possible to deploy a Microsoft Defender ATP Policy to a User collection, not just a Device collection.

Unhide Endpoint Protection Reports (Default is hidden)
SQL Server Reporting Services > ConfigMgr_Site > Endpoint Protection (Now click Details view top right, select Endpoint Protection again) There is an Endpoint Protection - Hidden folder