When using offline files if an item is detected within the cache it gets removes by SCEP using the system account. Offline files sees the file removed from the cache but not by the user so it just downloads it again from the file server. This repeats indefinitely and is only resolved if the file is touched by the user rather than system.

there is problem in windows 10 , the problem is your security . the security problem is " any one can rest your profile without make pin or password " and i have lost my all data from my documents .
and i am the biggest fan of my windows 10 .

In the SCCM Admin Console it would be nice to have shorter names for the column titles. Specifically the Endpoint Protection Definition columns.

I often setup Endpoint Protection Definition Last Version / Last Update Time/ Last Full Scan End Time

These take up a lot of room and require scrolling. It would be nice to abbreviate Endpoint Protection Definition to EP Def.

Have controls where you can block website and pages on all major browsers.

Hello, Dear Team, as we can in enterprises we need more control on the client machines. It will convenient if that control can be accessed in single console of the SCCM. As a endpoint protection we need control startup applications, launching applications(blocking or allowing), control of the removal devices, force removal of potentially exploit apps, even traffic analyzer is needed. Sound like a crazy but really needed features.

Somehow this disappeared in Windows 10 (Possibly 8 as well) it was there in Windows 7.

People who have access to SCCM can perform multiple tasks (i.e. initiate a scan, reboot the host...), but can't unquarantine the detected file for file/malware analysis purposes. Being said, it is good if SCCM has the capability of unquarantining some or all quarantined files, zip them with a password and ships them over to some other location that the SCCM admin defined when setting this feature up. It is also good to allow auto unquarantine functionality (meaning, the process mentioned above automatically after each detection if the SCCM admin wants to)

I like to have the Data from the securitycenter.windows.com (WDATP) with all the new 1709 Defender features back in to the Console, we have the Endpoint Protection status in there, but It would be really nice to have all the exploit data visible in the console in the Monitoring / Security Workspace. also the possibility to Isolate Machines and so on. One Console for anything.

the endpoint protection should have a new malware policy that will allow a central management of the windows defender security center - ransomware protection - allow an app through controlled folder access, allowing the IT admin to add/remove controlled folder access (and maybe give the user access to add extra files whenever required, but allow the IT admin to decide)

at the moment all the AV messages are in ConfigMgr, but if there is an outbreak there is only one way, via mail about alerting in CM, or we can configure StatusMessage rules to start something. Can we have a option to grab that infos to a SIEM like sentinel to get faster response about an outbreak? We need also reporting (very slow) and other mechanism in ConfigMgr that are very slow, but alerts in this case should be faster, like CM-Pivot automation to send some info's directly to a SIEM system, to get more possibility's.

Please provide the applicable windows defender application guard , etc policies in the sccm client properties like you already do for baselines . This makes it much easier for troubleshooting .

Ask change the requirements of Endpoit Protection Point. When we are installing Endpoit Protection Point the Windows Defener service should be started on the server. Because we are using a third-party anti-virus software, even if Windows Defener does not operate as an anti-virus software, we do not want to be configured to coexist multiple anti-virus.

If you're using the SCEP Client on a RDS Server and Malware has been found, every User on this Server gets a Notification from SCEP.

This really confuses many users and increases Service-Desk Calls, if you have Servers with for example more then 20 User Sessions.

Because of this, we currently have no other choice then to hide the User Interface.

It would be great if the Notification are only shown in the Session of the User, which triggered the Alert.

SCEP Marketing and Comparisons to Competition. For years I've been trying to get my account team to help us sell our security teams on the idea of switching to SCEP. To do that, we need material to help us market SCEP as a viable solution. We need to be able to compare features from our current vendor to SCEP. We need an objective look at what we gain versus what we give up if we move from our current solution. Unfortunately, it doesn't seem any of this exists.

Although AM Policies are deployed to Collections just like Custom Client Settings, there isn't a tab to show you deployed AM Policies on collection console views.

Bonus points: Look at Device view and Collection view tabs, and make the names congruent ("Custom Client Settings" vs. "Client Settings")

Super Bonus Points: Resultant Set of Antimalware Polies view which has been suggested elsewhere for a long time (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/10237263-add-a-view-for-resultant-set-of-policy-for-anti-ma
and
https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8398638-policy-resultant-for-scep-policy-like-clients-sett)

Super Extra Bonus Points: Resultant Set of Client Settings and Resultant Set of Antimalware Policies should clearly show what pages were set by what policy. (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/14855388-resultant-set-of-client-settings-should-show-what)

Thanks!

If a directory has an apostrophe in it (for example, C:\Program Files\Malwarebytes' Anti-Malware"), it is not possible to add an exclusion of the directory or a file in the directory as an error dialog states "The path contains one or more of the invalid characters." As it is possible to create a directory with an apostrophe in it, it should be possible to add the directory to the exclusion settings for SCEP.