To be able to use the Endpoint Protection feature in Configuration Manager 2012 you need to have a Core CAL license and a license for an Endpoint Protection server.

Installing the Endpoint Protection Feature So the first step is to install the Endpoint Protection site role at your CAS or standalone Primary Site.

forefront endpoint protection not updating-78forefront endpoint protection not updating-85forefront endpoint protection not updating-12

If you leave the client, it will eventually have the latest definitions pushed to it by SCCM.

However, I wanted to have protection from installation.

It will remove the Forefront Endpoint Protection 2010 client for sure, since it was on my systems while deploying the new client settings.

Monitoring and Managing the Endpoint Protection Environment You are able to monitor the Endpoint Protection Environment through the reports, dashboards and alerts.

With the release of Configuration Manager 2012 Release Candidate, Microsoft also integrated System Center Endpoint Protection (was Forefront Endpoint Protection) with Configuration Manager 2012.

Very welcome enhancements if you ask me, let’s see how this works.

A special System Center 2012 End Protection Monitoring node is present to monitor the collections to where the Endpoint Protection client is pushed.

In the reporting node several reports are published to report about state of your Endpoint protection environment and clients.

WSUS will now automatically download FEP updates and they’ll be available to FEP clients via the policy.

If you still have issues with the FEP client updating after installation e.g.

To schedule the update of the FEP definition package with the latest definitions follow the instructions under the section “How to Use Definition Update Automation Tool with Task Scheduler”.