Skip to main content

self-study guide for system center endpoint protection

whether you call it forefront endpoint protection (fep) or system center endpoint protection (scep), you might find these resources valuable as a means of getting up to speed. a good friend of mine created this awesome guide. anyway, sharing is caring. here you go...



Top Level Site for SCEP:


Forefront Training

Featured Videos


Microsoft Forefront Virtual Event (TechNet Edge)


Forefront Endpoint Protection 2010 (TechNet)

  • What’s New in FEP 2010 Update Rollup 1
  • Release Notes
  • Overview
  • System Requirements
  • Getting Started
  • Planning and Architecture
  • Performance and Scalability
  • Server Installation
  • Client Deployment
  • Operations
  • Troubleshooting
  • Technical Reference


System Center 2012 Endpoint Protection

  • System Center Endpoint Protection 2012
    • What’s new in Forefront Endpoint Protection 2012?
    • Endpoint Protection (TechNet)
      • System Center 2012 Endpoint Protection Privacy Statement
      • Information and Support for System Center 2012 Endpoint Protection
      • Endpoint Protection Client Help
        • Why do I need antivirus and antispyware software?
        • Getting started
        • Scanning for viruses, spyware, and other potentially unwanted software
        • What’s real-time protection?
        • How do I know that Endpoint Protection is running on my computer?
        • What are virus and spyware definitions?
        • How do I remove or restore items quarantined by Endpoint Protection?
        • What is the Microsoft Active Protection Service Community?
        • Troubleshooting
        • Glossary
  • Endpoint Protection in Configuration Manager
    • Introduction to Endpoint Protection in Configuration Manager
    • Planning for Endpoint Protection in Configuration Manager
    • Configuring Endpoint Protection in Configuration Manager
    • Operations and Maintenance for Endpoint Protection in Configuration Manager
    • Security and Privacy for Endpoint Protection in Configuration Manager
    • Technical Reference for Endpoint Protection in Configuration Manager


Forefront Webcasts/Podcasts

These videos and audios offer Forefront Endpoint Protection tips, news and interviews that you can listen to at your convenience.


Forefront Forums

These forums provide administrators opportunities to engage in discussions related to Forefront Endpoint Protection.  It is a place where questions can be asked/answered, where you can review conversations on relevant topics by other administrators, and where you can interact with other IT professionals.


Forefront Endpoint Protection 2010 Support

On this site, you can search an extensive database for answers to technical issues.  This site allows you to locate relevant Knowledge Base (KB) articles, as well as enabling you to search by events or error codes.



Here, administrators can download both FEP 2010 as well as the FEP 2010 Security Management Pack for use with System Center Operations Manager (SCOM)


Useful Blogs

These blogs are where experts in Forefront technologies post their thoughts, relevant information, news, and general guidance.  They are very useful methods for administrators to remain up to date on the latest information related to Forefront Endpoint Protection.


Forefront Classroom Training

This section lists the various training classes available for Forefront Endpoint Protection.  These classes are available through Microsoft’s training partners.

  • Course 50509A: Implementing Forefront Endpoint Protection 2010 (2-day instructor led)
    • After completing this course, students will be able to:
      • Articulate the value proposition and key features of FEP 2010.
      • Understand the protection technologies built into the FEP client to protect desktops, laptops and servers from malicious code threats.
      • Understand the fundamental concepts of System Center Configuration Manager 2007.
      • Understand the FEP server components and how they are integrated into a System Center Configuration Manager 2007 infrastructure.
      • Understand how to manage FEP client policy and definition updates.
      • Understand the FEP client architecture and how the client can be deployed across an organization.
      • Understand the various options for monitoring, alerting and reporting on the health and malware activity of FEP clients.
      • Understand how FEP can leverage System Center Operations Manager 2007 to provide real-time monitoring of high value endpoints.


Popular posts from this blog

how to retrieve your ip address with powershell...

update: this is how it’s performed in powershell v3 as demonstrated here.(get-netadapter | get-netipaddress | ? addressfamily -eq'IPv4').ipaddress update: this is by far the easiest.PS C:\temp> (gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null }).ipaddress
are you laughing yet?  i know you probably find this topic amusing.  it's really interesting though.  whenever you get over it, i'll do this in the standard cmd.exe interpreter and then in powershell to show you what kind of coolness powershell does.done?  okay, good.  this is an interpretation of a demo that bob wells did at our smug meeting.  hope you like it.i should tell you, it's not as simple as the title would lead you to believe.  i like doing that little slight-of-hand thing since it gives the impression that i'm painting a very easy target on my back for your criticism (though it's probably true in other ways)!  the idea is that we want to retrieve just the ip ad…

understanding the “ad op master is inconsistent” alert

i use the term “understanding” loosely.  this is by far no definitive guide on this particular alert, just a few things i have picked up in my attempt to understand it.let’s look at the context of the alert:The Domain Controller's Op Master is inconsitent. See additional alerts for details.
first of all, it gives very little information.  the only particularly useful detail is that it indicates which server is having the issue.  other than that, just a spelling error as there are no additional critical alerts to look at for details.this rule, as you know, comes from a sealed mp.  therefore, we can’t modify anything in it except the overrides.  the couple i’ve tinkered with are:interval (sec) log success event to begin with, interval (sec) is just set way too high.  the default is 60 seconds.  why on earth would anyone want to know that your op master consistency may be off, every minute?  actually, i could think of a few reasons, but really, it’s overkill.  the way the script works…

sccm: content hash fails to match

back in 2008, I wrote up a little thing about how distribution manager fails to send a package to a distribution point. even though a lot of what I wrote that for was the failure of packages to get delivered to child sites, the result was pretty much the same. when the client tries to run the advertisement with an old package, the result was a failure because of content mismatch.I went through an ordeal recently capturing these exact kinds of failures and corrected quite a number of problems with these packages. the resulting blog post is my effort to capture how these problems were resolved. if nothing else, it's a basic checklist of things you can use.DETECTIONstatus messagestake a look at your status messages. this has to be the easiest way to determine where these problems exist. unfortunately, it requires that a client is already experiencing problems. there are client logs you can examine as well such as cas, but I wasn't even sure I was going to have enough material to …