heres how to get the updates from an UNC share http://www.niallbrady.com/2013/02/22/how-can-i-deploy-system-center-2012-endpoint-protection-definition-updates-from-a-unc-file-shares/
On Fri, Mar 28, 2014 at 7:58 AM, Jason Wallace <[email protected]> wrote: > Of course if you choose to deploy and manage SCEP outside of ConfigMgr > then you will lose the ability to actively manage the clients and to be > centrally alerted and reporting. > > You can however craft something which looks like a bit like a back-channel > report by having a script on the client associated with event log activity > which, for example fires when SCEP scans, downloads definitions or detects > and writes it back to a log file, then triggers software inventory to > return either the file or it's metadata back to SCCM > > On 27 Mar 2014, at 21:30, "Chad Beard" <[email protected]> wrote: > > Thanks Trevor that clears it up for me. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Trevor Sullivan > *Sent:* Friday, 28 March 2014 5:55 AM > *To:* [email protected] > *Subject:* RE: [mssms] Endpoint Protection > > > > The System Center Endpoint Protection (SCEP) client runs distinctly from > the Configuration Manager client agent. > > > > If you disable the Configuration Manager client agent's "Software Update > client agent" then the SCEP client should still be able to retrieve > definitions from the WSUS server. I am assuming that you are configuring > the WSUS server through Active Directory Group Policy? Configuration > Manager is more of just a vehicle to deploy and configure the SCEP client. > SCEP isn't a component of the Configuration Manager client agent > (ccmexec.exe), like the other components are (eg. Software Updates, > Software Distribution, Compliance Settings, et al.). > > > > Think of it this way: > > > > 1. The ConfigMgr client agent is configuring SCEP to use WSUS > (based on policy from the Management Point) > > 2. The built-in Windows Update Agent (WUA) service talks directly > to WSUS (ConfigMgr SUP) > > 3. If the WUA service is enabled, and pointed to a valid WSUS > instance (via GPO), the SCEP client should be able to retrieve definition > updates > > > > Hope that is helpful (but I haven't tested this scenario either). > > > > Cheers, > > Trevor Sullivan > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Chad Beard > *Sent:* Wednesday, March 26, 2014 6:32 PM > *To:* [email protected] > *Subject:* RE: [mssms] Endpoint Protection > > > > Thanks. I guess I'm just wondering more so that can they still get the > updates from WSUS with the Software Update Agent turned off? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Schwan, Phil > *Sent:* Thursday, 27 March 2014 10:00 AM > *To:* [email protected] > *Subject:* RE: [mssms] Endpoint Protection > > > > Yes, and you can actually configure multiple different sources for where > the clients go to get their updates, including directly from Microsoft: > > > > <image001.png> > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jason Wallace > *Sent:* Wednesday, March 26, 2014 6:12 PM > *To:* [email protected] > *Subject:* Re: [mssms] Endpoint Protection > > > > Client settings allow you to pull updates from a file share > > > > > > > On 26 Mar 2014, at 22:04, "Chad Beard" <[email protected]> wrote: > > Hi, > > > > Does the software updates agent have to be enabled on a client for them to > receive definition updates? > > > > We don't currently use ConfigMgr for Critical/Security patches however we > are using it for Endpoint protection. > > > > The reason I ask is because I get errors in the logs with software update > scans failing because the clients are pointing via GPO to a different WSUS > to do the updating. > > > > Thanks > > > > <image001.png> > > > *Chad Beard | Infrastructure Support Officer | Technology & Infrastructure > Australian Rail Track Corporation | PO Box 10343, Gouger Street, Adelaide > SA 5000* > * *[email protected] <[email protected]>* (*Direct Phone - (08) 8230 > 5155 <%2808%29%208230%205155>* 2 *Mobile - 0434 076 370* > > > > *To ensure you receive the best customer service, my manager **Mark > Crouch* > *- Enterprise Technology Manager, can also be contacted on (08) 8230 5444 > <%2808%29%208230%205444> or **[email protected] > <[email protected]>* > > > > > *The information in this email and any attachments to it is confidential > and unless you are the intended recipient, you are not authorised to > disseminate, copy, retain or rely on the whole or any part of this > communication. If you have received this communication in error please > notify ARTC on +618 8 8217 4366. While we have taken various steps to alert > us to the presence of computer viruses we do not guarantee that this > communication is virus free and we recommend you perform the necessary > tests before opening.* > > > > > > <image002.jpg> <http://www.betterforbusiness.com.au> > > > ------------------------------ > > > PRIVILEGED AND CONFIDENTIAL. This email and any files transmitted with it > are privileged and confidential and intended solely for the use of the > individual or entity to whom they are addressed. If you have received this > email in error please notify the sender. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail or any of its > attachments. > > > > > > > > > > >
