This article published by elaborates the definition, features, usages, and workflow of the MS System Center Endpoint Protection. It also compares Endpoint Protection with other Windows security tools including Defender Firewall and Security Essentials.

Endpoint Protection manages antimalware policies and Windows Defender Firewall security for client computers in the Configuration Manager hierarchy. Yet, you have to be authorized to make use of Endpoint Protection.

Since Windows 8.1 and earlier computers, the Endpoint Protection client is installed with the Configuration Manager. Starting with Windows 10/11 and Windows Server 2016, Microsoft Defender is installed. For those operating systems (OSes), a management client for Windows Defender is installed together with Configuration Manager.

The System Center Endpoint Protection Antivirus can be installed on a server that runs Hyper-V or on guest virtual machines with supported operating systems. To avoid excessive CPU usage, the SCEP actions have a built-in randomized delay so that the protection services don’t operate simultaneously.

Features of Microsoft System Center Endpoint Protection

Cooperating with Microsoft Windows Defender Antivirus, the Endpoint Protection has below functions.

  • Perform scheduled malware scans (quick scan or full scan).
  • Detect and remediate malware, spyware, and rootkit.
  • Detect network vulnerability via Network Inspection System.
  • Assess critical vulnerability, define automatically, and update engine.
  • Integrate with Cloud Protection Service to report malware to Microsoft. When joining this service, the Endpoint Protection client or Defender Antivirus downloads the latest definition from the Malware Protection Center once unidentified malware is detected.
  • Configure antimalware policies, Windows Firewall settings, as well as manage Windows Defender for Endpoint to chosen groups of computers.
  • Use in-console monitoring, view reports, and send mail notifications to inform administrators when a virus is detected.
  • Rely on Configuration Manager software to download the newest antimalware definition files to keep clients up-to-date.

MS System Center Endpoint Protection update failed

How to Use MS System Center Endpoint Protection?

Generally, there are two ways to make use of Endpoint Protection.

Way 1. Manage Windows Defender Firewall

The Endpoint Protection offers basic management for the Defender on clients. For each network profile, you are able to configure the below settings.

Windows Defender

Endpoint Protection only supports managing the Microsoft Defender Firewall. Learn how to create and deploy Windows Defender policies for Endpoint Protection >>

Way 2. Manage Malware

Endpoint Protection enables you to create antimalware policies that contain settings for client configurations, deploy those policies to clients, and monitor compliance in the Endpoint Protection Status node under Security in the Monitoring part. You can also use Endpoint Protection reports in the Reporting node.

Workflow of System Center Endpoint Protection?

The following will show you how Endpoint Protection works step by step.

Step 1. In the central administration site or a stand-alone primary site, install Endpoint Protection point site system role.

Step 2. Configure warnings and subscribe to alerts.

Step 3. Manage Configuration Manager updates if you’d like to use it as the default method to update definitions on computers. You can configure other optional update sources when you create an antimalware policy.

Step 4. Set up the default antimalware policy, which will be applied to all machines unless you deploy a custom antimalware policy.

Step 5. Configure custom antimalware policies as required and deploy them to collections.

Step 6. Configure and deploy custom client settings for Endpoint Protection. DO NOT configure the default client settings for Endpoint Protection unless you want them to be applied to all computers in the hierarchy.

Step 7. Then, target computers will receive client settings and automatically install Endpoint Protection. If supported, the current antivirus programs will be removed before starting installing Endpoint Protection.

Tip: The Endpoint Protection tool is always installed by Configuration Manager and there is no need to install it separately.

Step 8. Specify and deploy Windows Firewall settings. (optional)

Step 9. Finally, you can monitor and manage Endpoint Protection using the System Center 2012 Endpoint Protection Status node in the Configuration Manager console.


  • System Center 2012 Endpoint Protection Status is just an example. The software version changes and you may use its other versions such as 2012 R2 or 2014.
  • Before installing Endpoint Protection, the computers are protected by the existing antimalware solution. After installation, the computers are guarded by Endpoint Protection.

Endpoint Protection vs Windows Defender vs Security Essentials

Now, let’s compare two similar Microsoft Windows security tools with Endpoint Protection.

Endpoint Protection vs Windows Defender

Microsoft System Center Endpoint Protection and Defender are essentially the same apps with both of them are designed to detect threats. The difference is that you can manage Microsoft Defender by System Center Configuration Manager or Microsoft Intune.

Tip: Windows Defender only protects users from spyware until Windows 8.

System Center Endpoint Protection vs Microsoft Security Essentials

Microsoft Security Essentials (MSE) is an antivirus program (AV) that protects against different types of malicious software like viruses, spyware, rootkits, and trojans. It replaces Windows Live OneCare and Windows Defender.

Microsoft Security Essentials

Designed upon the same scanning engine and virus definitions as other Microsoft antivirus products, Security Essentials provides real-time protection, constant computer activities monitoring, new files scanning when they are created or downloaded, as well as detected threats disabling. Yet, it lacks the centralized management utilities of the Microsoft Forefront Endpoint Protection and OneCare personal firewall.

Protect Your Data with Backups

In general, the above-mentioned security applications are powerful and can protect your computer from online cyberattacks. Yet, some cunning viruses can still pass through the security gateway and get into your machine. Some of them can even pretend to be part of the security programs files.

Once those viruses get into your machine, they will probably damage your data or system and cause great loss. In case of the worst thing happens, you are strongly recommended to back up crucial data before that day comes. Thus, you will need a professional and reliable file backup app like MiniTool ShadowMaker.

MiniTool ShadowMaker TrialClick to Download100%Clean & Safe

MiniTool ShadowMaker allows you to not only back up files/folders, systems, partitions/volumes, hard disks but also create bootable media to boot up your computer once it crashes down due to malware infection.


Let’s go back to the System Center Endpoint Protection. Briefly, it is an antivirus that manages antimalware policies and Windows Defender. It will scan, detect, and remove malware, spyware, or rootkits, as well as monitoring computer activities.

  • linkedin
  • reddit