Educause Security Discussion mailing list archives
Re: Managed deployment of System Center Endpoint Protection (SCEP)
From: "Davis, Michael" <MichaelDavis () LETU EDU>
Date: Thu, 17 Jan 2019 15:50:59 +0000
Hi Doug, At LeTourneau we do have cloud protection enabled (what MS used to call MAPS, https://cloudblogs.microsoft.com/microsoftsecure/2015/01/14/maps-in-the-cloud-how-can-it-help-your-enterprise/). We also have a limited rollout of Windows Defender Exploit Guard Network Protection which similarly helps. Jose, over at IU mentioned WDEG in his email to the SECURITY list from this past Monday. However, I was unable to download the test file linked because we have a SonicWall with Gateway Antivirus that appears to have blocked it before it ever made it down to the client :) Michael A. Davis Director, Information Security Director, User Support & Engagement [w] 903.233.3500 | [f] 903.233.3501 [l] LinkedIn/michaeldavis<http://www.linkedin.com/in/michael-davis-b042b84> | [t] @mdavis332<twitter.com/mdavis332> | [s] Skype for Business<sip:michaeldavis () letu edu> [cid:image001.png@01D4AE4A.25391D60] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Douglas Stinnette Sent: Wednesday, January 16, 2019 6:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP) Hi All, Have you tested SCEP cloud protection which is enabled in antimalware policies? If SCEP cloud protection was working correctly you would not have been able to download the file. In my testing it only worked correctly once. But three other times I was able to download the file. Please download the test file from here using Chrome and see if Defender detects it. http://aka.ms/ioavtest<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Faka.ms%2Fioavtest&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804202992770&sdata=lzcWvldhZ0tQXOMXvwD5%2BG3pAd3iiiYEO4W%2BHY8nWKo%3D&reserved=0> Details: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-antivirus%2Fconfigure-network-connections-windows-defender-antivirus&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804202992770&sdata=sTp8MPLR2ZpDIAocEwCXu7hJbrp6rgXID%2BroYwEYck0%3D&reserved=0> Thanks, Doug -------- Original Message -------- From: Douglas Stinnette <dstinnet () vcu edu<mailto:dstinnet () vcu edu>> Date: Mon, January 14, 2019 12:37 PM -0500 To: SECURITY () listserv educause edu<mailto:SECURITY () listserv educause edu> Subject: Managed deployment of System Center Endpoint Protection (SCEP) Hi there, This is my first post and am asking for insight. SCEP supports the following policies for protection. * Antimalware Policies * Windows Defender FireWall Policies * Windows Defender Exploit Guard * Windows Defender Application Guard I'm just now testing deployment of antimalware policies and have started internet research on the others listed above. I would like to know if others have deployed any of the SCEP solution in a managed manner. Also I would like to share questions and thoughts about the solution as well. Thanks, Doug -- Doug Stinnette VCU Technology Services Endpoint Security Specialist Virginia Commonwealth University 827-0933 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://go.vcu.edu/phishing<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.vcu.edu%2Fphishing&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804203002779&sdata=16of9Notb9qUbendK76R7G0S%2FDEPT1epczOP0ITcWI4%3D&reserved=0> or http://phishing.vcu.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fphishing.vcu.edu&data=02%7C01%7Cmichaeldavis%40LETU.EDU%7C9ea839b35f0f482d252408d67c0fb1e5%7C97a5855489f64d5a9806dd0ee085d235%7C1%7C1%7C636832804203012787&sdata=xkVcjqdm83GGKw8zGUiq%2BtT9FsnEpDtn7%2Bvtmyckk%2Bw%3D&reserved=0>.
Current thread:
- Managed deployment of System Center Endpoint Protection (SCEP) Douglas Stinnette (Jan 14)
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Davis, Michael (Jan 14)
- Re: [External] [SECURITY] Managed deployment of System Center Endpoint Protection (SCEP) Camacaro Latouche, Jose David (Jan 14)
- <Possible follow-ups>
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Douglas Stinnette (Jan 16)
- Re: Managed deployment of System Center Endpoint Protection (SCEP) Davis, Michael (Jan 17)