System Center Endpoint Protection For Mac

• Microsoft System Center Endpoint Protection For Mac
• System Center Endpoint Protection Client

The following information describes the supported versions of System Center 2012 Configuration Manager SP1 and System Center 2012 Endpoint Protection SP1 running on various Macintosh and Linux/UNIX operating systems. System Center 2012 Configuration Manager SP1 For Mac-based clients. Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of MDATP for Mac EDR functionality after configuring.

I thought I was done with SCEP (see parts 1, 2 and 3) but whilst undertaking an exercise looking into using SCEP on some Linux servers (and specifically looking at how it can provide reporting data to SCOM via a Management Pack), I inadvertently came across a little-documented command line argument for one of its binaries, scep_daemon.

• For Windows 7 systems, the Endpoint Protection Downloads page offers a link to Microsoft Security Essentials, though it is important to note that Windows 7 is End of Life as of January 14, 2020. Johns Hopkins faculty, staff, and students may use Microsoft Defender at no cost on computers owned by the University or Health System as long as they.
• Microsoft System Center 2012 Endpoint Protection follows the Fixed Lifecycle Policy. This applies to the following editions: for Mac. Listing Start Date Mainstream End Date Extended End Date; Microsoft System Center 2012 Endpoint Protection:::.

The documentation for the Linux SCEP SCOM Management Pack (what a mouthful!) vaguely alluded to feeding data to SCOM via a –status argument. This argument isn't mentioned anywhere else in SCEP's Linux documentation, nor listed when you invoke scep_daemon –help on either platform.

The Linux version of SCEP is also a rebranded version of ESET, just like its macOS counterpart and the above scep_daemon binary is also present in that version, so I thought I'd experiment in macOS…

There is a brief mention in the macOS documentation on the installer ISO, but the path to the binary is wrong (it says /Applications/.scep/scep_daemon). The scep_daemon binary is actually here:

But we'll refer to it as scep_daemon from now on (just to keep my examples shorter and sweeter).

Running the macOS scep_daemon binary with the –status argument surprisingly yields the following:

The results pretty much speak for themselves in terms of what they mean and you can easily scrape them to get individual snippets.

For example, to get the status of the Real Time Protection (on access) scanning engine:

This will return 'Enabled' or 'Disabled'. You could easily spin this into an Extension Attribute for Jamf Pro, for example:

Microsoft System Center Endpoint Protection For Mac

You could report on it with an Advanced Search or even use it as the criteria for a Smart Group, creating a remediation policy that runs a script to re-enable protection if it's disabled. We just need a little help from our old friend, scep_set, for example (see part 1 for a more thorough overview of using it):

I thought I was done with SCEP (see parts 1, 2 and 3) but whilst undertaking an exercise looking into using SCEP on some Linux servers (and specifically looking at how it can provide reporting data to SCOM via a Management Pack), I inadvertently came across a little-documented command line argument for one of its binaries, scep_daemon.

• For Windows 7 systems, the Endpoint Protection Downloads page offers a link to Microsoft Security Essentials, though it is important to note that Windows 7 is End of Life as of January 14, 2020. Johns Hopkins faculty, staff, and students may use Microsoft Defender at no cost on computers owned by the University or Health System as long as they.
• Microsoft System Center 2012 Endpoint Protection follows the Fixed Lifecycle Policy. This applies to the following editions: for Mac. Listing Start Date Mainstream End Date Extended End Date; Microsoft System Center 2012 Endpoint Protection:::.

The documentation for the Linux SCEP SCOM Management Pack (what a mouthful!) vaguely alluded to feeding data to SCOM via a –status argument. This argument isn't mentioned anywhere else in SCEP's Linux documentation, nor listed when you invoke scep_daemon –help on either platform.

The Linux version of SCEP is also a rebranded version of ESET, just like its macOS counterpart and the above scep_daemon binary is also present in that version, so I thought I'd experiment in macOS…

There is a brief mention in the macOS documentation on the installer ISO, but the path to the binary is wrong (it says /Applications/.scep/scep_daemon). The scep_daemon binary is actually here:

But we'll refer to it as scep_daemon from now on (just to keep my examples shorter and sweeter).

Running the macOS scep_daemon binary with the –status argument surprisingly yields the following:

The results pretty much speak for themselves in terms of what they mean and you can easily scrape them to get individual snippets.

For example, to get the status of the Real Time Protection (on access) scanning engine:

This will return 'Enabled' or 'Disabled'. You could easily spin this into an Extension Attribute for Jamf Pro, for example:

Microsoft System Center Endpoint Protection For Mac

You could report on it with an Advanced Search or even use it as the criteria for a Smart Group, creating a remediation policy that runs a script to re-enable protection if it's disabled. We just need a little help from our old friend, scep_set, for example (see part 1 for a more thorough overview of using it):

System Center Endpoint Protection Client

As a bonus, if you've ever ran scheduled or ad-hoc on demand scans, scep_daemon –status will report extra results including the type of scans run (Quick Scan and Deep Scan), the directory path they were targeted to, when they were last run and if they were interrupted, for example: