Solved: How To Perform An Offline Install of System Center Endpoint Protection

Published by Ian Matthews on

In anything but the simplest networks, there will always be a few machines that need Antivirus but do not connect to the domain.  These could be lab machines, dedicated PC’s that run manufacturing equipment, field machines, loaners… So the question of how to install System Center Endpoint Protection on these disconnected machines is a valid one.

Determine the Location of Your Endpoint Install File

  1. In System Center Offline-Install-System-Center-Endpoint-Protection-source-filesConfiguration Manager, expand SOFTWARE LIBRARY > APPLICATION MANAGEMENT, PACKAGES
  2. Right click on the CONFIGURATION MANAGER CLIENT PACKAGE and select PROPERTIES
  3. Click on the DATA SOURCE tab and find your SOURCE FOLDER

Copy Endpoint Protection Installation File

  1. Go to that Source folder (note that you may need to approve your own NTFS permission changes to access that folder)
  2. Copy scepinstall.exe to a folder on your PC (or thumbdrive or…)

Copy the Endpoint Protection Policy File

Here you have a choice to make.  If you want to use the default policy just copy ep_defaultpolicy.xml from the same folder as SCEPINSTALL.EXE.  If you want to apply the same policy you have used on your other machines, you need to export it.  To export your existing customized policy:

  1. In System Center Configuration Manager, expand ASSETS AND COMPLIANCE > OVERVIEW > ENDPOINT PROTECTION > ANTIMALWARE POLICIES
  2. Right click on the policy you wish to apply to your offline machine and select EXPORT
  3. Copy that file to the same location as the SCEPINSTALL.EXE that completed in the step above

Install Endpoint Protection on an Offline Machine

  1. Copy SCEPINSTALL.EXE and your configuration files to the offline machine
  2. Bring up CMD window (be sure to right click and RUN AS ADMINISTRATOR)
  3. Change to the directory that the files are in
  4. Type SCEPInstall.exe /policy C:\<path to files>\ep_defaultpolicy.xml
  5. Wait for the install to complete, reboot and have a nice day

When doing research for this article, I found the following items useful and you might too, if you have questions:

http://www.css-security.com/blog/how-to-perform-a-manual-fep-client-installation

http://larslohmann.blogspot.ca/2014/03/identify-weather-sccm-2012-r2-cu1-has.html

If you are a Microsoft Partner, you can also read THIS thread from our fine friend at MS Partner Support.

 

Categories: System Center
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Simplified-Microsoft-Defender-vs-scep-vs-defender-for-endpoints-vs-defender-for-servers-vs-defender-for-cloud

SOLVED: Simplified Microsoft Defender vs SCEP vs Defender for Endpoints vs Defender for Servers vs Defender for Cloud

The name “Microsoft Defender” has gone from relating to an mediocre integrated antivirus program to being a brand for a large suite of security products. In this article we focus on Microsoft Defender products that Read more…

The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type 11903

SOLVED: The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type. 11903

If you see: The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type. EVENT ID 11903 the problem might be that your SCCM agent can not talk to Read more…

Change WSUS To Download Patches Directly from MS

SOLVED: How to Change WSUS To Download Patches Directly from MS and Not Store Updates Locally

In recent versions of Windows 10, Microsoft has made notable strides in what they call Delivery Optimization.  It is to the point now that, if you configure Delivery Optimization correctly, there is little need to Read more…