When the term Operation Task is used in the context of an AV solution, it generally refers to something such as kicking off a non-scheduled quick or full scan, or perhaps forcing an out-of-band definition update. These are things you would likely be doing in response to malware detection or a malware outbreak.
Having a solid understanding of how these tasks can be accomplished within SCEP will help you to respond quickly to a developing situation.
This recipe has been written in accordance with a scenario in which an administrator is responding to a malware detection alert on a specific PC. For the purposes of this scenario, it is assumed that the administrator's corporate security policy dictates that any PC that has a malware detection alert has to receive an out-of-band definition update and must run a full scan.
To complete this recipe, you will need to be using an account that has at least the SCEP administrator role granted to it.
Follow these steps:
As you can see from this recipe, SCEP's integration with the right-click menu in SCCM 2012 makes most operational tasks a snap to complete. Typically, the hardest part of the procedure is finding the target system in a list of potentially thousands of workstations and servers.
This is mitigated by the built-in search function of the SCCM console; by going to the All Systems collection and searching there, you are guaranteed to find any machine on your network that has an SCCM client. In a large corporate network with tens of thousands of systems, searching the All Systems collection can take a while to return results. If you are certain that the PC you are looking for is a member of smaller sub-collection, it may be less time-consuming to search against the smaller collection.
It's also worth mentioning that the definition source your clients will go to for a new definition is defined in their SCEP policy. For example, if your SCEP policy listed WSUS as the first definition source, then a client that receives the definition update command will go to WSUS for a new definition. Meaning, if WSUS does not have a newer SCEP definition than the client has, nothing will happen. If you are dealing with an outbreak and want clients to have the absolute newest definitions, it is a good idea to perform a manual synchronization of your definition update sources beforehand.
Pushing tasks to multiple systems:
But wait, what if you're getting malware hits from multiple PCs all at the same time and you want all of them to run a full scan with the latest definitions? Well, you're in luck, except for the part where multiple machines on your network are detecting malware; you can select multiple machines in a collection at the same time by using the Shift key, then right-click, and push a SCEP task to all of them at the same time.
A word of caution though, it's probably not a good idea to select a huge number of PCs at the same time to do this. Selecting every computer in the All Systems collection and telling them all to do a full scan would probably result in a Resume Generating Event (RGE), as it would likely bring your network to a screeching halt.
If you are dealing with a major virus outbreak and you want every computer on your network to do a full scan for peace of mind, it's probably a better idea to modify existing SCEP policies to perform a full scan in the near future, rather than waiting for normally scheduled scan time to come around. It takes a little while for policy changes to replicate, but the full scans will run, in a smoother staggered fashion.