With the previous version of SCEP (Forefront Endpoint Protection 2010), many organizations opted to install the FEP 2010 Security Management Pack for SCOM, because it added the ability to have real-time reporting. As SCEP has the real-time reporting capabilities natively, this is not as necessary with the current version.
However, there could be other motivating factors that would cause an organization to still choose to install the newly updated System Center Security Monitoring Pack for Endpoint Protection, such as the way monitoring responsibilities have been allocated in your organization, or you may be using an SEM appliance, which connects to SCOM and want to have virus alerts filter up into the SEM.
In order to install the System Center Security Monitoring Pack for Endpoint Protection, you will need to use an account with administrator access to SCOM. You will also need to download the management pack, which is available at the following URL:
http://www.microsoft.com/en-us/download/details.aspx?id=9754
Now, follow these steps:
- Begin by logging into your SCOM management server and unpacking the MSI, which you downloaded from Microsoft's website. To do so, double-click on
fep2010 security mp.msiand agree to EULA. Do not worry that the management pack we just downloaded has FEP in the title; this MP works for SCEP as well. Refer to the following screenshot:
- Next, select a destination path for the files to unpack to. Whether you stick with the default or choose your own location is up to you. Either way make sure to copy the path, as you will need it in a later step. Refer to the following screenshot:
- Now just click on the Install button and wait for the task to complete, as shown in the following screenshot:
- Now you will need to open the SCOM management console, and select the Administration tab. Locate the Management Packs object and then right-click on it. Select the option for Import Management Packs, as shown in the following screenshot:
- The Import Management Packs wizard should appear. Next, click on the Add button, as shown in the following screenshot:
- You'll be prompted with an Online Catalog Connection dialog box, as we've already downloaded the management pack. Now, click on No to proceed, as shown in the following screenshot:
- You'll then be presented with a window that allows you to browse to the location for which we unpacked the files to in step 2. The first file you'll need to pick is
Microsoft.FEPS.Libary.mp. Then, click on the Open button to proceed, as shown in the following screenshot:
- You will be brought back to the Import Management Packs wizard. If you've selected the correct file, then you'll see a green check next to the filename. You'll need to click on the Add button again and repeat the process for the other two files in the folder,
Microsoft.FEPS.Application.mpandMicrosoft.FEPS.Reports.mp. Once you've added all three.mpfiles, you can then click on the Install button, as shown in the following screenshot:
- The import process will likely take a few minutes, but once it's complete, you should see the following screenshot:
- Click on the Close button to complete the import procedure.
The procedure in this recipe will only import the management pack into your SCOM 2012 environment, in order. For clients, to start sending SCEP related data to SCOM, they will also need to have the SCOM client deployed to them. In other words, the SCOM Management Pack collects data directly from the Endpoint clients themselves, rather than pulling data out of your SCCM 2012 server.
As such, there is a lot of overlap between SCCM 2012 with SCEP enabled and a SCOM server with the Endpoint Protection Management pack installed. Therefore, it's recommended that you only use the Management Pack if you have a good reason for doing so.