System Center 2012 Endpoint Protection for Mac Custom Install

System Center 2012 Endpoint Protection Manager for Mac is a standalone anti-virus application for OS X 10.6-10.8.  Although part of the System Center 2012 product line, it is not currently managed by any of the management systems.   There is no central management or reporting at this time.   If you wish to customize the application and transfer settings to another install, this is possible with in the application using the Import/Export feature.  However this does not lend itself for large scale installs.   

There is an undocumented way to make some customizations.  Within the application itself is a configuration file which appears to contain all of the configuration settings.  While not editable itself, you can customize the application and then copy this file to other Macs with SCEP 2012 installed.  The fact that this configuration file exists within the application itself really doesn’t follow best practices.  It should be kept in the main Library folder.  It would also be best if it were a standard PLIST file, which allows for easier modification.  Regardless, here are some steps to customize and deploy the application.

 

  1. On a Mac with SCEP2012 installed, make customizations as you see fit based on your environment.
  2. Open the Applications folder and then Option click on System Center 2012 Endpoint Protection.  From the menu, choose to Show Package Contents.
  3. Browse to the location of the scep.cfg file, as shown in the image below.  Copy that file to another location.
    1. SCPE2012 Config
  4. Bring up the Terminal application.  Change the owner back to root by typing in “sudo chown root path/filename” where path/file name is replaced by the location of your file (you can simply drag and drop the file onto the Terminal window to have it fill this in for you), then press Enter.  Fill in your admin password and press Enter.
  5. Change the group back to wheel by typing in “sudo chgrp wheel path/file” where path/file name is replaced by the location of your file (you can simply drag and drop the file onto the Terminal window to have it fill this in for you), then press Enter. Fill in your admin password and press Enter.
  6. Close Terminal.
  7. Prepare a script to copy the file to the same location as the original, or create a package to do the same thing.  You can use Apple’s free PackageMaker (not the most inuitive), or purchase a better tool such as JAMF Software’s Composer application.
  8. From the SCEP2012 download from the MS Volume site (SW_DVD5_Sys_Ctr_2012w_SP1_Endpoint_Prot_for_Lin_Mac_MultiLang_-2_X18-84757.ISO), extract the contents of the ISO. 
  9. Browse to the Mac DMG file and double click it to mount it.
  10. Within the System Center 2012 Endpoint Protection volume, option click on the Install shortcut and from the menu choose Show Original.
  11. In the new window, copy the Installer.pkg file to a location of your choosing.  You may have to adjust your Finder preferences to show file extensions (it’s under Advanced section – Show all filename extensions) in order to discern the correct file.
  12. Deploy the Install.pkg file to your systems, using the deployment tool of your choice.
  13. Deploy the script/file or package to your systems, using the deployment tool of your choice.  The must be deployed after the install, obviously.
  14. Reboot the system or schedule a reboot for after hours if it is currently in use for the settings to take effect.

 

It should be noted that it is possible not all settings are kept in this file.  Also, if you set up Privileged Users within the application to manage the program (open SCEP 2012, show Advanced settings, then go to Setup – Enter Application Preferences – User – Privileges), the list will only populate with accounts that currently have a profile on the Mac.  So it may be best to have a consistent local admin account on all of your Macs.  Otherwise you will not be able to make local adjustments to the application later, even if you are an admin.

While not being able to centrally manage this application and report on virus statistics, it is a decent application and may already be covered under your existing System Center licenses.  Deploying it could save your company thousands of dollars that you are currently spending on Mac AV software.

email

Written by , Posted .