Skip to main content

Cornell University

Deploy System Center Endpoint Protection

SCEP is the antivirus product for Windows devices managed through our Endpoint Protection Management service.

This article applies to: Endpoint Management Tools , Endpoint Protection

On This Page

Personally-owned or Cornell-owned but NOT managed devices should use Windows' native antivirus options instead of the method presented here.

This page is intended for IT support professionals. End users should contact local IT support.


  • You must have the CM2012 (Configuration Manager) client installed. 
  • The machine you are installing the CM2012 Client on must be a member of and have the proper policies in place to allow communication with the CM2012 infrastructure.
  • You must be provisioned on the CM2012 system. If you are not currently using CM2012, please send an email to asking to be on-boarded.


This procedure creates or modifies a client settings policy that will install SCEP on the managed computers.

  1. Launch the CM2012 Console.
  2. On the wunderbar (lower left), click Administration.
  3. On the left, under Overview, click Client Settings.
  4. In the main section of the screen, select your unit's client settings policy (or create it if one does not already exist).
  5. Right-click your unit's client settings policy, then select Properties. A Client Settings dialog box will open.
  6. In the left column, click General.
  7. In the right section, click to put a check next to Endpoint Protection.
  8. In the left column, click Endpoint Protection.
  9. In the right section, set the device settings as desired. Most settings will be read-only until you set the first (Manage Endpoint Protection client on client computers) to Yes. The screenshot here shows the settings used to upgrade the CIT-managed environment. You MUST uninstall SEP (Symantec Endpoint Protection) before installing SCEP. The simplest way to do this is to set the third setting (Automatically remove previously installed...) to Yes.
  10. Click OK to close the dialog box.


  1. Launch the CM2012 Console.
  2. On the wunderbar (lower left), click Monitoring.
  3. On the left, under Overview and Endpoint Protection Status, click System Center 2012 R2 Endpoint Protection Status.

Here you can see how many clients in your collection have Endpoint Protection installed and other information.

Click Active clients protected with Endpoint Protection to see additional information on the status of each client.


  1. Launch the CM2012 Console.
  2. On the wunderbar (lower left), click Monitoring.
  3. On the left, under Overview and Reporting, click Reports.
  4. In the search bar, type endpoint, then click Search.

The search results are various reports you can run for further details.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.