Endpoint ProtectionEndpoint Protection

适用范围: Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

Endpoint Protection 为 Configuration Manager 层次结构中的客户端计算机管理反恶意软件策略和 Windows 防火墙安全性。Endpoint Protection manages antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.


必须获得使用 Endpoint Protection 的许可,才能管理 Configuration Manager 层次结构中的客户端。You must be licensed to use Endpoint Protection to manage clients in your Configuration Manager hierarchy.

将 Endpoint Protection 与 Configuration Manager 配合使用时,具有以下优势:When you use Endpoint Protection with Configuration Manager, you have the following benefits:

  • 配置反恶意软件策略和 Windows 防火墙设置,并管理选定计算机组的 Microsoft Defender 高级威胁防护Configure antimalware policies, Windows Firewall settings, and manage Microsoft Defender Advanced Threat Protection to selected groups of computers
  • 使用 Configuration Manager 软件更新下载最新的反恶意软件定义文件,使客户端计算机保持最新Use Configuration Manager software updates to download the latest antimalware definition files to keep client computers up-to-date
  • 发送电子邮件通知、使用控制台内部监视,并查看报表。Send email notifications, use in-console monitoring, and view reports. 当在客户端计算机上检测到恶意软件时,这些操作会通知管理用户。These actions inform administrative users when malware is detected on client computers.

自 Windows 10 和 Windows Server 2016 计算机起,Windows Defender 已经安装。Beginning with Windows 10 and Windows Server 2016 computers, Windows Defender is already installed. 对于这些操作系统,Windows Defender 的管理客户端在 Configuration Manager 客户端安装时一起安装。For these operating systems, a management client for Windows Defender is installed when the Configuration Manager client installs. 在 Windows 8.1 及更低版本的计算机上,Endpoint Protection 客户端随 Configuration Manager 客户端一起安装。On Windows 8.1 and earlier computers, the Endpoint Protection client is installed with the Configuration Manager client. Windows Defender 和 Endpoint Protection 客户端具有以下功能:Windows Defender and the Endpoint Protection client have the following capabilities:

  • 恶意软件与间谍软件检测和修正Malware and spyware detection and remediation
  • Rootkit 检测和修正Rootkit detection and remediation
  • 严重漏洞评估与自动定义和引擎更新Critical vulnerability assessment and automatic definition and engine updates
  • 通过网络检查系统进行网络漏洞检测Network vulnerability detection through Network Inspection System
  • 与 Cloud Protection Service 集成,以向 Microsoft 报告恶意软件。Integration with Cloud Protection Service to report malware to Microsoft. 加入此服务后,如果在计算机上检测到无法识别的恶意软件,Endpoint Protection 客户端或 Windows Defender 可以从恶意软件保护中心下载最新的定义。When you join this service, the Endpoint Protection client or Windows Defender downloads the latest definitions from the Malware Protection Center when unidentified malware is detected on a computer.


Endpoint Protection 客户端可安装在运行 Hyper-V 的服务器以及具有受支持操作系统的来宾虚拟机上。The Endpoint Protection client can be installed on a server that runs Hyper-V and on guest virtual machines with supported operating systems. 为防止 CPU 使用率过高,Endpoint Protection 操作配置有内置的随机化延迟,因此保护服务不会同时运行。To prevent excessive CPU usage, Endpoint Protection actions have a built-in randomized delay so that protection services do not run simultaneously.

此外,还可使用 Configuration Manager 控制台中的 Endpoint Protection 管理 Windows 防火墙设置。In addition, you manage Windows Firewall settings with Endpoint Protection in the Configuration Manager console.

示例方案:使用 System Center Endpoint Protection 来保护计算机免受恶意软件侵害 Endpoint Protection 和 Windows 防火墙。Example scenario: Using System Center Endpoint Protection to protect computers from malware Endpoint Protection and the Windows Firewall.

使用 Endpoint Protection 管理恶意软件Managing Malware with Endpoint Protection

Configuration Manager 中的 Endpoint Protection 可用于创建包含 Endpoint Protection 客户端配置设置的反恶意软件策略。Endpoint Protection in Configuration Manager allows you to create antimalware policies that contain settings for Endpoint Protection client configurations. 将这些反恶意软件策略部署到客户端计算机Deploy these antimalware policies to client computers. 然后通过使用“监视” 工作区中“安全性” 下的“Endpoint Protection 状态” 节点,监视符合性。Then monitor compliance in the Endpoint Protection Status node under Security in the Monitoring workspace. 还可使用“报表” 节点下的 Endpoint Protection 报表。Also use Endpoint Protection reports in the Reporting node.

其他信息:Additional information:

使用 Endpoint Protection 管理 Windows 防火墙Managing Windows Firewall with Endpoint Protection

Configuration Manager 中的 Endpoint Protection 提供对客户端计算机上的 Windows 防火墙的基本管理。Endpoint Protection in Configuration Manager provides basic management of the Windows Firewall on client computers. 对于每个网络配置文件,可以配置以下设置:For each network profile, you can configure the following settings:

  • 启用或禁用 Windows 防火墙。Enable or disable the Windows Firewall.

  • 阻止传入连接,包括位于允许程序列表中的程序。Block incoming connections, including those in the list of allowed programs.

  • Windows 防火墙阻止新程序时通知用户。Notify the user when Windows Firewall blocks a new program.


Endpoint Protection 仅支持管理 Windows 防火墙。Endpoint Protection supports managing the Windows Firewall only.

有关详细信息,请参阅如何为 Endpoint Protection 创建和部署 Windows 防火墙策略For more information, see How to create and deploy Windows Firewall policies for Endpoint Protection.

Microsoft Defender 高级威胁防护Microsoft Defender Advanced Threat Protection

Endpoint Protection 管理和监视 Microsoft Defender 高级威胁防护 (ATP)(旧称为“Windows Defender ATP”)。Endpoint Protection manages and monitors Microsoft Defender Advanced Threat Protection (ATP), formerly known as Windows Defender ATP. Microsoft Defender ATP 服务有助于企业检测、调查和响应企业网络上的高级攻击。The Microsoft Defender ATP service helps enterprises detect, investigate, and respond to advanced attacks on the corporate network. 有关详细信息,请参阅 Microsoft Defender 高级威胁防护For more information, see Microsoft Defender Advanced Threat Protection.

Endpoint Protection 工作流Endpoint Protection Workflow

可以借助以下关系图了解在 Configuration Manager 层次结构中实现 Endpoint Protection 的工作流。Use the following diagram to help you understand the workflow to implement Endpoint Protection in your Configuration Manager hierarchy.

Endpoint Protection 工作流

适用于 Mac 计算机和 Linux 服务器的 Endpoint Protection 客户端Endpoint Protection Client for Mac Computers and Linux Servers


将于 2018 年 12 月 31 日结束对 Mac 版和 Linux 版 System Center Endpoint Protection (SCEP)(所有版本)的支持。Support for System Center Endpoint Protection (SCEP) for Mac and Linux (all versions) ends on December 31, 2018. 在支持结束后,可能会停止为 SCEP for Mac 和 SCEP for Linux 提供新的病毒定义。Availability of new virus definitions for SCEP for Mac and SCEP for Linux may be discontinued after the end of support. 有关详细信息,请参阅“不再提供支持”博客文章For more information, see End of support blog post.

System Center Endpoint Protection 包括适用于 Linux 和 Mac 计算机的 Endpoint Protection 客户端。System Center Endpoint Protection includes an Endpoint Protection client for Linux and for Mac computers. 不向这些客户端提供 Configuration Manager。These clients aren't supplied with Configuration Manager. Microsoft 批量许可服务中心下载以下产品:Download the following products from the Microsoft Volume Licensing Service Center:

  • System Center Endpoint Protection for MaSystem Center Endpoint Protection for Mac

  • 适用于 Linux 的 System Center Endpoint ProtectionSystem Center Endpoint Protection for Linux


你必须是 Microsoft 批量许可客户才能下载适用于 Linux 和 Mac 的 Endpoint Protection 安装文件。You must be a Microsoft Volume License customer to download the Endpoint Protection installation files for Linux and the Mac.

不能通过 Configuration Manager 控制台管理这些产品。These products can't be managed from the Configuration Manager console. System Center Operations Manager 管理包随附有安全文件,可用于管理 Linux 的客户端。A System Center Operations Manager management pack is supplied with the installation files, which allows you to manage the client for Linux.

如何获取适用于 Mac 计算机和 Linux 服务器的 Endpoint Protection 客户端How to get the Endpoint Protection client for Mac computers and Linux servers

使用以下步骤下载包含适用于 Mac 计算机和 Linux 服务器的 Endpoint Protection 客户端软件和文档的映像文件。Use the following steps to download the image file containing the Endpoint Protection client software and documentation for Mac computers and Linux servers.

  1. 登录到 Microsoft 批量许可服务中心Sign in to the Microsoft Volume Licensing Service Center.
  2. 选择网站顶部的“下载和密钥” 选项卡。Select the Downloads and Keys tab at the top of the website.
  3. 筛选产品 System Center Endpoint Protection (Current Branch)Filter on product System Center Endpoint Protection (current branch).
  4. 单击链接以下载Click link to Download
  5. 单击“继续” 。Click Continue. 应能看到若干文件,其中一个名为:System Center Endpoint Protection (current branch - version 1606) for Linux OS and Macintosh OS Multilanguage 32/64 bit 1878 MB ISOYou should see several files, including one named: System Center Endpoint Protection (current branch - version 1606) for Linux OS and Macintosh OS Multilanguage 32/64 bit 1878 MB ISO.
  6. 单击箭头图标,下载该文件。To download the file, click the arrow icon. 文件名为 SW_DVD5_Sys_Ctr_Endpnt_Prtctn_1606_MultiLang_-3_EptProt_Lin_Mac_MLF_X21-67050.ISO 。The file name is SW_DVD5_Sys_Ctr_Endpnt_Prtctn_1606_MultiLang_-3_EptProt_Lin_Mac_MLF_X21-67050.ISO.

此 2018 年 1 月更新 (X21-67050) 包括以下版本:The January 2018 update (X21-67050) includes the following versions:

  • 适用于 Mac 的 System Center Endpoint Protection(支持 macOS 10.13 High Sierra)System Center Endpoint Protection for Mac (support for macOS 10.13 High Sierra)

  • 适用于 Linux System Center Endpoint ProtectionSystem Center Endpoint Protection for Linux

    有关如何安装和管理适用于 Linux 和 Mac 计算机的 Endpoint Protection 客户端,请使用这些产品随附的文档。For more information about how to install and manage the Endpoint Protection clients for Linux and Mac computers, use the documentation that accompanies these products. 此产品文档位于 .ISO 文件的“文档”文件夹 。This product documentation is in the Documentation folder of the .ISO file.