This post is also available in: Slovenian
The best way to install System Center 2012 Endpoint Protection is of course remotely through Configuration Manager, but in Enterprise network is always some exceptions, as there are some workstations that are not on a network or are in other network and we need to install SCEP 2012 as a standalone app without the possibility of remote control and management.
SC SCEP 2012 Endpoint Protections is located in the installation folder of System Center Configuration Manager 2012 SP1 c:\Program Files\Microsoft Configuration Manager\Client. Just copy files from there.
One of the files is ep_defaultpolicy.xml which is policy file and represents the default policy, but it’s better to make themselves in Configuration Manager console and than export it to folder with copied files.
Making own policy for SCEP
Open Configuration Manager Console and go to Assets and Compliance / Endpoint Protection / Antimalware Policies.
Here we can define the desired setting like scheduling scans, what to do with files in the quarantine, exclude files, set sources from where updates can be made … In Enterprise environment upgrades are usually arrange via Configuration Manager (ccm client), WSUS server or UNC share folder, but for the standalone client upgrades will go only from Internet via Windows Update and through Microsoft Malware Protection Center.
After making policy for the standalone client, just export to a folder with install files for SCEP 2012 SP1 ( in our case under the name of standalone-SCEP.xml)
command line for installation of standalone agent SCEP2012 SP1:
scepinstall.exe /s /q //policy C:\folder\standalone-SCEP.xml
Change of policy
If we want later to edit own policy, we can export another policy. To active it on standalone machine, copy xml file and run in command line:
C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe c:\folder\standalone-SCEP-2.xml