System Center 2012 Endpoint Protection as standalone client

This post is also available in: Slovenian


The best way to install System Center 2012 Endpoint Protection is of course remotely through Configuration Manager, but in Enterprise network is always some exceptions, as there are some workstations that are not on a network or are in other network and we need to install SCEP 2012 as a standalone app without the possibility of remote control and management.

SCEP2012Where to found SCEP2012 install files?

SC SCEP 2012 Endpoint Protections is located in the installation folder of System Center Configuration Manager 2012 SP1  c:\Program Files\Microsoft Configuration Manager\Client. Just copy files from there.

One of the files is ep_defaultpolicy.xml which is policy file and represents the default policy, but it’s better to make themselves in Configuration Manager console and than export it to folder with copied files.

Making own policy for SCEP

Open Configuration Manager Console and go to Assets and Compliance / Endpoint Protection / Antimalware Policies.
Here we can define the desired setting like scheduling scans, what to do with files in the quarantine, exclude files, set sources from where updates can be made … In Enterprise  environment upgrades are usually arrange via Configuration Manager (ccm client), WSUS server or UNC share folder, but for the standalone client upgrades will go only from Internet via Windows Update and through Microsoft Malware Protection Center.

After making policy for the standalone client, just export to a folder with install files for SCEP 2012 SP1 ( in our case under the name of standalone-SCEP.xml)

command line for installation of standalone agent SCEP2012 SP1:

scepinstall.exe /s /q //policy C:\folder\standalone-SCEP.xml


Change of policy

If we want later to edit own policy, we can export another policy. To active it on standalone machine, copy xml file and run in command line:

C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe c:\folder\standalone-SCEP-2.xml





Works as system engineer in Slovenian Enterprise in Microsoft environment focusing on security, deployments, SharePoint, SCCM and CheckPoint firewall. Author of successful blog about IT security, Microsoft tips & tricks, social media, internet trends.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.