The Endpoint Protection client can be pre-installed on a computer that you want to use as a reference computer for the Configuration Manager operating system deployment. You can then deploy this disk image which also contains software packages, including Endpoint Protection client to your client computers or for setting up new computers.
What purpose or benefit could there be in provisioning the Endpoint Protection client in the disk image?
It will save some time during massive operating system deployments. On the other hand, on a daily basis you will need to maintain and update your Disk Image more often to ensure you have the latest Endpoint Protection client.
You need to have SCCM with the Software Update role and the Endpoint Protection role setup and fully configured.
You need access to the scepinstall.exe that can be found in the Configuration Manager Client folder.
Ensure that the Endpoint Protection client is deployed in your organization using the required settings and configuration. You need to specify an antimalware policy when you install Endpoint Protection clients manually. For this, you have to export the policy, and this policy cannot be the default Endpoint Protection policy.
Either you use the Build and Capture Task Sequence or you do it manually. You need to make a package of the scepinstall.exe with the policy file.
You can export the policy from within the Configuration Manager console:
All Workstations Custom Policy created in the Endpoint Protection Policy
You export the manually defined policy to XML and add it to the folder with the scepinstall.exe file.
The installation command is:
scepinstall.exe /policy polcyfilename.xml
If you use the Build and Capture Task Sequence that I recommend using when building Disk Images, you need to create a software package with the two files and run it as a command or program during the Task Sequence.
More information about provisioning an Endpoint Protection client in a Disk Image in Configuration Manager is available from: