I followed some guides here (or a link here that went to a another article) on deploying EndPoint Protection along with the latest updates.
Essentially it's just a package in SCCM based on scheduled task that downloads the latest installer and definitions, then "installs" them at the Operating System Deployment sequence.
That's fine, good stuff, it works.
My problem now is, since apparently you have to specify an .xml file in the deployment that includes the policies, how do I now override those policies with the EndPoint protection policies I configured in SCCM and deployed to the collection this particular
computer I just OSD's is a member of?
(scepinstall.exe /s /q /NoSigsUpdateAtInitialExp /policy %~dp0EPAMPolicy2.xml)
In EndPoint protection, Help > About, its policy is set to "SCEP2012 High-Security", and there are no file or folder exclusions. However, my EndPoint protection policy in SCCM 2012 console, has many excluded files/processes/folders and should have been deployed & applied to this computer that's in the collection the policy was deployed to.
So I guess my questions would be, what should I do? is it just going to take a while (48 hrs so far)? Should I not deploy the EndPoint installer with an .xml file? If I have to use xml file, do I have to configure all the policies in there? How could I then update the policies for EndPoint going forward?
References: http://www.chrisnackers.com/2012/10/18/configuration-manager-2012-installing-endpoint-protection-during-a-task-sequence/