Malware Protection with Configuration Manager

Open the Administration workspace.

Navigate to Overview, Client Settings.

Either create a new settings object (device) or edit an existing one; the required settings group is Endpoint Protection.

Select the Endpoint Protection group.

Change the Manage Endpoint Protection client on client computers option to Yes and configure other options, as the following figure shows. Click OK.

If you created a new settings object, select the Deploy action and deploy to a certain collection containing machines that should have endpoint protection enabled.

Create a new anti-malware policy. Open the Assets and Compliance workspace.

Select Endpoint Protection, Antimalware Policies from the navigation pane.

Select the Create Antimalware Policy action to create a new policy. Alternatively, you can select the Import action and use one of the built-in templates (C:Program Files (x86)Microsoft Configuration ManagerAdminConsoleXmlStorageEPTemplates), which contain configurations for many types of environment such as file server, Hyper-V server, desktop, and so on. Select a template that matches and click Open.

Modify settings from the imported template, select a new name in the General tab, and click OK.

Select the Deploy action for the new policy and select the same collection(s) that were enabled for endpoint protection. Note: you'll probably want different anti-malware policies for your different types of machines because the requirements and exceptions will be different.