System Center Endpoint Protection For Mac

I thought I was done with SCEP (see parts 1, 2 and 3) but whilst undertaking an exercise looking into using SCEP on some Linux servers (and specifically looking at how it can provide reporting data to SCOM via a Management Pack), I inadvertently came across a little-documented command line argument for one of its binaries, scep_daemon.

Management server. ESET Security Management Center manages endpoint products from a single pane of glass and can be installed on Windows or Linux. As an alternative to on-premise installation, customers with up to 250 seats can manage their endpoints via ESET Cloud Administrator. Free download System Center 2012 Endpoint Protection System Center 2012 Endpoint Protection for Mac OS X. System Center 2012 Endpoint Protection - This program allows you to consolidate desktop security and management in a single solution. Microsoft announced in November 2018 that it was discontinuing support for System Center Endpoint protection for Mac on December 31, 2018. As a result, OIT is transitioning to ESET Endpoint Antivirus as the recommended antivirus software for university owned Mac computers. See the ESET Endpoint Antivirus page fto learn how to download and install the antivirus agent.

CenterEndpointMacSystem Center Endpoint Protection For Mac

The documentation for the Linux SCEP SCOM Management Pack (what a mouthful!) vaguely alluded to feeding data to SCOM via a –status argument. This argument isn’t mentioned anywhere else in SCEP’s Linux documentation, nor listed when you invoke scep_daemon –help on either platform.

System center endpoint protection アンインストール mac

The Linux version of SCEP is also a rebranded version of ESET, just like its macOS counterpart and the above scep_daemon binary is also present in that version, so I thought I’d experiment in macOS…

There is a brief mention in the macOS documentation on the installer ISO, but the path to the binary is wrong (it says /Applications/.scep/scep_daemon). The scep_daemon binary is actually here:

But we’ll refer to it as scep_daemon from now on (just to keep my examples shorter and sweeter).

Running the macOS scep_daemon binary with the –status argument surprisingly yields the following:

The results pretty much speak for themselves in terms of what they mean and you can easily scrape them to get individual snippets.

For example, to get the status of the Real Time Protection (on access) scanning engine:

System Center Endpoint Protection Client

This will return “Enabled” or “Disabled”. You could easily spin this into an Extension Attribute for Jamf Pro, for example:

#!/bin/bash
status=$(/Applications/SystemCenterEndpointProtection.app/Contents/MacOS/scep_daemon –status grep RTPStatus cut -d '=' -f 2)
echo'<result>$status</result>'
exit 0

System Center Endpoint Protection For Mac

You could report on it with an Advanced Search or even use it as the criteria for a Smart Group, creating a remediation policy that runs a script to re-enable protection if it’s disabled. We just need a little help from our old friend, scep_set, for example (see part 1 for a more thorough overview of using it):

Microsoft System Center 2012 Endpoint Protection For Mac

#!/bin/bash
/Applications/SystemCenterEndpointProtection.app/Contents/MacOS/scep_set –section fac –set='action_av = 'scan''
sleep 1
launchctl unload /Library/LaunchDaemons/com.microsoft.scep_daemon.plist
sleep 1
launchctl load /Library/LaunchDaemons/com.microsoft.scep_daemon.plist
exit 0

As a bonus, if you’ve ever ran scheduled or ad-hoc on demand scans, scep_daemon –status will report extra results including the type of scans run (Quick Scan and Deep Scan), the directory path they were targeted to, when they were last run and if they were interrupted, for example:

Comments are closed.