When building golden image for your SCCM Workstation, theres a couple of changes you will need to make to the antivirus client before you deploy the image. The following steps can be incorporated in to the Build Task Sequence or alternatively while building your VDI base image.
Software you will need:
- A copy of the System Center Endpoint Protection client from your SCCM client folder: \\sccmserver\SMS_SITECODE\client\scepinstall.exe.
- The latest Endpoint Definition Updates from http://www.microsoft.com/security/portal/definitions/adl.aspx
- PSExec.exe from SysInternals PSTools Suite: http://technet.microsoft.com/en-gb/sysinternals/bb896649.aspx
Install the Systems Center Endpoint Protection client with the following switches:
scepinstall.exe /s /q /NoSigsUpdateAtInitialExp
Install the latest EndPoint Definition Updates
Next, we will need to modify some registry entries using the PSexec utility, launch an Administrative Command Prompt and run:
c:\psexec.exe -s -i regedit.exe
Delete the following registry keys if they exist:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\InstallTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastScanRun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastScanType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastQuickScanID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastFullScanID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT\GUID
Its important this step is done right at the end of your build image, if this is for your sccm image then ensure your image is captured straight after this. If your building your VDI base image ensure this is the last step prior to shutting down the virtual machine for your snapshot.
Adnan Iqbal 