Today I wanted to start sequencing an application for App-V within my lab environment where I have deployed SCCM 2012 SP1 including Endpoint Protection. As I went through the Sequencing Wizard I got the well-known warning that I have Antivirus software running.
Not an issue, just turn it off right?. Well since I have configured a custom Antimalware policy that is applied to all my clients to not allow configure the real-time protection settings, this setting can’t be changed. .
Stopping the Microsoft Antimalware client service doesn’t work neither since it is protected for obvious reasons.
So I worked out the following:
First I created a new Antimalware policy called App-V Sequencing clients, where I allow users to configure the real-time setting.
Once the policy was created I made sure it got a higher priority than the standard desktop policy by increasing the priority. And finally I deployed the App-V Sequencing clients antimalware policy to a Collection that holds the App-V Sequencing clients via direct membership.
(Note that with SCCM 2012 SP1 client side merging of antimalware policies was introduced, so all other settings come from the standard antimalware policy)
After a policy refresh on the client I was able to disable real-time protection.
and so I could continue sequencing the application.
Merging Endpoint Protection Policies in ConfigMgr 2012
Microsoft Virtual Academy: Endpoint Protection in System Center 2012 SP1