By default, Windows Server 2012 comes without a security solution.

This is especially important if you use 2012 as a robust workstation OS for your studying needs.

So, to protect your time-consuming lab-rat experiments, you might feel left "high and dry".

'Though not everything is lost, since there are 2 hacks you might wish to implement to provide a minimum form of protection to your lab.

 

1. Microsoft Security Essentials for Windows 7 into Windows Server 2012.

The first hack allows you to install Microsoft Security Essentials (MSE).

Microsoft Security Essentials is designed for Windows 7 and is not compatible (nor supported) on Windows Server 2012.

But if you insist, you might as well end-up installing it on your Windows Server 2012.

  1. Download a copy of MSE from Microsoft: http://windows.microsoft.com/en-us/windows/security-essentials-all-versions
  2. Right Click on the "mseinstall.exe".
  3. Click on Properties.
  4. Click on the "Compatibility"-tab.
  5. Locate the "Compatibility mode"-section.
  6. Check "Run this program in compatibility mode for:".
  7. Select From the (now active) dropdown menu "Windows 7".
  8. Open a Command Prompt as Administrator.
  9. cd to your Downloads folder (ie. cd C:\Users\%username%\Downloads).
  10. Run "mseinstall /disableoslimit" and follow the installer prompts to install MSE on your Windows Server 2012.

 

2. Microsoft Endpoint Protection 2012 (part of the System Center 2012 suite).

Microsoft Endpoint Protection 2012 is part of a freaking awesome Microsoft System Center suite.

For further info, please refer to http://en.wikipedia.org/wiki/System_Center#Microsoft_System_Center

The Microsoft System Center suite of programs is a fully integrated Client/Server solution that allows you to automate your infrastructure management.

Amongst other things, Microsoft Endpoint Protection 2012 is the "security" component of the suite - a Client/Server Security solution that fully integrates with your Active Directory Domain.

In layman's terms, Microsoft Endpoint Protection 2012 could be considered as the "full" version of Microsoft Security Essentials (aka Windows Defender on Windows 8/8.1).

The solution includes both a "Server" application (ie. to deploy on your application server) and a "Client" counterpart (ie. for your workstations).

  • The hack described in here is the possibility to run the Client as a "standalone" product (ie. without having to rely on the Server application).

Not only, you can even get the client "for free", by simply downloading the Trial version of the entire Microsoft Endpoint Protection 2012 suite (trial refers to the Server Application).

To install System Center 2012 Endpoint Protection on Windows Server 2012 proceed as follows:

  • Download Microsoft System Center Configuration Manager and Enpoint Protection 2012 SP1 from the following address:

http://technet.microsoft.com/en-US/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33

Once you obtain the package (mine was named SC2012_SP1_RTM_SCCM_SCEP.exe and it was 613MB):

  1. Right Click on it and open the archive with 7zip.
  2. Extract the "CLIENT"-Folder from SC2012_SP1_RTM_SCCM_SCEP.exe into a temporary location.
  3. Browse to the CLIENT folder with Windows Explorer and run "SCEPINSTALL.exe".
  4. Follow the installer Prompts and you'll end up with a fully featured  Security Solution courtesy of Microsoft.

System Center 2012 Endpoint Protection System Center 2012 Endpoint Protection System Center 2012 Endpoint Protection System Center 2012 Endpoint Protection

 

 

Personal remarks.

Now, apart from what's moral and what's not, Microsoft highly likely wishes you to "give it a go" (at their own Security solutions).

Despite glorious bugs that made glowing news during the previous decade, Microsoft takes a serious stand when it comes to Security.

How?! For one, by constantly releasing Windows "Security Updates".

Pair that with a basic form of malware protection and you might just end up covering 80% of your security needs.

Independent testing says:"meh..!".

If you asked me what's my favourite professional security suite, I'd say:"it depends".

If you're an SMB with limited resources (and perhaps close to none IT personnel), then I'd lean towards a fully managed OOB solution (like Bitdefender).

If you're a Windows-only Enterprise or Government organization, then I'd lean towards a secured Active Directory domain environment (ie. w/Applocker & IPSec), with the integration & automation provided by Microsoft System Center-based solutions (such as Endpoint Protection 2012).

Thoughts welcome.

 

[UPDATE] 2014-02-12 - Windows Server 2012 R2 compatibility:

Jens (a reader of this article), reports SCCM 2012 SP1 is not working on his Windows Server 2012 R2.

  • I tried to run MS SCCM 2012 R2 EP Client on Windows Server 2012 R2 Datacenter and it just worked!

So yes, the above procedure is confirmed to work on Windows Server 2012 R2 - provided you use Microsoft System Center 2012 R2 Endpoint Protection Client.

Updated procedure for Windows Server 2012 R2.

  1. Obtain SCCM 2012 R2 TRIAL from http://technet.microsoft.com/en-us/evalcenter/dn205297.aspx
  2. Extract the SCCM 2012 R2 EP "Client"-Folder from SC2012_R2_SCCM_SCEP.exe.
  3. Run "SCEPINSTALL.exe" as Admin.
3.7/5 - (3 votes)

38 comments on “2 Free Microsoft Windows Server 2012 Antivirus Solutions.

  • I tried the Endpoint download method on a 2012 Server Essentials, and it refuses to install, saying the version of the OS is not supported.

  • This simply works! Thank you so much for sharing this info. I'm sure MS won't be pleased. But in our case, we are non-profit with limited budget and technical know how. While we can still purchase the licenses for SCCM with discount, having to set up the entire SCCM just to deploy AV is a bit overkill in our environment. Now I can cross this requirement off my list and move on to other great projects!

  • According to your method, I have install the MSE in my Win Server 2012 and work nice, Thanx very much. but not there is an version update for MSE, And it needs to unstall it before install the new one, pls kindly tech me how to unstall the MSE. Many thanx!

  • So - you can get Microsoft Endpoint Protection 2012 running on Server 2012 R2 using this method. Here's how:

    Download the zip, extract, locate SCEPINSTALL.exe

    BUT - then you need to do the whole right click on that file, compatability mode Win7, and then open a DOS prompt as admin and open SCEPINSTALL.exe /disableoslimit

  • I used this method to install the Enpoint Protection client on my 2012 R2 Essentials server.

    But the Windows Update KB2907566 (Update for System Center Endpoint Protection 2012 Client) constantly fails to install. Anyone managed to install this?

  • The same for me : it refuses to update with error 0×80070490.

    No solution found, except manually downloading the update from "http://go.microsoft.com/fwlink/?LinkID=87341" and running it. By this method it works... but it's boring...

  • I figured it out. Downloaded 474282_ENU_x64_zip from the link i posted above. Extracted with 7zip until I ended up with FEPInstall which was Client Version 4.5.216.0.

    Set for Win 7 Compatibility then ran the FEPINSTALL /disableoslimit and it installed. It had me removed System Center Endpoint Protection but I now have the latest antimalware client version and it updated fine.

    Now my server is not spamming me telling me I am missing important updates.

  • Thanks guys, this works great (with the 2012R2 update info above).

    To Microsoft I'd like to say that you should be ashamed. We paid enough for the licensing for the server software, in my case over twice the cost of the hardware itself for the server. Why remove functionality from the product and pretend in the documentation that the product is bundled with Windows 8? You guys try to kill the competition (like Symantec) by giving something away for free for years... only to then remove it later and try to charge for it? Not cool, guys.

  • if u wanna remove Microsoft Security Essentials u may run this as Administrator

    mseinstall.exe /u /disableoslimit

  • It's awesome! Just nice solution for me as I am running it as test machine. But the idea to run it without anti virus in not good at all 🙂 Thanks again.

  • Installation worked like a charm...

    Installed from command prompt and used scepinstall /disableoslimit.

    Updating worked as well - for now...

  • I didn't try this with MSE, but I cannot see why scepinstall needs to be run in win7 compat mode. Using the /disableoslimit switch is sufficient to install on WSE2012. My rule is to never run in compat mode unless there is absolutely no other solution, and on my server compat mode is not even a consideration. That said, I think this hack is awesome for a home-spun solution. If you do this in a commercial environment you should still pay your dues.

  • Great solution... The 2012R2 updates worked flawlessly.

    Thank you for taking the time to figure this out for the rest of us!

  • Anyone able to install October Platform (4.6.0305.0) update? I got March to manually install from the hotfix. But their isn't one for October.

  • Much appreciation for working this out. I have been successful getting the Systems Center Endpoint Protection to run on Essentials R2 with this method. The box is a simple homeserver replacement for an old HP homeserver that needed to be decommissioned.

    mcp # 45216 😉

  • What are the legal aspects of running System Center Endpoint Protection on a small company Win 2012 server? Do we have to pay even if we are using only the Endpoint Protection? How much?

    Kind regards,
    Q

  • SCEP on Windows Server Essentials 2012 R2 - latest update HOW TO:

    https://manima.de/2014/10/scep-on-windows-server-essentials-2012-r2/

    ===

    You may or may not know that there is a trigger to install a SCEP Client on a Windows Server Essentials 2012 R2 – but what about updates? If you try to install the Update from October (Version 4.6.0305.0) the update will fail – for obvious reasons. On top of that the Update 2998627 which includes the Updatepackage is not available on the Microsoft WIndows Update Catalog Website. So what now? I’ll go on just as this article started: As you may or may not know there is a Cache-Folder for WIndows Updates located at C:\Windows\SoftwareDistribution\Download. This Folder holds a bunch of cryptic Hash-Values – take a not of the filesizes here. The Update shows up as 8,4 MB – lets check if there is a file which has roughly the same size. Bingo! So just to don’t disturb any Windows Update Services copy this file to a convenient place (like C:\) and rename it to scepinstall.exe (or whatever you prefer). Get an administrative CMD running and do scepinstall.exe /disableoslimit

  • Thanks so much everyone...this solved my problem and eliminated my headaches. Running it from the command prompt as administrator with the /disableoslimit did the trick.

    Very much appreciated!

  • I tried the updated for W2012 R2 and it worked for me. They changed the folder name in the SC2012_SP2_Configmgr_SCEP.exe fole to \SMSSETUP\CLIENT\ Other than that it worked like a charm.

Comments are closed.