- Moved by Steven_Lee0510Microsoft contingent staff 5 hours 37 minutes ago
Hi,
Due to this issue is more related to the SCCM, to get better help, please allow me to move it to the SCCM forum.
Thanks for your understanding!
Bit of translation and I think you are referring to the Enpoint Protection feature, not the entire SCCM agent.
If so you have to look at your Client policies under the "administrative" section of SCCM ... not necessarily a specific collection. If your default client policy has Endpoint Protection enabled, every device that doesn't have an overriding policy will enable (and re-enable) endpoint protection.
Here's a longer term tip: don't use the default client policy. Generally leave it alone. Instead, create policies that you DO assign to collections and set your custom client policies to those. Quick example: make two policies: default workstations, and default servers. Then assign those to two collections: (a server and workstation collection). Bam: you can now safely enable features for one group of devices without impacting others (like user device affinity or endpoint protection).