First, Microsoft has done fine job making a very good Antivirus Antimalware Client to protect and clean computers. It scores very well on test now http://securitywatch.pcmag.com/security-software/326487-microsoft-goes-from-cellar-to-stellar-in-new-antivirus-test
Customers using this product have been increasing fast over the years. And the experience is very very good. It does the job and uses very little resources of the machine or server. And handling it within your Confimgr Console is so nice.
Allright over to Configmgr, and why do we need Update the Endpoint Protection Client?
Well the answere is in the KB update articles http://support2.microsoft.com/kb/2998627
It upgrades the Endpoint Protection Client with Improved scanning ability and different optimizations regarding finding viruses better, rootkits and malware. So, Yes we want that!
You could include them in your daily definitions update job and package, but it may be better to keep packages to a minimum size since they are updated up to two or three times a day. And this way of filtering gives you the ability to scope down and select only the 2012 Client updates and not the 2010 Client updates, then this is one way of doing it.
Create a seperate ADR Rule in Configmgr to handle the Client Updates for Endpoint Protection.
And some of you Distribution Point in far a way locations with low bandwidth and need to preserve the usage to a minimum.
These filters should give you only the Endpoint Protection 2012 Client Updates
Your typical Package Size would look something like this
test test test and your done
Another thing regarding the Client version of Endpoint Protection.
When you Upgrade your Configmgr Servers to the latest Cumulative Update it also updates the Configmgr Client Package with new SCEPInstall. So that fresh new installed Configmgr clients on machines will have the latest Endpoint Protection Client installed at the beginning and no need for extra update.