Do Not Use Endpoint Security
Endpoint security is a security model in which a security descriptor is given when an endpoint is created with the RpcServerUseProtseq* group of RPC functions. Do not use this security model. Do not give security descriptors to those functions. At best, this method is a waste of CPU resources. At worst, in many environments it is possible to circumvent the security descriptor, as the Be Wary of Other RPC Endpoints Running In the Same Process section exemplifies.
Endpoint security exists only for backward compatibility.