Export (0) Print
Expand All

Microsoft System Center 2012 Endpoint Protection Privacy Statement

Updated: June 1, 2013

Applies To: System Center 2012 Endpoint Protection, System Center 2012 Endpoint Protection SP1, System Center 2012 R2 Endpoint Protection

Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft System Center 2012 Endpoint Protection (“Endpoint Protection”). It focuses on features that communicate with the Internet and is not intended to be an exhaustive list. It does not apply to other online or offline Microsoft sites, products, or services.

Endpoint Protection helps protect your PC from malicious software (malware) such as viruses, spyware, and other potentially harmful software.

It offers three ways to help protect your PC from malware and other potentially unwanted software:

  • Real-time protection. Endpoint Protection alerts you when malware, spyware, or potentially unwanted software attempts to install or run on your PC. It also alerts you when programs attempt to change important Windows settings.

  • Scanning options. You can use Endpoint Protection to scan for threats, viruses, spyware, and other potentially unwanted software that might be installed on your PC, to schedule scans on a regular basis, and to automatically remove any malicious software that is detected during a scan.

  • Detection. Should malicious software be detected on your computer, certain actions will automatically be taken to remove the malicious software and protect your computer from potential further infection. Once the malicious software is removed, Endpoint Protection may also reset some Windows settings (such as your home page and search provider).

Collection and Use of Your Information

The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized.  It may also be used to analyze and improve Microsoft products and services.

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.

Information that is collected by or sent to Microsoft by Endpoint Protection may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.

Collection and Use of Information about Your Computer

When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well.

The privacy details for each Endpoint Protection feature, software or service listed in this privacy statement describe what additional information is collected and how it is used.

Security of your information

Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities.

Changes to this privacy statement

We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.

For More Information

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us at cmprivacy@microsoft.com.

System Center Endpoint Protection Privacy Response

Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052 USA

Specific features

The remainder of this document covers features that may transmit information to Microsoft and/or its affiliates.

History

What This Feature Does:

This feature provides a list of all malware or suspected malware that Endpoint Protection detected on your PC and the actions that were taken when these programs were detected. The information displayed in the History tab is for items detected for all users - not per user.

Information Collected, Processed, or Transmitted:

A list of all malware or suspected malware that Endpoint Protection detected on your computer and the actions taken on these items are stored on your computer. These lists include Endpoint Protection activity for all the local users on the computer. The lists are sent to Microsoft as part of MAPS.

Choice/Control:

  • Using Configuration Manager:

    In System Center 2012 Endpoint Protection antimalware policy, administrators can choose to enable or disable the History view for end-users, which includes the ability to delete that history, or in quarantined file history, to restore those files. Users that are local administrators can view, delete, and restore from history independent of the policy setting for this.

  • For client computers:

    History lists may be deleted by the local computer administrator. By default, all items are displayed for all users. To allow only the local computer administrator to view all items, in the Settings tab, select the Advanced tab and clear the option Allow all users to view the full History results.

Automatic Scanning for Malware

What This Feature Does:

Endpoint Protection includes an automatic scanning feature, which scans your computer and alerts you if it detects malware. You can turn automatic scanning on or off and change the frequency and type of scans using the Endpoint Protection Settings tab. You can also choose which actions are automatically applied to software that Endpoint Protection detects during a scheduled scan. For severe/high threats, certain actions will automatically be taken by default to remove the malicious software and protect your computer from potential further infection. Once the malicious software is removed, Endpoint Protection may also reset some Windows settings (such as your home page and search provider). For low/medium threats, we will prompt you to take an action. To modify the actions taken in response to these threats, see the Choice/Control section below.

Information Collected, Processed, or Transmitted:

A list of all malware or suspected malware that Endpoint Protection detected on your computer and the actions taken on these items are stored on your computer. These lists include Endpoint Protection activity for all the local users on the computer. The lists are sent to Microsoft as part of MAPS.

Choice/Control:

While not recommended, you can turn off automatic scanning:

  • Using Configuration Manager:

    Automatic scanning settings can be configured with System Center 2012 Endpoint Protection antimalware policies. You can also configure the actions taken for each level of threats in the antimalware policies.

  • For client computers:

    You can turn off automatic scanning using the Endpoint Protection Settings tab. You can also configure the actions taken for each level of threats.

Real-Time Protection

What This Feature Does:

Endpoint Protection’s real-time protection feature alerts you when viruses, spyware and other potentially unwanted software attempts to install itself or run on your PC. For severe/high threats, certain actions will automatically be taken by default to remove the malicious software and protect your computer from potential further infection. Once the malicious software is removed, Endpoint Protection may also reset some Windows settings (such as your home page and search provider). For low/medium threats, we will prompt you to take an action. To modify the actions taken in response to these threats, see the Choice/Control section below.

Information Collected, Processed, or Transmitted:

A list of all malware or suspected malware that Endpoint Protection detected on your computer and the actions taken on these items are stored on your computer. These lists include Endpoint Protection activity for all the local users on the computer. The lists are sent to Microsoft as part of MAPS.

Choice/Control:

While not recommended, you can turn off real-time protection.

  • Using Configuration Manager:

    Real-time protection settings can be configured with System Center 2012 Endpoint Protection antimalware policies. You can also configure the actions taken for each level of threats in the antimalware policies.

  • For client computers:

    You can turn off real-time protection using the Endpoint Protection Settings tab. You can also configure the actions taken for each level of threats.

Shell Extension

What This Feature Does:

Shell extension is a scanning tool, which lets you select specific files and/or folders and scan them using Endpoint Protection.

Information Collected, Processed, or Transmitted:

A list of all malware or suspected malware that Endpoint Protection detected on your computer and the actions taken on these items are stored on your computer. These lists include Endpoint Protection activity for all the local users on the computer. These lists are sent to Microsoft as part of your basic membership in MAPS.

Choice/Control:

The shell extension feature is a manual tool that you can choose to use or not.

Customer Experience Improvement Program

Applicable products: This feature is not implemented for System Center 2012 Endpoint Protection for Linux or System Center 2012 Endpoint Protection for the Mac.

What This Feature Does:

The Customer Experience Improvement Program (CEIP) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information.

Information Collected, Processed, or Transmitted:

For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at http://go.microsoft.com/fwlink/?LinkID=212772.

Use of Information:

We use this information to improve the quality, reliability, and performance of Microsoft software and services.

Choice/Control:

System Center Endpoint Protection clients deployed through Configuration Manager will have CEIP disabled by default. If you manually install the client you will be prompted whether you want to participate.

If you choose to participate and later change your mind, you can modify the CEIP setting at any time using one of the following procedures.

  • From the System Center Endpoint Protection client UI:

    To change the CEIP settings on the client, from the Help menu, click the link Customer experience improvement program and select I don't want to join the Customer Experience Improvement program or I want to join the Customer Experience Improvement program

  • Registry setting:

    To configure the CEIP setting, create the following registry DWORD value on the Endpoint Protection client computer:

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft AntiMalware\Miscellaneous Configuration\SqmConsentApprove

    • Setting this value to 1 will join the CEIP.

    • Setting this value to 0 will not join the CEIP.

    Restart your computer for this change to take effect.

    After the registry value has been created the user can no longer change this setting from the Endpoint Protection client Help menu.

Microsoft Error Reporting

Applicable products: This feature is not implemented for System Center 2012 Endpoint Protection for Linux or System Center 2012 Endpoint Protection for the Mac.

What This Feature Does:

Microsoft Error Reporting provides a service that allows you to report problems you may be having with Endpoint Protection to Microsoft and to receive information that may help you avoid or solve such problems.

Information collected, processed, or transmitted:

Error reports might unintentionally contain personal information. For example, reports might contain the names of folders on your computer that could include the name of your Windows user account. Microsoft does not use this information to identify you or contact you. To learn more about error reports, see http://go.microsoft.com/fwlink/p/?LinkID=224952.

Use of Information:

We use the error reporting data to solve customer problems and improve our software and services.

Choice/Control:

Error reports will only be sent to Microsoft if you have opted-in to error reporting in your operating system settings.

For clients versions less than 4.0:

You can additionally control whether the reports from Endpoint Protection clients contain the names of folders on your system by creating:

  1. A registry value named "DisableGenericReports" with any type or value under "HKLM\Software\Microsoft\Microsoft Security Essentials"

  2. A registry REG_DWORD value named "DisableGenericReports" with value ‘1’ under "HKLM\Software\Microsoft\Microsoft Antimalware\Reporting”

CautionCaution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.

For clients versioned 4.0 and later:

Folder names will only be included in error reports if you have selected an advanced membership for MAPS.

Microsoft Update

Applicable products: This feature applies to all Endpoint Protection client platforms.

What This Feature Does:

Microsoft update is a service that provides Windows updates as well as updates for other Microsoft software, including Endpoint Protection.

Information collected, processed, or transmitted:

For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at http://go.microsoft.com/fwlink/p/?LinkId=212775.

Use of Information:

For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at http://go.microsoft.com/fwlink/p/?LinkId=212775.

Choice/Control:

When the System Center 2012 Endpoint Protection client is installed on a client by enabling installation of the client in Configuration Manager, it will set the source order for definition updates as configured by the administrator in the antimalware policy. Available sources that can be prioritized in any order or removed from the source list are Microsoft Update, Windows Server Update Services, UNC Path, Microsoft Malware Protection Center, and Configuration Manager software updates.

When the System Center 2012 Endpoint Protection client is installed manually or standalone, it will be configured to use the following sources for definition updates in order: Windows Server Update Services, Microsoft Update, and Microsoft Malware Protection Center.

Installing the System Center 2012 Endpoint Protection client manually or through Configuration Manager client settings will configure sources for definition updates, but does not alter Windows Update settings configured by the user or through policy.

Definition Updates

Applicable products: This feature applies to all Endpoint Protection client platforms.

What This Feature Does:

The System Center Endpoint Protection agent will periodically, including just prior to each scheduled scan, check online for updated virus and spyware definitions. If updated definitions are available they will be downloaded and installed automatically.

The Windows agent will first attempt to use Microsoft Update to check for updated definitions. If Microsoft Update is disabled or not reachable the client will automatically attempt to download definitions from the Microsoft Download Center.

The Mac and Linux agents will attempt to download updates from a Microsoft Partner site.

Information collected, processed, or transmitted:

Standard computer information as well as the current definition version is sent in order to determine if newer definitions are available.

Microsoft Active Protection Service (MAPS)

Applicable products: This feature is not implemented for System Center 2012 Endpoint Protection for Linux or System Center 2012 Endpoint Protection for the Mac.

What This Feature Does:

Microsoft Active Protection Service (MAPS), formerly known as Microsoft SpyNet, is a worldwide online community that includes System Center Endpoint Protection users. By joining MAPS, System Center Endpoint Protection will automatically send information to Microsoft to help Microsoft determine which software to investigate for potential threats and to help improve System Center Endpoint Protection’s effectiveness. This community helps stop the spread of new malicious software infections. If a MAPS report includes details about malware or potentially unwanted software that the Endpoint Protection client may be able to remove, MAPS will download the latest signature to address it. MAPS can also find "false positives" (where something originally identified as malware turns out not to be) and fix them.

Information collected, processed, or transmitted:

MAPS reports include information about the files or programs in question, such as file names, cryptographic hash, vendor, size, and date stamps. In addition, MAPS might collect full URLs to indicate the origin of the file, which might occasionally contain personal information such as search terms or data entered in forms. Reports might also include the actions that were applied after Endpoint Protection raised a notification about detected software. MAPS reports include this information to help Microsoft gauge the effectiveness of Endpoint Protection ability to detect and remove malicious and potentially unwanted software.

Reports are automatically sent to Microsoft when:

  • Endpoint Protection detects software or changes to a computer by software that have not yet been analyzed for risks.

  • You or your administrator apply actions to software that Endpoint Protection has detected.

  • Endpoint Protection completes a scheduled scan and automatically applies actions to software that it detects, according to the configured settings.

  • Encounters an error or other problem.

If MAPS reports new malware to Microsoft that Endpoint Protection can remove, new signatures will be automatically downloaded to your computer, helping to protect your machine more rapidly from potential threats.

Microsoft uses error reports to help Endpoint Protection operate as intended - to help protect your computer against potential threats.

MAPS can be joined with a basic or an advanced membership. Basic member reports contain the information described above. Advanced member reports are more comprehensive and may include additional details about the software Endpoint Protection detects, including the location of such software, file names, how the software operates, and how it has impacted your computer. These reports, along with reports from other Endpoint Protection users who are participating in MAPS, help Microsoft researchers discover new threats more rapidly. Malware definitions are then created for programs that meet the analysis criteria, and the updated definitions are made available to all users through Microsoft Update.

Occasionally, Microsoft might request a Sample Submission report. This report contains specific files from your computer that Microsoft suspects might be potentially unwanted software. The report is used for further analysis. The Endpoint Protection client will prompt each time prior to sending a Sample Submission report to Microsoft.

Additional details regarding data collected can be found in a table at the end of this document.

To help protect your privacy, reports are sent to Microsoft over an encrypted connection.

To help detect and fix certain kinds of malware infections, the product regularly sends MAPS some information about the security state of your PC. This information includes information about your PC’s security settings and log files describing the drivers and other software that load while your PC boots.

For Endpoint Protection client version 4.3 and above - A number that uniquely identifies your PC is also sent. Also, MAPS may collect the IP addresses that the potential malware files connect to.

Use of Information:

MAPS reports are used to improve Microsoft software and services. The reports might also be used for statistical or other testing or analytical purposes, and for generating definitions. Only Microsoft employees, contractors, partners, and vendors who have a business need to use the reports are provided access to them.

MAPS does not intentionally collect personal information. To the extent that MAPS collects any personal information, Microsoft does not use the information to identify you or contact you.

Choice/Control:

  • Using Configuration Manager:

    During Endpoint Protection point role enablement in Configuration Manager the default MAPS membership level can be changed. The default setting will be used when new antimalware policies are created. By default the membership level is set to Basic. The Configuration Manager administrator can decide not to have clients become members of MAPS or to extend client memberships to be advanced memberships. If Advanced Membership is chosen, users will be asked if they want to permit or deny changes made by software that has not yet been classified for risks. Basic members will not be asked to review changes by this software and the changes will be permitted.

    This setting can changed later on the property page for each antimalware policy in Configuration Manager.

  • For client machines:

    In case organizational policy allows you to configure MAPS settings, use the options provided in the Settings tab of the Endpoint Protection client to change membership level.

    To change your membership level:

    1. In the Settings tab, click the entry for MAPS

    2. Select the membership level that you want:

      • To opt-out, select I don’t want to join MAPS

      • To opt-in, select either Basic membership or Advanced membership

      When Endpoint Protection is upgraded, Microsoft will honor your settings until you make a change.

Automatic Sample Submission

Applies to System Center 2012 R2 Endpoint Protection only.

What This Feature Does:

The product contains functionality that may identify certain files as potentially unwanted and may request further information to make an assessment. As described below this feature will automatically send such files without prompting you each time such an action is recommended.

Information collected, processed, or transmitted:

This feature sends specific files from your PC that the product suspects might be potentially unwanted software. The report is used for further analysis. These reports may include information about the files or apps in question, such as file names, cryptographic hash, vendor, size, and date stamps. Reports might also include the actions that you applied when the product notified you that software was detected.

Sample submission reports may be automatically sent to Microsoft when the product detects software or changes to your PC by software that hasn’t been analyzed for risks yet when the following are enabled:

  • Automatic sample submission

  • MAPS

Microsoft uses sample submission reports to help the product operate as intended—to help protect your computer against potential threats.

To help protect your privacy, reports that are sent to Microsoft are encrypted.

Use of Information:

Sample submission reports are used to improve Microsoft software and services. The reports might also be used for statistical or other testing or analytical purposes, and for generating definitions. Only Microsoft employees, contractors, partners, and vendors who have a business need to use the reports are provided access to them. Sample submission reports do not intentionally collect personal information. To the extent that sample submission reports collect any personal information, Microsoft does not use the information to identify you or contact you.

Choice/Control:

  • Using Configuration Manager:

    The Configuration Manager administrator cannot configure this setting for each antimalware policy in Configuration Manager.

  • For client machines:

    Use the options provided in the Settings tab of the Endpoint Protection client to change auto sample submission configuration

    To change your auto sample submission configuration:

    1. In the Settings tab, click the entry for Advanced.

    2. To opt-in, select the box next to Send file samples automatically when further analysis is required.

      When Endpoint Protection is upgraded, Microsoft will honor your settings until you make a change.

Automatic sample submissions operates when Endpoint Protection client has been enabled on your computer and you are enrolled in MAPS at a Basic or Advanced level.

Support Tool

Applicable products: This feature is not implemented for System Center 2012 Endpoint Protection for Linux or System Center 2012 Endpoint Protection for the Mac.

What This Feature Does:

When you call Customer Support with a technical issue, a support technician may ask you to run a support tool. The tool collects technical information required for the support staff to better understand and resolve the issue. You send the information collected by the tool to the support technician by email. The information is not sent automatically.

Information collected, processed, or transmitted:

The tool collects:

  • Product-specific log files, System Center Configuration Manager logs (if applicable) and recent event log entries of your computer and Windows Update.

  • Product Registry settings

  • System Data (OS and drivers data, computer data, applications and processes)

Files sent to the support technician will be automatically deleted 90 days after the Service Request has closed.

Choice/Control:

The user fully controls the collection of the information and its transmission to Microsoft by manually running the tool and manually sending the collected information by email to the support technician.

Antimalware-related data collected for MAPS with a Basic or Advanced membership

Endpoint Protection collects antimalware-related data from your computer to help protect it. The following table explains about the types of data collected and how we use this data.

 

Frequency Information Collected, Processed, or Transmitted Use of Information

Whenever Endpoint Protection updates your virus and spyware protection or definition files

  • Version of virus and spyware definitions

  • Virus and spyware protection version

Endpoint Protection uses this information to ensure that the latest virus and spyware updates are present on your computer. If the latest updates are not present, Endpoint Protection will update itself automatically so that your computer's protection stays up-to-date.

If Endpoint Protection finds potentially harmful or unwanted software on your computer

  • Name of potentially harmful or unwanted software

  • How the software was found

  • Any actions that Endpoint Protection has taken to deal with the software

  • Files affected by the software

  • Information about your computer from the manufacturer (Sysconfig, SysModel, SysMarker)

Endpoint Protection uses this information to determine the type and severity level of potentially unwanted software on your computer, and to determine the best action to take. We also use this information to help improve the accuracy of Endpoint Protection virus and spyware protection.

Note that we collect only the names of affected files, not the contents of the files themselves.

This information helps determine what systems are especially vulnerable to specific threats.

Once a month

  • Virus and spyware definition update status

  • Status of real-time virus and spyware monitoring (on or off)

Endpoint Protection uses this information to verify that your computer has the latest Endpoint Protection virus and spyware protection version, and has the most recent virus and spyware definitions. We also want to make sure that real-time virus and spyware monitoring is turned on, which is a critical part of helping protect your computer from potentially harmful or unwanted software.

During installation, or whenever you manually perform a virus and spyware scan of your computer

  • List of running processes in your computer's memory

To identify any processes that might have been compromised by potentially harmful software.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft