Set-CMAntiMalwarePolicy
Set-CMAntiMalwarePolicy
Changes configuration settings for an antimalware policy for Endpoint Protection.
Syntax
Parameter Set: SetByName
Set-CMAntiMalwarePolicy -Name <String> [-Description <String> ] [-NewName <String> ] [-Priority <PriorityChangeType> {Decrease | Increase} ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetAdvancedSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowUserAddExcludes <Boolean> ] [-AllowUserConfigQuarantinedFileDeletionPeriod <Boolean> ] [-AllowUserViewHistory <Boolean> ] [-CreateSystemRestorePointBeforeClean <Boolean> ] [-DeleteQuarantinedFilesPeriod <Int32> ] [-DisableClientUI <Boolean> ] [-EnableReparsePointScanning <Boolean> ] [-RandomizeScheduledScanStartTime <Boolean> ] [-ShowNotificationMessages <Boolean> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetDefaultActionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-DefaultActionHigh <DefaultActionSevereAndHighType> {Quarantine | Recommended | Remove} ] [-DefaultActionLow <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} ] [-DefaultActionMedium <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} ] [-DefaultActionSevere <DefaultActionSevereAndHighType> {Quarantine | Recommended | Remove} ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetDefintionUpdatesSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AuGracePeriod <Int32> ] [-DefinitionUpdateFileSharesSources <String[]> ] [-EnableSignatureUpdateCatchUpInterval <Boolean> ] [-FallbackOrder {UpdatesDistributedFromConfigurationManager | UpdatesDistributedFromMicrosoftMalwareProtectionCenter | UpdatesDistributedFromMicrosoftUpdate | UpdatesDistributedFromWsus | UpdatesFromUncFileShares}[] ] [-SignatureUpdateInterval <Int32> ] [-SignatureUpdateTime <DateTime> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetExclusionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-ExcludedFilePaths <String[]> ] [-ExcludedFileTypes <String[]> ] [-ExcludedProcesses <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetMicrosoftActiveProtectionServiceSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowUserChangeSpyNetSettings <Boolean> ] [-JoinSpyNet <JoinSpyNetType> {AdvancedMembership | BasicMembership | DoNotJoinMaps} ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetRealtimeProtectionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowClientUserConfigRealTime <Boolean> ] [-MonitorFileProgramActivity <Boolean> ] [-NetworkProtectionAgainstExploits <Boolean> ] [-RealTimeProtectionOn <Boolean> ] [-RealTimeScanOption <RealTimeScanOptionType> {ScanIncomingAndOutgoingFiles | ScanIncomingFilesOnly | ScanOutgoingFilesOnly} ] [-ScanAllDownloaded <Boolean> ] [-UseBehaviorMonitor <Boolean> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetScanSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowClientUserConfigLimitCpuUsage <Boolean> ] [-ScanArchivedFiles <Boolean> ] [-ScanEmail <Boolean> ] [-ScanNetworkDrives <Boolean> ] [-ScanRemovableStorage <Boolean> ] [-ScheduledScanUserControl <ScheduledScanUserControlType> {FullControl | NoControl | ScanTimeOnly} ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetScheduledScanSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-CheckLatestDefinition <Boolean> ] [-EnableCatchUpScan <Boolean> ] [-EnableQuickDailyScan <Boolean> ] [-EnableScheduledScan <Boolean> ] [-LimitCpuUsage <Int32> ] [-ScanWhenClientNotInUse <Boolean> ] [-ScheduledScanQuickTime <DateTime> ] [-ScheduledScanTime <DateTime> ] [-ScheduledScanType <ScheduledScanType> {FullScan | None | QuickScan} ] [-ScheduledScanWeekday <ScheduledScanWeekdayType> {Daily | Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday} ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: SetThreatOverridesSettingsByName
Set-CMAntiMalwarePolicy -Name <String> -OverrideAction <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} -ThreatName <String> [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-CMAntiMalwarePolicy cmdlet changes configuration settings for an antimalware policy for System Center 2012 Endpoint Protection. You can increase or decrease the priority by which an antimalware policy is applied. You can apply an action to the security scope of an antimalware policy.
Parameters
-AllowClientUserConfigLimitCpuUsage<Boolean>
Indicates whether users on client computers can limit CPU usage.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AllowClientUserConfigRealTime<Boolean>
Indicates whether users on client computers can configure real-time protection settings.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AllowUserAddExcludes<Boolean>
Indicates whether users can exclude files and folders, file types, and processes.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AllowUserChangeSpyNetSettings<Boolean>
Indicates whether users can modify Microsoft Active Protection Service settings.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AllowUserConfigQuarantinedFileDeletionPeriod<Boolean>
Indicates whether users can configure the setting for quarantined file deletion.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AllowUserViewHistory<Boolean>
Indicates whether users can view the full History results.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-AuGracePeriod<Int32>
Specifies the number of hours after which clients update from alternative sources. If Configuration Manager is used as a source for definition updates, clients only update from alternative sources if the definition is older than the specified amount of hours.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-CheckLatestDefinition<Boolean>
Indicates whether the policy checks for the latest definition updates before it runs a scan.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-CreateSystemRestorePointBeforeClean<Boolean>
Indicates whether the cmdlet creates a system restore point before computers are cleaned.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DefaultActionHigh<DefaultActionSevereAndHighType>
Specifies the default action taken for the High alert level. The acceptable values for this parameter are:
-- Quarantine
-- Recommended
-- Remove
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DefaultActionLow<DefaultActionMediumAndLowType>
Specifies the default action taken for the Low alert level. The acceptable values for this parameter are:
-- Allow
-- None
-- Quarantine
-- Remove
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DefaultActionMedium<DefaultActionMediumAndLowType>
Specifies the default action taken for the Medium alert level. The acceptable values for this parameter are:
-- Allow
-- None
-- Quarantine
-- Remove
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DefaultActionSevere<DefaultActionSevereAndHighType>
Specifies the default action taken for the Severe alert level. The acceptable values for this parameter are:
-- Quarantine
-- Recommended
-- Remove
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DefinitionUpdateFileSharesSources<String[]>
Specifies the sources and order for Endpoint Protection definition updated.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DeleteQuarantinedFilesPeriod<Int32>
Specifies the number of days after which quarantined files are deleted.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Description<String>
Specifies a description for the antimalware policy.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DisableClientUI<Boolean>
Indicates whether the client user interface is disabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableCatchUpScan<Boolean>
Indicates whether a scan of the selected scan type is forced if a client computer is offline during two or more scheduled scans.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableQuickDailyScan<Boolean>
Indicates whether a daily quick scan is run on client computers.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableReparsePointScanning<Boolean>
Indicates whether reparse point scanning is enabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableScheduledScan<Boolean>
Indicates whether a scheduled scan is run on client computers.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableSignatureUpdateCatchUpInterval<Boolean>
Indicates whether the policy forces a definition update if the client computer is offline for more than two consecutive scheduled updates.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ExcludedFilePaths<String[]>
Specifies an array of excluded files and folders.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ExcludedFileTypes<String[]>
Specifies an array of excluded file types.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ExcludedProcesses<String[]>
Specifies an array of excluded processes.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-FallbackOrder<FallbackOrderType[]>
Specifies an array of fallback order types. The acceptable values for this parameter are:
-- UpdatesDistributedFromConfigurationManager
-- UpdatesDistributedFromMicrosoftMalwareProtectionCenter
-- UpdatesDistributedFromMicrosoftUpdate
-- UpdatesDistributedFromWsus
-- UpdatesFromUncFileShares
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-JoinSpyNet<JoinSpyNetType>
Specifies the Microsoft Active Protection Service membership type. The acceptable values for this parameter are:
-- AdvancedMembership
-- BasicMembership
-- DoNotJoinMaps
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-LimitCpuUsage<Int32>
Specifies the limit CPU usage during scans, in percentage.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-MonitorFileProgramActivity<Boolean>
Indicates whether file and program activity is monitored on the computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Name<String>
Specifies the name of an antimalware policy.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NetworkProtectionAgainstExploits<Boolean>
Indicates whether protection against network-based exploits is enabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NewName<String>
Specifies a new name for the antimalware policy.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-OverrideAction<DefaultActionMediumAndLowType>
Specifies the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings. The acceptable values for this parameter are:
-- Allow
-- None
-- Quarantine
-- Remove
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Priority<PriorityChangeType>
Specifies the priority of an antimalware policy.The acceptable values for this parameter are:
-- Increase
-- Decrease
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-RandomizeScheduledScanStartTime<Boolean>
Indicates whether scheduled scan and definition update start times are randomized within 30 minutes.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-RealTimeProtectionOn<Boolean>
Indicates whether real-time protection is enabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-RealTimeScanOption<RealTimeScanOptionType>
Specifies the system files scan type. The acceptable values for this parameter are:
-- ScanIncomingAndOutgoingFiles
-- ScanIncomingFilesOnly
-- ScanOutgoingFilesOnly
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScanAllDownloaded<Boolean>
Indicates whether all downloaded files and attachments are scanned.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScanArchivedFiles<Boolean>
Indicates whether archived files are scanned.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScanEmail<Boolean>
Indicates whether email and email attachments are scanned.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScanNetworkDrives<Boolean>
Indicates whether network drives are scanned when running a full scan.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScanRemovableStorage<Boolean>
Indicates whether removable storage devices, such as USB drives, are scanned.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScanWhenClientNotInUse<Boolean>
Indicates whether a scheduled scan is started only when the computer is idle.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScheduledScanQuickTime<DateTime>
Specifies the date and time that a daily quick scan is scheduled. To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date
.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScheduledScanTime<DateTime>
Specifies the time of a scheduled scan.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScheduledScanType<ScheduledScanType>
Specifies the type of a scheduled scan. The acceptable values for this parameter are:
-- FullScan
-- None
-- QuickScan
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScheduledScanUserControl<ScheduledScanUserControlType>
Specifies the user control of scheduled scans. The acceptable values for this parameter are:
-- FullControl
-- NoControl
-- ScanTimeOnly
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ScheduledScanWeekday<ScheduledScanWeekdayType>
Specifies the day of the week a scheduled scan runs. The acceptable values for this parameter are:
-- Daily
-- Monday
-- Tuesday
-- Wednesday
-- Thursday
-- Friday
-- Saturday
-- Sunday
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ShowNotificationMessages<Boolean>
Indicates whether notification messages are shown on the client computer when the user must run a full scan, update definitions, or run Windows Defender Offline.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-SignatureUpdateInterval<Int32>
Specifies the interval, in hours, that the policy checks for Endpoint Protection definitions. Specify 0 to disable the check on interval.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-SignatureUpdateTime<DateTime>
Specifies the time that the policy checks for Endpoint Protection definitions.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ThreatName<String>
Specifies the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-UseBehaviorMonitor<Boolean>
Indicates whether behavior monitoring is enabled.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
Example 1: Increase the priority of an antimalware policy
This command increases the priority of the antimalware policy named ContosoPolicy.
PS C:\> Set-CMAntiMalwarePolicy -Priority Increase -Name "ContosoPolicy"