Set-CMAntiMalwarePolicy

Set-CMAntiMalwarePolicy

Changes configuration settings for an antimalware policy for Endpoint Protection.

Syntax

Parameter Set: SetByName
Set-CMAntiMalwarePolicy -Name <String> [-Description <String> ] [-NewName <String> ] [-Priority <PriorityChangeType> {Decrease | Increase} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetAdvancedSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowUserAddExcludes <Boolean> ] [-AllowUserConfigQuarantinedFileDeletionPeriod <Boolean> ] [-AllowUserViewHistory <Boolean> ] [-CreateSystemRestorePointBeforeClean <Boolean> ] [-DeleteQuarantinedFilesPeriod <Int32> ] [-DisableClientUI <Boolean> ] [-EnableReparsePointScanning <Boolean> ] [-RandomizeScheduledScanStartTime <Boolean> ] [-ShowNotificationMessages <Boolean> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetDefaultActionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-DefaultActionHigh <DefaultActionSevereAndHighType> {Quarantine | Recommended | Remove} ] [-DefaultActionLow <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} ] [-DefaultActionMedium <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} ] [-DefaultActionSevere <DefaultActionSevereAndHighType> {Quarantine | Recommended | Remove} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetDefintionUpdatesSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AuGracePeriod <Int32> ] [-DefinitionUpdateFileSharesSources <String[]> ] [-EnableSignatureUpdateCatchUpInterval <Boolean> ] [-FallbackOrder {UpdatesDistributedFromConfigurationManager | UpdatesDistributedFromMicrosoftMalwareProtectionCenter | UpdatesDistributedFromMicrosoftUpdate | UpdatesDistributedFromWsus | UpdatesFromUncFileShares}[] ] [-SignatureUpdateInterval <Int32> ] [-SignatureUpdateTime <DateTime> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetExclusionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-ExcludedFilePaths <String[]> ] [-ExcludedFileTypes <String[]> ] [-ExcludedProcesses <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetMicrosoftActiveProtectionServiceSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowUserChangeSpyNetSettings <Boolean> ] [-JoinSpyNet <JoinSpyNetType> {AdvancedMembership | BasicMembership | DoNotJoinMaps} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetRealtimeProtectionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowClientUserConfigRealTime <Boolean> ] [-MonitorFileProgramActivity <Boolean> ] [-NetworkProtectionAgainstExploits <Boolean> ] [-RealTimeProtectionOn <Boolean> ] [-RealTimeScanOption <RealTimeScanOptionType> {ScanIncomingAndOutgoingFiles | ScanIncomingFilesOnly | ScanOutgoingFilesOnly} ] [-ScanAllDownloaded <Boolean> ] [-UseBehaviorMonitor <Boolean> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetScanSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowClientUserConfigLimitCpuUsage <Boolean> ] [-ScanArchivedFiles <Boolean> ] [-ScanEmail <Boolean> ] [-ScanNetworkDrives <Boolean> ] [-ScanRemovableStorage <Boolean> ] [-ScheduledScanUserControl <ScheduledScanUserControlType> {FullControl | NoControl | ScanTimeOnly} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetScheduledScanSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-CheckLatestDefinition <Boolean> ] [-EnableCatchUpScan <Boolean> ] [-EnableQuickDailyScan <Boolean> ] [-EnableScheduledScan <Boolean> ] [-LimitCpuUsage <Int32> ] [-ScanWhenClientNotInUse <Boolean> ] [-ScheduledScanQuickTime <DateTime> ] [-ScheduledScanTime <DateTime> ] [-ScheduledScanType <ScheduledScanType> {FullScan | None | QuickScan} ] [-ScheduledScanWeekday <ScheduledScanWeekdayType> {Daily | Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetThreatOverridesSettingsByName
Set-CMAntiMalwarePolicy -Name <String> -OverrideAction <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} -ThreatName <String> [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-CMAntiMalwarePolicy cmdlet changes configuration settings for an antimalware policy for System Center 2012 Endpoint Protection. You can increase or decrease the priority by which an antimalware policy is applied. You can apply an action to the security scope of an antimalware policy.

Parameters

-AllowClientUserConfigLimitCpuUsage<Boolean>

Indicates whether users on client computers can limit CPU usage.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowClientUserConfigRealTime<Boolean>

Indicates whether users on client computers can configure real-time protection settings.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserAddExcludes<Boolean>

Indicates whether users can exclude files and folders, file types, and processes.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserChangeSpyNetSettings<Boolean>

Indicates whether users can modify Microsoft Active Protection Service settings.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserConfigQuarantinedFileDeletionPeriod<Boolean>

Indicates whether users can configure the setting for quarantined file deletion.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserViewHistory<Boolean>

Indicates whether users can view the full History results.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AuGracePeriod<Int32>

Specifies the number of hours after which clients update from alternative sources. If Configuration Manager is used as a source for definition updates, clients only update from alternative sources if the definition is older than the specified amount of hours.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CheckLatestDefinition<Boolean>

Indicates whether the policy checks for the latest definition updates before it runs a scan.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CreateSystemRestorePointBeforeClean<Boolean>

Indicates whether the cmdlet creates a system restore point before computers are cleaned.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionHigh<DefaultActionSevereAndHighType>

Specifies the default action taken for the High alert level. The acceptable values for this parameter are:

-- Quarantine
-- Recommended
-- Remove

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionLow<DefaultActionMediumAndLowType>

Specifies the default action taken for the Low alert level. The acceptable values for this parameter are:

-- Allow
-- None
-- Quarantine
-- Remove

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionMedium<DefaultActionMediumAndLowType>

Specifies the default action taken for the Medium alert level. The acceptable values for this parameter are:

-- Allow
-- None
-- Quarantine
-- Remove

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionSevere<DefaultActionSevereAndHighType>

Specifies the default action taken for the Severe alert level. The acceptable values for this parameter are:

-- Quarantine
-- Recommended
-- Remove

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefinitionUpdateFileSharesSources<String[]>

Specifies the sources and order for Endpoint Protection definition updated.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeleteQuarantinedFilesPeriod<Int32>

Specifies the number of days after which quarantined files are deleted.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Description<String>

Specifies a description for the antimalware policy.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DisableClientUI<Boolean>

Indicates whether the client user interface is disabled.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableCatchUpScan<Boolean>

Indicates whether a scan of the selected scan type is forced if a client computer is offline during two or more scheduled scans.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableQuickDailyScan<Boolean>

Indicates whether a daily quick scan is run on client computers.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableReparsePointScanning<Boolean>

Indicates whether reparse point scanning is enabled.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableScheduledScan<Boolean>

Indicates whether a scheduled scan is run on client computers.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableSignatureUpdateCatchUpInterval<Boolean>

Indicates whether the policy forces a definition update if the client computer is offline for more than two consecutive scheduled updates.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExcludedFilePaths<String[]>

Specifies an array of excluded files and folders.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExcludedFileTypes<String[]>

Specifies an array of excluded file types.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExcludedProcesses<String[]>

Specifies an array of excluded processes.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-FallbackOrder<FallbackOrderType[]>

Specifies an array of fallback order types. The acceptable values for this parameter are:

-- UpdatesDistributedFromConfigurationManager
-- UpdatesDistributedFromMicrosoftMalwareProtectionCenter
-- UpdatesDistributedFromMicrosoftUpdate
-- UpdatesDistributedFromWsus
-- UpdatesFromUncFileShares

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-JoinSpyNet<JoinSpyNetType>

Specifies the Microsoft Active Protection Service membership type. The acceptable values for this parameter are:

-- AdvancedMembership
-- BasicMembership
-- DoNotJoinMaps

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-LimitCpuUsage<Int32>

Specifies the limit CPU usage during scans, in percentage.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-MonitorFileProgramActivity<Boolean>

Indicates whether file and program activity is monitored on the computer.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Name<String>

Specifies the name of an antimalware policy.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-NetworkProtectionAgainstExploits<Boolean>

Indicates whether protection against network-based exploits is enabled.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-NewName<String>

Specifies a new name for the antimalware policy.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-OverrideAction<DefaultActionMediumAndLowType>

Specifies the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings. The acceptable values for this parameter are:

-- Allow
-- None
-- Quarantine
-- Remove

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Priority<PriorityChangeType>

Specifies the priority of an antimalware policy.The acceptable values for this parameter are:

-- Increase
-- Decrease

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RandomizeScheduledScanStartTime<Boolean>

Indicates whether scheduled scan and definition update start times are randomized within 30 minutes.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RealTimeProtectionOn<Boolean>

Indicates whether real-time protection is enabled.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RealTimeScanOption<RealTimeScanOptionType>

Specifies the system files scan type. The acceptable values for this parameter are:

-- ScanIncomingAndOutgoingFiles
-- ScanIncomingFilesOnly
-- ScanOutgoingFilesOnly

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanAllDownloaded<Boolean>

Indicates whether all downloaded files and attachments are scanned.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanArchivedFiles<Boolean>

Indicates whether archived files are scanned.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanEmail<Boolean>

Indicates whether email and email attachments are scanned.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanNetworkDrives<Boolean>

Indicates whether network drives are scanned when running a full scan.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanRemovableStorage<Boolean>

Indicates whether removable storage devices, such as USB drives, are scanned.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanWhenClientNotInUse<Boolean>

Indicates whether a scheduled scan is started only when the computer is idle.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanQuickTime<DateTime>

Specifies the date and time that a daily quick scan is scheduled. To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanTime<DateTime>

Specifies the time of a scheduled scan.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanType<ScheduledScanType>

Specifies the type of a scheduled scan. The acceptable values for this parameter are:

-- FullScan
-- None
-- QuickScan

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanUserControl<ScheduledScanUserControlType>

Specifies the user control of scheduled scans. The acceptable values for this parameter are:

-- FullControl
-- NoControl
-- ScanTimeOnly

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanWeekday<ScheduledScanWeekdayType>

Specifies the day of the week a scheduled scan runs. The acceptable values for this parameter are:

-- Daily
-- Monday
-- Tuesday
-- Wednesday
-- Thursday
-- Friday
-- Saturday
-- Sunday

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ShowNotificationMessages<Boolean>

Indicates whether notification messages are shown on the client computer when the user must run a full scan, update definitions, or run Windows Defender Offline.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SignatureUpdateInterval<Int32>

Specifies the interval, in hours, that the policy checks for Endpoint Protection definitions. Specify 0 to disable the check on interval.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SignatureUpdateTime<DateTime>

Specifies the time that the policy checks for Endpoint Protection definitions.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ThreatName<String>

Specifies the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-UseBehaviorMonitor<Boolean>

Indicates whether behavior monitoring is enabled.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Increase the priority of an antimalware policy

This command increases the priority of the antimalware policy named ContosoPolicy.

PS C:\> Set-CMAntiMalwarePolicy -Priority Increase -Name "ContosoPolicy"

Export-CMAntimalwarePolicy

Get-CMAntiMalwarePolicy

Import-CMAntimalwarePolicy

Merge-CMAntimalwarePolicy

New-CMAntimalwarePolicy

Remove-CMAntiMalwarePolicy