Export (0) Print
Expand All
Expand Minimize

Set-CMAntiMalwarePolicy

Updated: February 7, 2014

Applies To: System Center 2012 R2 Configuration Manager

Set-CMAntiMalwarePolicy

Changes configuration settings for an antimalware policy for Endpoint Protection.

Syntax

Parameter Set: SetByName
Set-CMAntiMalwarePolicy -Name <String> [-Description <String> ] [-NewName <String> ] [-Priority <PriorityChangeType> {Decrease | Increase} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetAdvancedSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowUserAddExcludes <Boolean> ] [-AllowUserConfigQuarantinedFileDeletionPeriod <Boolean> ] [-AllowUserViewHistory <Boolean> ] [-CreateSystemRestorePointBeforeClean <Boolean> ] [-DeleteQuarantinedFilesPeriod <Int32> ] [-DisableClientUI <Boolean> ] [-EnableReparsePointScanning <Boolean> ] [-RandomizeScheduledScanStartTime <Boolean> ] [-ShowNotificationMessages <Boolean> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetDefaultActionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-DefaultActionHigh <DefaultActionSevereAndHighType> {Quarantine | Recommended | Remove} ] [-DefaultActionLow <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} ] [-DefaultActionMedium <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} ] [-DefaultActionSevere <DefaultActionSevereAndHighType> {Quarantine | Recommended | Remove} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetDefintionUpdatesSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AuGracePeriod <Int32> ] [-DefinitionUpdateFileSharesSources <String[]> ] [-EnableSignatureUpdateCatchUpInterval <Boolean> ] [-FallbackOrder {UpdatesDistributedFromConfigurationManager | UpdatesDistributedFromMicrosoftMalwareProtectionCenter | UpdatesDistributedFromMicrosoftUpdate | UpdatesDistributedFromWsus | UpdatesFromUncFileShares}[] ] [-SignatureUpdateInterval <Int32> ] [-SignatureUpdateTime <DateTime> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetExclusionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-ExcludedFilePaths <String[]> ] [-ExcludedFileTypes <String[]> ] [-ExcludedProcesses <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetMicrosoftActiveProtectionServiceSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowUserChangeSpyNetSettings <Boolean> ] [-JoinSpyNet <JoinSpyNetType> {AdvancedMembership | BasicMembership | DoNotJoinMaps} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetRealtimeProtectionSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowClientUserConfigRealTime <Boolean> ] [-MonitorFileProgramActivity <Boolean> ] [-NetworkProtectionAgainstExploits <Boolean> ] [-RealTimeProtectionOn <Boolean> ] [-RealTimeScanOption <RealTimeScanOptionType> {ScanIncomingAndOutgoingFiles | ScanIncomingFilesOnly | ScanOutgoingFilesOnly} ] [-ScanAllDownloaded <Boolean> ] [-UseBehaviorMonitor <Boolean> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetScanSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-AllowClientUserConfigLimitCpuUsage <Boolean> ] [-ScanArchivedFiles <Boolean> ] [-ScanEmail <Boolean> ] [-ScanNetworkDrives <Boolean> ] [-ScanRemovableStorage <Boolean> ] [-ScheduledScanUserControl <ScheduledScanUserControlType> {FullControl | NoControl | ScanTimeOnly} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetScheduledScanSettingsByName
Set-CMAntiMalwarePolicy -Name <String> [-CheckLatestDefinition <Boolean> ] [-EnableCatchUpScan <Boolean> ] [-EnableQuickDailyScan <Boolean> ] [-EnableScheduledScan <Boolean> ] [-LimitCpuUsage <Int32> ] [-ScanWhenClientNotInUse <Boolean> ] [-ScheduledScanQuickTime <DateTime> ] [-ScheduledScanTime <DateTime> ] [-ScheduledScanType <ScheduledScanType> {FullScan | None | QuickScan} ] [-ScheduledScanWeekday <ScheduledScanWeekdayType> {Daily | Friday | Monday | Saturday | Sunday | Thursday | Tuesday | Wednesday} ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: SetThreatOverridesSettingsByName
Set-CMAntiMalwarePolicy -Name <String> -OverrideAction <DefaultActionMediumAndLowType> {Allow | None | Quarantine | Remove} -ThreatName <String> [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Set-CMAntiMalwarePolicy cmdlet changes configuration settings for an antimalware policy for System Center 2012 Endpoint Protection. You can increase or decrease the priority by which an antimalware policy is applied, and you can apply an action to the security scope of an antimalware policy.

Parameters

-AllowClientUserConfigLimitCpuUsage<Boolean>

Indicates whether users on client computers are allowed to limit CPU usage.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowClientUserConfigRealTime<Boolean>

Indicates whether users on client computers are allowed to configure real-time protection settings.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserAddExcludes<Boolean>

Indicates whether users are allowed to exclude files and folders, file types, and processes.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserChangeSpyNetSettings<Boolean>

Indicates whether users are allowed to modify Microsoft Active Protection Service settings.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserConfigQuarantinedFileDeletionPeriod<Boolean>

Indicates whether users are allowed to configure the setting for quarantined file deletion.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AllowUserViewHistory<Boolean>

Indicates whether users are allowed to view the full History results.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-AuGracePeriod<Int32>

Specifies the number of hours after which clients update from alternative sources. If Configuration Manager is used as a source for definition updates, clients only update from alternative sources if the definition is older than the specified amount of hours.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CheckLatestDefinition<Boolean>

Indicates whether the policy checks for the latest definition updates before running a scan.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CreateSystemRestorePointBeforeClean<Boolean>

Indicates whether the cmdlet creates a system restore point before computers are cleaned.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionHigh<DefaultActionSevereAndHighType>

Specifies the default action taken for the High alert level. Valid values are:

-- Quarantine
-- Recommended
-- Remove


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionLow<DefaultActionMediumAndLowType>

Specifies the default action taken for the Low alert level. Valid values are:

-- Allow
-- None
-- Quarantine
-- Remove


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionMedium<DefaultActionMediumAndLowType>

Specifies the default action taken for the Medium alert level. Valid values are:

-- Allow
-- None
-- Quarantine
-- Remove


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefaultActionSevere<DefaultActionSevereAndHighType>

Specifies the default action taken for the Severe alert level. Valid values are:

-- Quarantine
-- Recommended
-- Remove


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DefinitionUpdateFileSharesSources<String[]>

Specifies the sources and order for Endpoint Protection definition updated.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DeleteQuarantinedFilesPeriod<Int32>

Specifies the number of days after which quarantined files are deleted.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Description<String>

Specifies a description for the antimalware policy.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-DisableClientUI<Boolean>

Indicates whether the client user interface is disabled.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableCatchUpScan<Boolean>

Indicates whether a scan of the selected scan type is forced if a client computer is offline during two or more scheduled scans.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableQuickDailyScan<Boolean>

Indicates that a daily quick scan is run on client computers.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableReparsePointScanning<Boolean>

Indicates whether reparse point scanning is enabled.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableScheduledScan<Boolean>

Indicates whether a scheduled scan is run on client computers.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EnableSignatureUpdateCatchUpInterval<Boolean>

Indicates whether the policy forces a definition update if the client computer is offline for more than two consecutive scheduled updates.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExcludedFilePaths<String[]>

Specifies an array of excluded files and folders.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExcludedFileTypes<String[]>

Specifies an array of excluded file types.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ExcludedProcesses<String[]>

Specifies an array of excluded processes.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-FallbackOrder<FallbackOrderType[]>

Specifies an array of fallback order types. Valid values are:

-- UpdatesDistributedFromConfigurationManager
-- UpdatesDistributedFromMicrosoftMalwareProtectionCenter
-- UpdatesDistributedFromMicrosoftUpdate
-- UpdatesDistributedFromWsus
-- UpdatesFromUncFileShares


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-JoinSpyNet<JoinSpyNetType>

Specifies the Microsoft Active Protection Service membership type. Valid values are:

-- AdvancedMembership
-- BasicMembership
-- DoNotJoinMaps


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-LimitCpuUsage<Int32>

Specifes the limit CPU usage during scans, in percentage.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-MonitorFileProgramActivity<Boolean>

Indicates whether file and program activity is monitoried on the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Name<String>

Specifies the name of an antimalware policy.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-NetworkProtectionAgainstExploits<Boolean>

Indicates whether protection against network-based exploits is enabled.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-NewName<String>

Specifies a new name for the antimalware policy.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-OverrideAction<DefaultActionMediumAndLowType>

Specifies the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings. Valid values are:

-- Allow
-- None
-- Quarantine
-- Remove


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Priority<PriorityChangeType>

Specifies the priority of an antimalware policy. Valid values are:

-- Increase
-- Decrease


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RandomizeScheduledScanStartTime<Boolean>

Indicates whether scheduled scan and definition update start times are randomized (within 30 minutes).


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RealTimeProtectionOn<Boolean>

Indicates whether real-time protection is enabled.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RealTimeScanOption<RealTimeScanOptionType>

Specifies the system files scan type. Valid values are:

-- ScanIncomingAndOutgoingFiles
-- ScanIncomingFilesOnly
-- ScanOutgoingFilesOnly


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanAllDownloaded<Boolean>

Indicates whether all downloaded files and attachments are scanned.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanArchivedFiles<Boolean>

Indicates whether archived files are scanned.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanEmail<Boolean>

Indicates whether email and email attachments are scanned.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanNetworkDrives<Boolean>

Indicates whether network drives are scanned when running a full scan.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanRemovableStorage<Boolean>

Indicates whether removable storage devices, such as USB drives, are scanned.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScanWhenClientNotInUse<Boolean>

Indicates whether a scheduled scan is started only when the computer is idle.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanQuickTime<DateTime>

Specifies the date and time that a daily quick scan is scheduled. To obtain a DateTime object, use the Get-Date cmdlet. For more information, type Get-Help Get-Date.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanTime<DateTime>

Specifies the time of a scheduled scan. To obtain a DateTime object, use the Get-Date cmdlet.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanType<ScheduledScanType>

Specifies the type of a scheduled scan. Valid values are:

-- FullScan
-- None
-- QuickScan


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanUserControl<ScheduledScanUserControlType>

Specifies the user control of scheduled scans. Valid values are:

-- FullControl
-- NoControl
-- ScanTimeOnly


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ScheduledScanWeekday<ScheduledScanWeekdayType>

Specifies the day of the week a scheduled scan runs. Valid values are:

-- Daily
-- Monday
-- Tuesday
-- Wednesday
-- Thursday
-- Friday
-- Saturday
-- Sunday


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ShowNotificationMessages<Boolean>

Indicates whether notification messages are shown on the client computer when the user needs to run a full scan, update definitions, or run Windows Defender Offline.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SignatureUpdateInterval<Int32>

Specifies the interval, in hours, that the policy checks for Endpoint Protection definitions. Specify 0 to disable the check on interval.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SignatureUpdateTime<DateTime>

Specifies the time that the policy checks for Endpoint Protection definitions. To obtain a DateTime object, use the Get-Date cmdlet.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ThreatName<String>

Specifies the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-UseBehaviorMonitor<Boolean>

Indicates whether behavior monitoring is enabled.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before executing the command.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Describes what would happen if you executed the command without actually executing the command.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Increase the priority of an antimalware policy

This command increases the priority of the antimalware policy named ContosoPolicy.


PS C:\> Set-CMAntiMalwarePolicy -Priority Increase -Name "ContosoPolicy"

Related topics

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft