Enabling and disabling malware protection
Applies To: Forefront Client Security
A Client Security policy can enforce virus and spyware protection. When you edit or create a policy, use the Protection tab to configure whether the policy enforces protection for either or both kinds of malware.
By default, a new policy enforces virus and spyware protection.
When enabling malware protection, you have two choices. You can either enforce virus or spyware protection for all client computers to which you deploy the policy that you are creating or editing, or you can allow users to control the use of virus or spyware protection.
For each type of protection—virus and spyware—you have the following three options:
On—The protection is enabled. Users cannot turn it off. Other policy settings are available when at least one protection type is set to On.
Off—The protection is disabled. Users cannot turn it on.
User controlled—Users can control whether the protection is enabled.
The settings for virus protection and spyware protection affect the availability of the following other policy settings:
On the Protection tab, the settings under Malware scanning
On the Advanced tab, all settings
On the Overrides tab, all settings
On the Reporting tab, the settings under SpyNet
When at least one type of protection is set to On, these settings are available in the console. When both types of protection are set to Off, none of these settings are available in the console and users cannot control settings in the Client Security agent UI. When both types of protection are set to User controlled, none of these settings are available and users can control settings in the Client Security agent UI.
To enable malware protection
In the Client Security console, create or edit a policy. For information about creating or editing a policy, see Creating, editing, copying, and deleting policies.
In the New Policy or Edit Policy dialog box, click the Protection tab.
If you want to enable virus protection, do one of the following:
To enforce virus protection for all client computers protected by the policy that you are editing, in the Virus protection list under Malware protection, select On.
To let users control virus protection for all client computers protected by the policy that you are editing, in the Virus protection list under Malware protection, select User controlled.
If the Spyware protection list is not also set to User controlled, users cannot control virus protection.
If you want to enable spyware protection, do one of the following:
To enforce spyware protection for all client computers protected by the policy you are editing, in the Spyware protection list under Malware protection, select On.
To let users control spyware protection for all client computers protected by the policy you are editing, in the Spyware protection list under Malware protection, select User controlled.
If the Virus protection list is not also set to User controlled, users cannot control spyware protection.
After you finish creating or editing the policy, click OK.
To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.
To disable malware protection
In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.
In the New Policy or Edit Policy dialog box, click the Protection tab.
If you want to disable virus protection for all client computers protected by the policy you are editing, in the Virus protection list under Malware protection, select Off.
If you want to disable spyware protection for all client computers protected by the policy you are editing, in the Spyware protection list under Malware protection, select Off.
After you finish creating or editing the policy, click OK.
To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.