Set method of the MSFT_MpPreference class

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

uint32 Set(
  [in] string   ExclusionPath[],
  [in] string   ExclusionExtension[],
  [in] string   ExclusionProcess[],
  [in] uint32   QuarantinePurgeItemsAfterDelay,
  [in] uint8    RealTimeScanDirection,
  [in] uint8    RemediationScheduleDay,
  [in] DateTime RemediationScheduleTime,
  [in] uint32   ReportingAdditionalActionTimeOut,
  [in] uint32   ReportingCriticalFailureTimeOut,
  [in] uint32   ReportingNonCriticalTimeOut,
  [in] uint8    ScanAvgCPULoadFactor,
  [in] boolean  CheckForSignaturesBeforeRunningScan,
  [in] uint32   ScanPurgeItemsAfterDelay,
  [in] boolean  ScanOnlyIfIdleEnabled,
  [in] uint8    ScanParameters,
  [in] uint8    ScanScheduleDay,
  [in] DateTime ScanScheduleQuickScanTime,
  [in] DateTime ScanScheduleTime,
  [in] uint32   SignatureFirstAuGracePeriod,
  [in] uint32   SignatureAuGracePeriod,
  [in] string   SignatureDefinitionUpdateFileSharesSources,
  [in] boolean  SignatureDisableUpdateOnStartupWithoutEngine,
  [in] string   SignatureFallbackOrder,
  [in] uint8    SignatureScheduleDay,
  [in] DateTime SignatureScheduleTime,
  [in] uint32   SignatureUpdateCatchupInterval,
  [in] uint32   SignatureUpdateInterval,
  [in] uint8    MAPSReporting,
       boolean  DisablePrivacyMode,
  [in] boolean  RandomizeScheduleTaskTimes,
  [in] boolean  DisableBehaviorMonitoring,
  [in] boolean  DisableIntrusionPreventionSystem,
  [in] boolean  DisableIOAVProtection,
  [in] boolean  DisableRealtimeMonitoring,
  [in] boolean  DisableScriptScanning,
  [in] boolean  DisableArchiveScanning,
  [in] boolean  DisableCatchupFullScan,
  [in] boolean  DisableCatchupQuickScan,
  [in] boolean  DisableEmailScanning,
  [in] boolean  DisableRemovableDriveScanning,
  [in] boolean  DisableRestorePoint,
  [in] boolean  DisableScanningMappedNetworkDrivesForFullScan,
  [in] boolean  DisableScanningNetworkFiles,
  [in] boolean  UILockdown,
  [in] sint64   ThreatIDDefaultAction_Ids[],
  [in] uint8    ThreatIDDefaultAction_Actions[],
  [in] uint8    UnknownThreatDefaultAction,
  [in] uint8    LowThreatDefaultAction,
  [in] uint8    ModerateThreatDefaultAction,
  [in] uint8    HighThreatDefaultAction,
  [in] uint8    SevereThreatDefaultAction,
  [in] boolean  Force
);

Parameters

ExclusionPath [in]

Allows an administrator to explicitly disable a scan from checking any of the paths listed.

ExclusionExtension [in]

Allows an administrator to explicitly disable a scan from checking any of the extensions listed.

ExclusionProcess [in]

Allows an administrator to explicitly disable a scan from checking any of the processes listed.

QuarantinePurgeItemsAfterDelay [in]

Indicates how many days items should kept in Quarantine folder before being removed.

RealTimeScanDirection [in]

Real-time scan direction - Enumeration

Both (0)

Incoming (1)

Outcoming (2)

RemediationScheduleDay [in]

Indicates what day of the week to perform the scheduled full scan to complete remediation.

Every Day (0)

Sunday (1)

Monday (2)

Tuesday (3)

Wednesday (4)

Thursday (5)

Friday (6)

Saturday (7)

Never (8)

RemediationScheduleTime [in]

Indicates what time to perform the scheduled full scan to complete remediation.

ReportingAdditionalActionTimeOut [in]

Configure timeout for detections requiring additional action.

ReportingCriticalFailureTimeOut [in]

Time in minutes for a detection in the 'critically failed' state to move to either 'additional action' or 'cleared' state.

ReportingNonCriticalTimeOut [in]

Time in minutes for a detection in the 'failed' state to move to the 'cleared' state.

ScanAvgCPULoadFactor [in]

Specify the maximum percentage of CPU utilization during a scan. This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 5 to 100. A value of 0 indicates that there should be no throttling of CPU utilization.

CheckForSignaturesBeforeRunningScan [in]

When set, Windows Defender will check for new signatures before running a scan. If new signatures are found they will be downloaded and installed before the scan begins. If no new signatures are found, the scan will start based on the existing signatures.

ScanPurgeItemsAfterDelay [in]

Turn on removal of items from scan history folder. This setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not be automatically removed.

ScanOnlyIfIdleEnabled [in]

Run scheduled scans only if system is idle.

ScanParameters [in]

Specify the scan type to use for a scheduled scan.

Quick Scan (1)

Full Scan (2)

ScanScheduleDay [in]

Specify the day of the week to run a scheduled scan.

Every Day (0)

Sunday (1)

Monday (2)

Tuesday (3)

Wednesday (4)

Thursday (5)

Friday (6)

Saturday (7)

Never (8)

ScanScheduleQuickScanTime [in]

Specify the time of day to run a scheduled quick scan.

ScanScheduleTime [in]

Specify the time of day to run a scheduled scan.

SignatureFirstAuGracePeriod [in]

Aborts any service-initiated update immediately after first install by the configured amount of time.

SignatureAuGracePeriod [in]

Overrides CheckForSignatureBeforeRunningScan. Aborts any service-initiated update if signature was updated successfully within this amount of time. Time in minutes.

SignatureDefinitionUpdateFileSharesSources [in]

Defines the file shares for downloading definition updates. setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: {\\unc1 | \\unc2 }. The list is empty by default.

SignatureDisableUpdateOnStartupWithoutEngine [in]

When set to true, AM Service will not initiate definition update on start-up, regardless of whether an Engine is present or not.

SignatureFallbackOrder [in]

Define the order of sources for downloading definition updates This setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: 'InternalDefinitionUpdateServer' 'MicrosoftUpdateServer' 'MMPC' 'FileShares'

SignatureScheduleDay [in]

Indicates the day of the week in which signature updates occur. If set to zero then signature update occurs daily.

Every Day (0)

Sunday (1)

Monday (2)

Tuesday (3)

Wednesday (4)

Thursday (5)

Friday (6)

Saturday (7)

Never (8)

SignatureScheduleTime [in]

Specifies the time at which signature update check happens. By default the signatures are checked before the scheduled scan.

SignatureUpdateCatchupInterval [in]

Defines the number of days after which a catch-up signature is warranted. Works with SignatureUpdateLastChecked. 0 = no catch-up, 1 = 1 day, 2 = 2 days, etc.

SignatureUpdateInterval [in]

The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).

MAPSReporting [in]

Join Microsoft MAPS.

Disabled (0)

Basic (1)

Advanced (2)

DisablePrivacyMode

Disable privacy mode.

RandomizeScheduleTaskTimes [in]

This setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.

DisableBehaviorMonitoring [in]

Disable behavior monitoring.

DisableIntrusionPreventionSystem [in]

Disable intrusion prevention system.

DisableIOAVProtection [in]

Disable IOAV protection.

DisableRealtimeMonitoring [in]

Disable real-time monitoring.

DisableScriptScanning [in]

Disable script scanning.

DisableArchiveScanning [in]

Disable archive scanning.

DisableCatchupFullScan [in]

Disable catch-up full scan. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.

DisableCatchupQuickScan [in]

Disable catch-up quick scan. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.

DisableEmailScanning [in]

Disable email scanning.

DisableRemovableDriveScanning [in]

Disable removable drive scanning.

DisableRestorePoint [in]

Disables restore point.

DisableScanningMappedNetworkDrivesForFullScan [in]

Disable running full scan on mapped network drives.

DisableScanningNetworkFiles [in]

Disables scanning network files.

UILockdown [in]

Enable UI Lockdown mode.

ThreatIDDefaultAction_Ids [in]

The Ids of threats upon which default action should not be taken when detected. The actions in ThreatIDDefaultAction_Actions need to be specified in the same order as the Ids in ThreatIDDefaultAction_Ids

ThreatIDDefaultAction_Actions [in]

Default actions for threats upon which default action should not be taken when detected. The actions need to be in the same order as their respective Ids specified in the ThreatIDDefaultAction_Ids property.

Clean (1)

Quarantine (2)

Remove (3)

Allow (6)

UserDefined (8)

NoAction (9)

Block (10)

UnknownThreatDefaultAction [in]

Default action for unknown threats.

Clean (1)

Quarantine (2)

Remove (3)

Allow (6)

UserDefined (8)

NoAction (9)

Block (10)

LowThreatDefaultAction [in]

Default action for low severity threats.

Clean (1)

Quarantine (2)

Remove (3)

Allow (6)

UserDefined (8)

NoAction (9)

Block (10)

ModerateThreatDefaultAction [in]

Default action for moderate severity threats.

Clean (1)

Quarantine (2)

Remove (3)

Allow (6)

UserDefined (8)

NoAction (9)

Block (10)

HighThreatDefaultAction [in]

Default action for high severity threats.

Clean (1)

Quarantine (2)

Remove (3)

Allow (6)

UserDefined (8)

NoAction (9)

Block (10)

SevereThreatDefaultAction [in]

Default action for severe severity threats.

Clean (1)

Quarantine (2)

Remove (3)

Allow (6)

UserDefined (8)

NoAction (9)

Block (10)

Force [in]

A user confirmation is sought by default by this cmdlet. If -Force is specified, the default confirmation is not sought from the user.

Requirements

Minimum supported client
Windows 8.1 [desktop apps only]
Minimum supported server
Windows Server 2012 R2 [desktop apps only]
Namespace
Root\Microsoft\Windows\Defender
MOF
ProtectionManagement.mof
DLL
ProtectionManagement.dll

See also

MSFT_MpPreference