SMS_AntimalwareConfig Server WMI Class
The SMS_AntimalwareConfig Windows Management Instrumentation (WMI) class is an SMS Provider server class, in Configuration Manager, that represents the configuration of System Center Endpoint Protection on a client computer.
The following syntax is simplified from Managed Object Format (MOF) code and includes all inherited properties.
Syntax
Class SMS_AntimalwareConfig : SMS_ClientAgentConfig_BaseClass
{
UInt32 AgentID;
Boolean AllowClientUserConfigLimitCPUUsage;
Boolean AllowClientUserConfigRealtime;
Boolean AllowUserAddExcludes;
Boolean AllowUserChangeSpyNetSettings;
Boolean AllowUserConfigAutoSampleSubmission;
Boolean AllowUserConfigQuarantinedFileDeletionPeriod;
Boolean AllowUserViewHistory;
UInt32 AuGracePeriod;
Boolean CheckLatestDefinition;
UInt32 CloudBlockLevel;
Boolean CreateSystemRestorePointBeforeClean;
UInt32 DefaultActionHigh;
UInt32 DefaultActionLow;
UInt32 DefaultActionMedium;
UInt32 DefaultActionSevere;
String DefinitionUpdateFileSharesSources[];
UInt32 DeleteQuarantinedFilesPeriod;
Boolean DisableClientUI;
Boolean EnableAutoSampleSubmission;
Boolean EnableCatchupScan;
Boolean EnableHeuristics;
Boolean EnablePeriodicUpdateHour; (removed in SP1)
Boolean EnablePUAProtection;
Boolean EnableQuickDailyScan;
Boolean EnableReparsePointScanning;
Boolean EnableScheduledScan;
Boolean EnableScriptScanning;
Boolean EnableSignatureUpdateCatchupInterval;
String ExcludedFilePaths[];
String ExcludedFileTypes[];
String ExcludedProcesses[];
String FallbackOrder[];
UInt32 JoinSpyNet;
UInt32 LimitCPUUsage;
Boolean MonitorFileProgramActivity;
Boolean NetworkProtectionAgainstExploits;
String OverrideAction[];
Boolean RandomizeScheduledScanStartTime;
Boolean RealtimeProtectionOn;
UInt32 RealtimeScanOption;
Boolean ScanArchivedFiles;
Boolean ScanEmail;
Boolean ScannAllDownloaded;
Boolean ScanNetworkDrives;
Boolean ScanNetworkDrivesForFullScan;
Boolean ScanRemovableStorage;
Boolean ScanWhenClientNotInUse;
UInt32 ScheduledScanQuickTime;
UInt32 ScheduledScanTime;
UInt32 ScheduledScanType;
UInt32 ScheduledScanUserControl;
UInt32 ScheduledScanWeekDay;
Boolean ShowNotificationMessages;
UInt32 SignatureUpdateCatchupInterval;
UInt32 SignatureUpdateDay;
UInt32 SignatureUpdateInterval;
UInt32 SignatureUpdateTime;
String ThreatName[];
Boolean UseBehaviorMonitor;
};
Methods
The SMS_AntimalwareConfig class doesn't define any methods.
Properties
AgentID
Data type: UInt32
Access type: Read-only
Qualifiers: [key, read]
A unique identifier for the agent.
AllowClientUserConfigLimitCPUUsage
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting configures a local override for the configuration maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy.
If you enable this setting, the local preference setting will take priority over Group Policy.
If you disable or don't configure this setting, Group Policy will take priority over the local preference setting.
AllowClientUserConfigRealtime
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure network protection against exploits of known vulnerabilities.
If you enable or don't configure this setting, network protection will be enabled.
AllowUserAddExcludes
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and exclusions.
If you enable or don't configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. If there are conflicts, Group policy Settings will override preference settings.
If you disable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator.
AllowUserChangeSpyNetSettings
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting configures a local override for the configuration to join Microsoft SpyNet. This setting can only be set by Group Policy.
If you enable this setting, the local preference setting will take priority over Group Policy.
If you disable or don't configure this setting, Group Policy will take priority over the local preference setting.
AllowUserConfigAutoSampleSubmission
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Indicates whether users are allowed to modify auto sample file submission settings.
AllowUserConfigQuarantinedFileDeletionPeriod
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy.
If you enable this setting, the local preference setting will take priority over Group Policy.
If you disable or don't configure this setting, Group Policy will take priority over the local preference setting.
AllowUserViewHistory
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Whether anyone other than the administrator can display history.
AuGracePeriod
Data type: UInt32
Access type: Read/Write
Qualifiers: none
Amount of time in minutes since the client last updated its definition, whereby it will not check an alternative source for definitions. This gives Configuration Manager auto-updates a chance to update the client at an administrator defined interval.
CheckLatestDefinition
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan.
This setting applies to scheduled scans and the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface.
If you enable this setting, a check for new definitions will occur before running a scan.
If you disable this setting, the scan will start using the existing definitions.
CloudBlockLevel
Data type: UInt32
Access type: Read/Write
Qualifiers: None
Level for blocking suspicious files. Possible values are:
| Value | Description |
|---|---|
| (0x0) | Normal |
| (0x2) | High |
CreateSystemRestorePointBeforeClean
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
If you enable this setting, a system restore point will be created.
If you disable or don't configure this setting, a system restore point won't be created.
DefaultActionHigh
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to customize which automatic remediation action will be taken for this threat alert level. Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken.
DefaultActionLow
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to customize which automatic remediation action will be taken for this threat alert level. Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken.
DefaultActionMedium
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to customize which automatic remediation action will be taken for this threat alert level. Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken.
DefaultActionSevere
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to customize which automatic remediation action will be taken for this threat alert level. Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken.
DefinitionUpdateFileSharesSources
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted in the order specified. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources. For example: "{\\unc1 | \\unc2 }". The list is empty by default.
If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
If you disable or don't configure this setting, the list will remain empty by default and no sources will be contacted.
DeleteQuarantinedFilesPeriod
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
If you enable this setting, items will be removed from the Quarantine folder after the number of days specified.
If you disable or don't configure this setting, items will be kept in the quarantine folder indefinitely and won't be automatically removed.
DisableClientUI
Data type: Boolean
Access type: Read/Write
Qualifiers: none
DisableClientUI.
This information applies to System Center 2012 Configuration Manager SP1 or later, and System Center 2012 R2 Configuration Manager or later.
EnableAutoSampleSubmission
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Indicates whether auto sample file submission is enabled. Auto sample file submission helps Microsoft determine whether certain detected items are malicious.
EnableCatchupScan
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure catch-up scans for scheduled full or quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.
If you enable this setting, catch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer. If there is no scheduled scan configured, there will be no catch-up scan run.
If you disable or don't configure this setting, catch-up scans for scheduled full scans will be turned off.
EnableHeuristics
Data type: Boolean
Access type: Read/Write
Qualifiers: none
EnableHeuristics.
This information applies to System Center 2012 Configuration Manager SP1 or later, and System Center 2012 R2 Configuration Manager or later.
EnablePeriodicUpdateHour
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Reserved for future use.
This method/property has been removed or deprecated in Configuration Manager SP1.
EnablePUAProtection
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Indicates whether Potentially Unwanted Applications (PUAs) are blocked at download and prior to installation.
EnableQuickDailyScan
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify the Quick scan type during a scheduled scan.
EnableReparsePointScanning
Data type: Boolean
Access type: Read/Write
Qualifiers: none
EnableReparsePointScanning.
EnableScheduledScan
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Enables running a scan of a defined type on computers. The value that needs to be set here ScheduleDay doesn't = 8, which is never).
EnableScriptScanning
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Reserved for future use.
EnableSignatureUpdateCatchupInterval
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to define the number of days after which a catch-up definition update will be required. By default, the value of this setting is 1 day.
If you enable this setting, a catch-up definition update will occur after the specified number of days.
If you disable or don't configure this setting, a catch-up definition update will be required after the default number of days.
ExcludedFilePaths
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Each entry must be listed as a name value pair, where the name value should be a string representational of the path or fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory and a fully qualified resource name might be defined as: "C:\Windows\App.exe". The data value isn't used and it's recommended that this value be set to 0.
ExcludedFileTypes
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify a list of file types that should be excluded from scheduled and real-time scanning. Each entry must be listed as a name value pair, where the name value should be a string representation of the file type extension. The data value isn't used and it's recommended that this value be set to 0.
ExcludedProcesses
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes. The process itself won't be excluded. To exclude the process, use the Path exclusion. Each entry must be listed as a name value pair, where the name value should be a string representation of the path to the process image. Only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The data value isn't used and it's recommended that this value be set to 0.
FallbackOrder
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: "InternalDefinitionUpdateServer", "MicrosoftUpdateServer", "MMPC", and "FileShares".
For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }
If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list won't be contacted.
If you disable or don't configure this setting, definition update sources will be contacted in a default order.
JoinSpyNet
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to join Microsoft SpyNet. Microsoft SpyNet is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.
You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft won't use this information to identify you or contact you.
Possible options are:
| Value | Join status |
|---|---|
| (0x0) | Disabled (default) |
| (0x1) | Basic membership |
| (0x2) | Advanced membership |
Basic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful.
Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.
If you enable this setting, you'll join Microsoft SpyNet with the membership specified.
If you disable or don't configure this setting, you won't join Microsoft SpyNet.
LimitCPUUsage
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for this setting are a percentage represented by the integers 1 to 100. A value of 0 indicates that there should be no throttling of CPU utilization. The default value is 50.
If you enable this setting, CPU utilization won't exceed the percentage specified.
If you disable or don't configure this setting, CPU utilization won't exceed the default value.
MonitorFileProgramActivity
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It's recommended for use on servers where there are a lot of incoming and outgoing file activities but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role.
This configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes.
The options for this setting are mutually exclusive:
| Value | File scan policy |
|---|---|
| 0 | Scan incoming and outgoing files (default) |
| 1 | Scan incoming files only |
| 2 | Scan outgoing files only |
Any other value, or if the value doesn't exist, resolves to the default (0).
NetworkProtectionAgainstExploits
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure network protection against exploits of known vulnerabilities.
If you enable or don't configure this setting, the network protection will be enabled.
If you disable this setting, the network protection will be disabled.
OverrideAction
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting customizes which remediation action will be taken for each listed Threat ID when it's detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
Valid remediation action values are:
| Value | Remediation action |
|---|---|
| 2 | Quarantine |
| 3 | Remove |
| 6 | Ignore |
RandomizeScheduledScanStartTime
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to enable or disable a randomization of the scheduled scan start time and the scheduled definition update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time.
If you enable or don't configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time.
If you disable this setting, scheduled tasks will begin at the specified start time.
RealtimeProtectionOn
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure real-time protection prompts for detection of known malware. It's recommended that you turn on real-time protection.
If you enable or don't configure this setting, real-time protection prompts will be enabled.
If you disable this setting, real-time protection prompts will be disabled.
RealtimeScanOption
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It's recommended for use on servers where there are a lot of incoming and outgoing file activities but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role.
This configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes.
| Value | File scan policy |
|---|---|
| 0 | Scan incoming and outgoing files (default) |
| 1 | Scan incoming files only |
| 2 | Scan outgoing files only |
Any other value, or if the value doesn't exist, resolves to the default (0).
ScanArchivedFiles
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
If you enable or don't configure this setting, archive files won't be scanned.
If you disable this setting, archive files won't be scanned.
ScanEmail
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex.
If you enable this setting, e-mail scanning will be enabled.
If you disable or don't configure this setting, e-mail scanning will be disabled.
ScanAllDownloaded
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure scanning for all downloaded files and attachments.
If you enable or don't configure this setting, scanning for all downloaded files and attachments will be enabled.
If you disable this setting, scanning for all downloaded files and attachments will be disabled.
ScanNetworkDrives
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure scanning for network files.
If you enable this setting, network files will be scanned.
If you disable or don't configure this setting, network files won't be scanned.
ScanNetworkDrivesForFullScan
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure a full scan for network files.
If you enable this setting, network files will be scanned.
If you disable or don't configure this setting, network files won't be scanned.
ScanRemovableStorage
Data type: Boolean
Access type: Read/Write
Qualifiers: none
Determines whether removable drives (external USB, thumb drives, and others) are scanned during a Full Scan only.
ScanWhenClientNotInUse
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use.
If you enable or don't configure this setting, scheduled scans will only run when the computer is on but not in use.
If you disable this setting, scheduled scans will run at the scheduled time.
ScheduledScanQuickTime
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM.
If you enable this setting, a daily quick scan will run at the time of day specified.
If you disable or don't configure this setting, a daily quick scan will run at a default time.
ScheduledScanTime
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing.
If you enable this setting, a scheduled scan will run at the time of day specified.
If you disable or don't configure this setting, a scheduled scan will run at a default time.
ScheduledScanType
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are:
| Value | Scheduled scan type |
|---|---|
| 1 | Quick Scan (default) |
| 2 | Full Scan |
If you enable this setting, the scan type will be set to the specified value.
If you disable or don't configure this setting, the default scan type will be used.
ScheduledScanUserControl
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting configures a local override for the configuration scheduled scan time. This setting can only be set by Group Policy.
If you enable this setting, the local preference setting will take priority over Group Policy.
If you disable or don't configure this setting, Group Policy will take priority over the local preference setting.
ScheduledScanWeekDay
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.
This setting can be configured with the following ordinal number values:
| Value | Scheduled scan day(s) |
|---|---|
| (0x0) | Every Day |
| (0x1) | Sunday |
| (0x2) | Monday |
| (0x3) | Tuesday |
| (0x4) | Wednesday |
| (0x5) | Thursday |
| (0x6) | Friday |
| (0x7) | Saturday |
| (0x8) | Never (default) |
If you enable this setting, a scheduled scan will run at the frequency specified.
If you disable or don't configure this setting, a scheduled scan will run at a default frequency.
ShowNotificationMessages
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure whether or not to display notifications to clients when they need to perform the following actions:
| Action |
|---|
| Run a full scan |
| Download the latest virus and spyware definitions |
| Download Standalone System Sweeper |
If you enable or don't configure this setting, notifications will be displayed to clients when they need to perform the specified actions.
If you disable this setting, notifications won't be displayed to clients when they need to perform the specified actions.
SignatureUpdateCatchupInterval
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to define the number of days after which a catch-up definition update will be required. By default, the value of this setting is 1 day.
If you enable this setting, a catch-up definition update will occur after the specified number of days.
If you disable or don't configure this setting, a catch-up definition update will be required after the default number of days.
SignatureUpdateDay
Data type: UInt32
Access type: Read/Write
Qualifiers: none
Signature update day. Possible values are:
| Value | Signature update day(s) |
|---|---|
| 0 | Every Day |
| 1 | Sunday |
| 2 | Monday |
| 3 | Tuesday |
| 4 | Wednesday |
| 5 | Thursday |
| 6 | Friday |
| 7 | Saturday |
| 8 | Never (default) |
SignatureUpdateInterval
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify an interval at which to check for definition updates when SignatureUpdateDay is 0. The time value is represented as the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).
If you enable this setting, checks for definition updates will occur at the interval specified.
If you disable or don't configure this setting, checks for definition updates will occur at the default interval.
SignatureUpdateTime
Data type: UInt32
Access type: Read/Write
Qualifiers: none
This policy setting allows you to specify the time of day at which to check for definition updates when SignatureUpdateDay isn't 0. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default this setting is configured to check for definition updates 15 minutes before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring.
If you enable this setting, the check for definition updates will occur at the time of day specified.
If you disable or don't configure this setting, the check for definition updates will occur at the default time.
ThreatName
Data type: String Array
Access type: Read/Write
Qualifiers: none
This policy setting customizes which remediation action will be taken for each listed Threat ID when it's detected during a scan. Threats should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid Threat ID, while the value contains the action ID for the remediation action that should be taken.
Valid remediation action values are:
| Value | Remediation action |
|---|---|
| 2 | Quarantine |
| 3 | Remove |
| 6 | Ignore |
UseBehaviorMonitor
Data type: Boolean
Access type: Read/Write
Qualifiers: none
This policy setting allows you to configure network protection against exploits of known vulnerabilities.
If you enable or don't configure this setting, network protection against exploits of known vulnerabilities will be enabled.
If you disable this setting, network protection against exploits of known vulnerabilities will be disabled.
Remarks
Requirements
Runtime Requirements
For more information, see Configuration Manager Server Runtime Requirements.
Development Requirements
For more information, see Configuration Manager Server Development Requirements.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for