Set-CMAntimalwarePolicy
Configure settings for an endpoint protection antimalware policy.
Syntax
Set-CMAntimalwarePolicy
[-Description <String>]
-Name <String>
[-NewName <String>]
[-PassThru]
[-Priority <PriorityChangeType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddDefinitionUpdateFileShare <String[]>]
[-CleanDefinitionUpdateFileShare]
[-DefinitionUpdateFileShare <String[]>]
[-EnableSignatureUpdateCatchup <Boolean>]
[-FallbackOrder <FallbackOrderType[]>]
[-FallbackToAlternateSourceHr <Int32>]
-Name <String>
[-PassThru]
[-RemoveDefinitionUpdateFileShare <String[]>]
[-SignatureUpdateHr <Int32>]
[-SignatureUpdateTime <DateTime>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddDefinitionUpdateFileShare <String[]>]
[-CleanDefinitionUpdateFileShare]
[-DefinitionUpdateFileShare <String[]>]
[-EnableSignatureUpdateCatchup <Boolean>]
[-FallbackOrder <FallbackOrderType[]>]
[-FallbackToAlternateSourceHr <Int32>]
-InputObject <IResultObject>
[-PassThru]
[-RemoveDefinitionUpdateFileShare <String[]>]
[-SignatureUpdateHr <Int32>]
[-SignatureUpdateTime <DateTime>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddExcludedFilePath <String[]>]
[-AddExcludedFileType <String[]>]
[-AddExcludedProcess <String[]>]
[-CleanExcludedFilePath]
[-CleanExcludedFileType]
[-CleanExcludedProcess]
[-ExcludeFilePath <String[]>]
[-ExcludeFileType <String[]>]
[-ExcludeProcess <String[]>]
-Name <String>
[-PassThru]
[-RemoveExcludedFilePath <String[]>]
[-RemoveExcludedFileType <String[]>]
[-RemoveExcludedProcess <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddExcludedFilePath <String[]>]
[-AddExcludedFileType <String[]>]
[-AddExcludedProcess <String[]>]
[-CleanExcludedFilePath]
[-CleanExcludedFileType]
[-CleanExcludedProcess]
[-ExcludeFilePath <String[]>]
[-ExcludeFileType <String[]>]
[-ExcludeProcess <String[]>]
-InputObject <IResultObject>
[-PassThru]
[-RemoveExcludedFilePath <String[]>]
[-RemoveExcludedFileType <String[]>]
[-RemoveExcludedProcess <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddThreat <Hashtable>]
[-CleanThreat]
-Name <String>
[-OverrideAction <DefaultActionMediumAndLowType[]>]
[-PassThru]
[-RemoveThreat <String[]>]
[-ThreatName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddThreat <Hashtable>]
[-CleanThreat]
-InputObject <IResultObject>
[-OverrideAction <DefaultActionMediumAndLowType[]>]
[-PassThru]
[-RemoveThreat <String[]>]
[-ThreatName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigLimitCpuUsage <Boolean>]
[-FullScanNetworkDrive <Boolean>]
-Name <String>
[-PassThru]
[-ScanArchive <Boolean>]
[-ScanEmail <Boolean>]
[-ScanNetworkDrive <Boolean>]
[-ScanRemovableStorage <Boolean>]
[-ScheduledScanUserControl <ScheduledScanUserControlType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigLimitCpuUsage <Boolean>]
[-FullScanNetworkDrive <Boolean>]
-InputObject <IResultObject>
[-PassThru]
[-ScanArchive <Boolean>]
[-ScanEmail <Boolean>]
[-ScanNetworkDrive <Boolean>]
[-ScanRemovableStorage <Boolean>]
[-ScheduledScanUserControl <ScheduledScanUserControlType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigRealTime <Boolean>]
[-EnablePuaProtection <Boolean>]
[-PuaProtection <PuaProtection>]
[-EnableScriptScanning <Boolean>]
[-MonitorFileProgramActivity <Boolean>]
-Name <String>
[-NetworkExploitProtection <Boolean>]
[-PassThru]
[-RealTimeProtectionOn <Boolean>]
[-RealTimeScanOption <RealTimeScanOptionType>]
[-ScanAllDownloaded <Boolean>]
[-UseBehaviorMonitor <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigRealTime <Boolean>]
[-EnablePuaProtection <Boolean>]
[-PuaProtection <PuaProtection>]
[-EnableScriptScanning <Boolean>]
-InputObject <IResultObject>
[-MonitorFileProgramActivity <Boolean>]
[-NetworkExploitProtection <Boolean>]
[-PassThru]
[-RealTimeProtectionOn <Boolean>]
[-RealTimeScanOption <RealTimeScanOptionType>]
[-ScanAllDownloaded <Boolean>]
[-UseBehaviorMonitor <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigSampleSubmission <Boolean>]
[-AllowDeleteQuarantineFileDaysModification <Boolean>]
[-AllowExclusionModification <Boolean>]
[-AllowUserViewHistory <Boolean>]
[-CreateSystemRestorePointBeforeClean <Boolean>]
[-DeleteQuarantineFileDays <Int32>]
[-DisableClientUI <Boolean>]
[-EnableAutoSampleSubmission <Boolean>]
[-EnableReparsePointScanning <Boolean>]
-Name <String>
[-PassThru]
[-RandomizeScheduledScanStartTime <Boolean>]
[-ShowNotification <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigSampleSubmission <Boolean>]
[-AllowDeleteQuarantineFileDaysModification <Boolean>]
[-AllowExclusionModification <Boolean>]
[-AllowUserViewHistory <Boolean>]
[-CreateSystemRestorePointBeforeClean <Boolean>]
[-DeleteQuarantineFileDays <Int32>]
[-DisableClientUI <Boolean>]
[-EnableAutoSampleSubmission <Boolean>]
[-EnableReparsePointScanning <Boolean>]
-InputObject <IResultObject>
[-PassThru]
[-RandomizeScheduledScanStartTime <Boolean>]
[-ShowNotification <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowMapsModification <Boolean>]
[-CloudBlockLevel <CloudBlockLevelType>]
[-ExtendedCloudCheckSec <Int32>]
[-JoinSpyNet <JoinSpyNetType>]
-Name <String>
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowMapsModification <Boolean>]
[-CloudBlockLevel <CloudBlockLevelType>]
[-ExtendedCloudCheckSec <Int32>]
-InputObject <IResultObject>
[-JoinSpyNet <JoinSpyNetType>]
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-CheckLatestDefinition <Boolean>]
[-EnableCatchupScan <Boolean>]
[-EnableQuickScan <Boolean>]
[-EnableScheduledScan <Boolean>]
[-LimitCpuUsage <Int32>]
-Name <String>
[-PassThru]
[-QuickScanTime <DateTime>]
[-ScanWhenClientNotInUse <Boolean>]
[-ScheduledScanTime <DateTime>]
[-ScheduledScanType <ScheduledScanType>]
[-ScheduledScanWeekday <ScheduledScanWeekdayType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-CheckLatestDefinition <Boolean>]
[-EnableCatchupScan <Boolean>]
[-EnableQuickScan <Boolean>]
[-EnableScheduledScan <Boolean>]
-InputObject <IResultObject>
[-LimitCpuUsage <Int32>]
[-PassThru]
[-QuickScanTime <DateTime>]
[-ScanWhenClientNotInUse <Boolean>]
[-ScheduledScanTime <DateTime>]
[-ScheduledScanType <ScheduledScanType>]
[-ScheduledScanWeekday <ScheduledScanWeekdayType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-DefaultActionHigh <DefaultActionSevereAndHighType>]
[-DefaultActionLow <DefaultActionMediumAndLowType>]
[-DefaultActionMedium <DefaultActionMediumAndLowType>]
[-DefaultActionSevere <DefaultActionSevereAndHighType>]
-Name <String>
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-DefaultActionHigh <DefaultActionSevereAndHighType>]
[-DefaultActionLow <DefaultActionMediumAndLowType>]
[-DefaultActionMedium <DefaultActionMediumAndLowType>]
[-DefaultActionSevere <DefaultActionSevereAndHighType>]
-InputObject <IResultObject>
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-Description <String>]
-InputObject <IResultObject>
[-NewName <String>]
[-PassThru]
[-Priority <PriorityChangeType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-CMAntiMalwarePolicy cmdlet configures settings for an endpoint protection antimalware policy.
First use New-CMAntimalwarePolicy to create the policy object. When you create the policy, use the Policy parameter to specify which types of settings the policy includes. If you use Set-CMAntiMalwarePolicy to configure settings for policy types that weren't originally added, it adds the types when you configure the settings.
For more information, see How to create and deploy antimalware policies for Endpoint Protection in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Create an antimalware policy and enable PUA auditing
In this example, it first creates a new antimalware policy that includes the RealTimeProtection settings type. It then configures that policy to enable auditing for potentially unwanted applications (PUA).
$polName = "Real-time protection policy"
$polDesc = "via Pwsh by " + $env:UserName + " at " + $(Get-Date)
New-CMAntimalwarePolicy -Name $polName -Description $polDesc -Policy RealTimeProtection
Set-CMAntimalwarePolicy -Name $polName -PuaProtection AuditExample 2: Increase the priority of an antimalware policy
This command increases the priority of the antimalware policy named ContosoPolicy.
Set-CMAntiMalwarePolicy -Name "ContosoPolicy" -Priority IncreaseParameters
-AddDefinitionUpdateFileShare
If you select UNC file shares as a security intelligence update source, use this parameter to add more network paths to the list.
| Type: | String[] |
| Aliases: | AddDefinitionUpdateFileSharesSources, AddDefinitionUpdateFileShares |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddExcludedFilePath
Specify a file or folder path to exclude from antimalware scans. Exclusions can help scans complete faster or avoid conflicts with some applications. It can also increase the malware risk.
Use this parameter to add more paths to the list.
For example: %windir%\explorer.exe, %windir%\system32
| Type: | String[] |
| Aliases: | AddExcludedFilePaths |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddExcludedFileType
Specify a file extension to exclude all files of this type from antimalware scans. Exclusions can help scans complete faster or avoid conflicts with some applications. It can also increase the malware risk.
Use this parameter to add more types to the list.
For example: .jpg, .txt
| Type: | String[] |
| Aliases: | AddExcludedFileTypes |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddExcludedProcess
Specify the path to a process executable file to exclude it from antimalware scans. Exclusions can help scans complete faster or avoid conflicts with some applications. It can also increase the malware risk.
Use this parameter to add more processes to the list.
For example: %windir%\system32\service.exe
| Type: | String[] |
| Aliases: | AddExcludedProcesses |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddThreat
Specify a hashtable of threat names and corresponding override action. This table defines remediation actions to take when the specified threat name is detected during a scan.
Use this parameter to add more threats to the list.
| Type: | Hashtable |
| Aliases: | AddThreats |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowClientUserConfigLimitCpuUsage
Set this parameter to $true to allow users on client computers to configure CPU usage during scans.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowClientUserConfigRealTime
Set this parameter to $true to allow users on client computers to configure real-time protection settings.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowClientUserConfigSampleSubmission
Set this parameter to $true to allow users on client computers to modify auto sample file submission settings.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowDeleteQuarantineFileDaysModification
Set this parameter to $true to allow users on client computers to configure the setting for quarantined file deletion.
| Type: | Boolean |
| Aliases: | AllowUserConfigQuarantinedFileDeletionPeriod |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowExclusionModification
Set this parameter to $true to allow users on client computers to exclude files and folders, file types, and processes from scans.
| Type: | Boolean |
| Aliases: | AllowUserAddExcludes |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowMapsModification
Set this parameter to $true to allow users on client computers to modify Cloud Protection Service settings.
| Type: | Boolean |
| Aliases: | AllowUserChangeSpyNetSettings |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowUserViewHistory
Set this parameter to $true to allow all users on client computers to view the full history results.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CheckLatestDefinition
Set this parameter to $true to check for the latest security intelligence updates before running a scan.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanDefinitionUpdateFileShare
Add this parameter to remove the list of network file shares to use as security intelligence update sources.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanExcludedFilePath
Add this parameter to remove the list of file paths to exclude from scans.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanExcludedFileType
Add this parameter to remove the list of file extensions to exclude from scans.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanExcludedProcess
Add this parameter to remove the list of processes to exclude from scans.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanThreat
Add this parameter to remove the table of predefined remediation actions for detected threat names.
| Type: | SwitchParameter |
| Aliases: | CleanThreats |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CloudBlockLevel
For the Cloud Protection Service, specify the level of blocking suspicious files.
| Type: | CloudBlockLevelType |
| Accepted values: | Normal, High, HighExtraProtection, BlockUnknown |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CreateSystemRestorePointBeforeClean
Set this parameter to $true to create a system restore point before computers are cleaned.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionHigh
Specify the default action that endpoint protection takes in response to a threat it classifies at the High level.
| Type: | DefaultActionSevereAndHighType |
| Accepted values: | Recommended, Quarantine, Remove |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionLow
Specify the default action that endpoint protection takes in response to a threat it classifies at the Low level.
| Type: | DefaultActionMediumAndLowType |
| Accepted values: | None, Quarantine, Remove, Allow |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionMedium
Specify the default action that endpoint protection takes in response to a threat it classifies at the Medium level.
| Type: | DefaultActionMediumAndLowType |
| Accepted values: | None, Quarantine, Remove, Allow |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionSevere
Specify the default action that endpoint protection takes in response to a threat it classifies at the Severe level.
| Type: | DefaultActionSevereAndHighType |
| Accepted values: | Recommended, Quarantine, Remove |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefinitionUpdateFileShare
Specify an array of UNC file share sources used to download security intelligence updates. Sources are contacted in the order specified.
If you specify this parameter, the client contacts the provided resources for updates. Once the client successfully downloads updates from one source, it doesn't contact the remaining sources in the list. If you don't specify this parameter, the list remains empty and no sources are contacted.
| Type: | String[] |
| Aliases: | DefinitionUpdateFileSharesSources, DefinitionUpdateFileShares |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DeleteQuarantineFileDays
Specify the number of days that items should be kept in the Quarantine folder before being removed.
If you specify this parameter, items are removed from the Quarantine folder after the specified number of days. If you don't specify this parameter, items are kept in the Quarantine folder for the number of days specified in the default policy, which is 30 days.
| Type: | Int32 |
| Aliases: | DeleteQuarantinedFilesPeriod |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Specify an optional description for the antimalware policy to help you identify it.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableClientUI
Set this parameter to $true to disable the client user interface.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableAutoSampleSubmission
Set this parameter to $true to enable auto sample file submission. This feature helps Microsoft determine whether certain detected items are malicious.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableCatchupScan
Set this parameter to $true to force a scan of the selected scan type if a client computer is offline during two or more scheduled scans.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnablePuaProtection
In version 2103 or earlier, set this parameter to $true to enable detection for potentially unwanted applications (PUA).
Starting in version 2107, use the PuaProtection parameter to configure this setting.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableQuickScan
Set this parameter to $true to run a daily quick scan on client computers.
| Type: | Boolean |
| Aliases: | EnableQuickDailyScan |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableReparsePointScanning
Set this parameter to $true to enable reparse point scanning.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableScheduledScan
Set this parameter to $true to configure this policy to run a scheduled scan on client computers.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableScriptScanning
Set this parameter to $true to enable script scanning.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableSignatureUpdateCatchup
Set this parameter to $true to force a security intelligence update if the client computer is offline for more than two consecutive scheduled updates.
| Type: | Boolean |
| Aliases: | EnableSignatureUpdateCatchupInterval |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeFilePath
Specify an array of file paths for which scheduled and real-time scanning is disabled.
| Type: | String[] |
| Aliases: | ExcludedFilePaths, ExcludeFilePaths |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeFileType
Specify an array of file types to exclude from scheduled and real-time scanning.
| Type: | String[] |
| Aliases: | ExcludedFileTypes, ExcludeFileTypes |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeProcess
Specify an array of processes for which any files opened by any of the processes are excluded from scheduled and real-time scanning. The process itself is not excluded.
| Type: | String[] |
| Aliases: | ExcludedProcesses, ExcludeProcesses |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExtendedCloudCheckSec
Specify the number of seconds to allow an extended check with the Cloud Protection Service to block and scan suspicious files.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FallbackOrder
Define which security intelligence update sources the client uses, and the order in which it contacts them.
| Type: | FallbackOrderType[] |
| Accepted values: | UpdatesDistributedFromConfigurationManager, UpdatesFromUncFileShares, UpdatesDistributedFromWsus, UpdatesDistributedFromMicrosoftUpdate, UpdatesDistributedFromMicrosoftMalwareProtectionCenter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FallbackToAlternateSourceHr
If you use Configuration Manager as a source for security intelligence updates, clients will only update from alternative sources if security intelligence is older than the number of hours that you specify with this value.
| Type: | Int32 |
| Aliases: | AuGracePeriod, FallbackToAlternateSourceHour |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FullScanNetworkDrive
Set this parameter to $true to scan mapped network drives when running a full scan.
| Type: | Boolean |
| Aliases: | FullScanNetworkDrives |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specify an antimalware policy object to configure. To get this object, use the Get-CMAntiMalwarePolicy cmdlet.
| Type: | IResultObject |
| Aliases: | AntiMalwarePolicy |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-JoinSpyNet
Specify the Cloud Protection Service membership type.
DoNotJoinMaps: No information is sent.BasicMembership: Collect and send lists of detected malware.AdvancedMembership: Basic information and more comprehensive information that could contain personal information. For example, file paths and partial memory dumps.
| Type: | JoinSpyNetType |
| Accepted values: | DoNotJoinMaps, BasicMembership, AdvancedMembership |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LimitCpuUsage
Specify the percentage to limit CPU usage during scans.
| Type: | Int32 |
| Accepted values: | 0, 10, 20, 30, 40, 50, 60, 70, 80, 90 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MonitorFileProgramActivity
Set this parameter to $true to monitor file and program activity on the client computer.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Specify the name of an antimalware policy to configure.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NetworkExploitProtection
Set this parameter to $true to enable protection against network-based exploits.
| Type: | Boolean |
| Aliases: | NetworkProtectionAgainstExploits |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NewName
Use this parameter to rename the policy that you specify with either the Name or InputObject parameters.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OverrideAction
Specify the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings.
| Type: | DefaultActionMediumAndLowType[] |
| Aliases: | OverrideActions |
| Accepted values: | None, Quarantine, Remove, Allow |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Add this parameter to return an object that represents the item with which you're working. By default, this cmdlet may not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Priority
Use this parameter to change the priority of the antimalware policy.
| Type: | PriorityChangeType |
| Accepted values: | Increase, Decrease |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PuaProtection
Starting in version 2107, use this parameter to configure detection for potentially unwanted applications (PUA). Specify one of the following values: Disable, Enable, or Audit
| Type: | PuaProtection |
| Accepted values: | Disable, Enable, Audit |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-QuickScanTime
Specify a datetime object for when to do a daily quick scan. To get this object, use the Get-Date built-in cmdlet.
| Type: | DateTime |
| Aliases: | ScheduledScanQuickTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RandomizeScheduledScanStartTime
Set this parameter to $true to randomize scheduled scan and security intelligence update start times.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RealTimeProtectionOn
Set this parameter to $true to enable real-time protection.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RealTimeScanOption
Specify how real-time protection scans system files. For performance reasons, you might have to change the default value if a server has high incoming or outgoing file activity.
| Type: | RealTimeScanOptionType |
| Accepted values: | ScanIncomingAndOutgoingFiles, ScanIncomingFilesOnly, ScanOutgoingFilesOnly |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveDefinitionUpdateFileShare
Specify the network file share paths to remove from the list. To clear the entire list, use the CleanDefinitionUpdateFileShare parameter.
| Type: | String[] |
| Aliases: | RemoveDefinitionUpdateFileSharesSources, RemoveDefinitionUpdateFileShares |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveExcludedFilePath
Specify the excluded file paths to remove from the list. To clear the entire list, use the CleanExcludedFilePath parameter.
| Type: | String[] |
| Aliases: | RemoveExcludedFilePaths |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveExcludedFileType
Specify the excluded file types to remove from the list. To clear the entire list, use the CleanExcludedFileType parameter.
| Type: | String[] |
| Aliases: | RemoveExcludedFileTypes |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveExcludedProcess
Specify the excluded processes to remove from the list. To clear the entire list, use the CleanExcludedProcesses parameter.
| Type: | String[] |
| Aliases: | RemoveExcludedProcesses |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveThreat
Specify the names of threats to remove from the threat override table.
| Type: | String[] |
| Aliases: | RemoveThreats, RemoveThreatsByName |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanAllDownloaded
Set this parameter to $true to scan all downloaded files and enable exploit protection for the browser.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanArchive
Set this parameter to $true to scan archived files, for example .zip or .cab files.
| Type: | Boolean |
| Aliases: | ScanArchivedFiles |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanEmail
Set this parameter to $true to scan email and email attachments.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanNetworkDrive
Set this parameter to $true to scan network files.
| Type: | Boolean |
| Aliases: | ScanNetworkDrives |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanRemovableStorage
Set this parameter to $true to scan removable storage devices such as USB drives.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanWhenClientNotInUse
Set this parameter to $true to start a scheduled scan only when the computer is idle.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanTime
Specify a datetime object for when to do a scheduled scan. To get this object, use the Get-Date built-in cmdlet.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanType
Specify the type of a scheduled scan.
QuickScan: This type of scan checks the in-memory processes and folders where malware is typically found. It requires fewer resources than a full scan.FullScan: This type of scan adds a full check of all local files and folders to the items scanned in the quick scan. This scan takes longer than a quick scan and uses more CPU processing and memory resources on client computers.
In most cases, use Quick scan to minimize the use of system resources on client computers. If malware removal requires a full scan, endpoint protection generates an alert that's displayed in the Configuration Manager console. The default value is Quick scan.
| Type: | ScheduledScanType |
| Accepted values: | None, QuickScan, FullScan |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanUserControl
Specify the user control of scheduled scans.
| Type: | ScheduledScanUserControlType |
| Accepted values: | NoControl, ScanTimeOnly, FullControl |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanWeekday
Specify the day of the week when a scheduled scan runs.
| Type: | ScheduledScanWeekdayType |
| Accepted values: | Daily, Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ShowNotification
Set this parameter to $true to show notifications on the client computer when the user needs to run a full scan, update security intelligence, or run Windows Defender Offline.
| Type: | Boolean |
| Aliases: | ShowNotificationMessages |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SignatureUpdateHr
Specify the interval of hours between checks for security intelligence updates. Use an integer value up to 24, for example:
0: Disable check on interval1: Check for updates every hour24: Check once per day
| Type: | Int32 |
| Aliases: | SignatureUpdateInterval, SignatureUpdateIntervalHour |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SignatureUpdateTime
Specify a datetime object for when the client checks for security intelligence updates each day. To get this object, use the Get-Date built-in cmdlet.
This setting only applies if you disable interval-based checks with -SignatureUpdateHr 0.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ThreatName
Specify the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.
| Type: | String[] |
| Aliases: | ThreatNames |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseBehaviorMonitor
Set this parameter to $true to enable behavior monitoring.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
System.Object
Related Links
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for