Set-CMAntimalwarePolicy
配置终结点保护反恶意软件策略的设置。
语法
Set-CMAntimalwarePolicy
[-Description <String>]
-Name <String>
[-NewName <String>]
[-PassThru]
[-Priority <PriorityChangeType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddDefinitionUpdateFileShare <String[]>]
[-CleanDefinitionUpdateFileShare]
[-DefinitionUpdateFileShare <String[]>]
[-EnableSignatureUpdateCatchup <Boolean>]
[-FallbackOrder <FallbackOrderType[]>]
[-FallbackToAlternateSourceHr <Int32>]
-Name <String>
[-PassThru]
[-RemoveDefinitionUpdateFileShare <String[]>]
[-SignatureUpdateHr <Int32>]
[-SignatureUpdateTime <DateTime>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddDefinitionUpdateFileShare <String[]>]
[-CleanDefinitionUpdateFileShare]
[-DefinitionUpdateFileShare <String[]>]
[-EnableSignatureUpdateCatchup <Boolean>]
[-FallbackOrder <FallbackOrderType[]>]
[-FallbackToAlternateSourceHr <Int32>]
-InputObject <IResultObject>
[-PassThru]
[-RemoveDefinitionUpdateFileShare <String[]>]
[-SignatureUpdateHr <Int32>]
[-SignatureUpdateTime <DateTime>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddExcludedFilePath <String[]>]
[-AddExcludedFileType <String[]>]
[-AddExcludedProcess <String[]>]
[-CleanExcludedFilePath]
[-CleanExcludedFileType]
[-CleanExcludedProcess]
[-ExcludeFilePath <String[]>]
[-ExcludeFileType <String[]>]
[-ExcludeProcess <String[]>]
-Name <String>
[-PassThru]
[-RemoveExcludedFilePath <String[]>]
[-RemoveExcludedFileType <String[]>]
[-RemoveExcludedProcess <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddExcludedFilePath <String[]>]
[-AddExcludedFileType <String[]>]
[-AddExcludedProcess <String[]>]
[-CleanExcludedFilePath]
[-CleanExcludedFileType]
[-CleanExcludedProcess]
[-ExcludeFilePath <String[]>]
[-ExcludeFileType <String[]>]
[-ExcludeProcess <String[]>]
-InputObject <IResultObject>
[-PassThru]
[-RemoveExcludedFilePath <String[]>]
[-RemoveExcludedFileType <String[]>]
[-RemoveExcludedProcess <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddThreat <Hashtable>]
[-CleanThreat]
-Name <String>
[-OverrideAction <DefaultActionMediumAndLowType[]>]
[-PassThru]
[-RemoveThreat <String[]>]
[-ThreatName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AddThreat <Hashtable>]
[-CleanThreat]
-InputObject <IResultObject>
[-OverrideAction <DefaultActionMediumAndLowType[]>]
[-PassThru]
[-RemoveThreat <String[]>]
[-ThreatName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigLimitCpuUsage <Boolean>]
[-FullScanNetworkDrive <Boolean>]
-Name <String>
[-PassThru]
[-ScanArchive <Boolean>]
[-ScanEmail <Boolean>]
[-ScanNetworkDrive <Boolean>]
[-ScanRemovableStorage <Boolean>]
[-ScheduledScanUserControl <ScheduledScanUserControlType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigLimitCpuUsage <Boolean>]
[-FullScanNetworkDrive <Boolean>]
-InputObject <IResultObject>
[-PassThru]
[-ScanArchive <Boolean>]
[-ScanEmail <Boolean>]
[-ScanNetworkDrive <Boolean>]
[-ScanRemovableStorage <Boolean>]
[-ScheduledScanUserControl <ScheduledScanUserControlType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigRealTime <Boolean>]
[-EnablePuaProtection <Boolean>]
[-PuaProtection <PuaProtection>]
[-EnableScriptScanning <Boolean>]
[-MonitorFileProgramActivity <Boolean>]
-Name <String>
[-NetworkExploitProtection <Boolean>]
[-PassThru]
[-RealTimeProtectionOn <Boolean>]
[-RealTimeScanOption <RealTimeScanOptionType>]
[-ScanAllDownloaded <Boolean>]
[-UseBehaviorMonitor <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigRealTime <Boolean>]
[-EnablePuaProtection <Boolean>]
[-PuaProtection <PuaProtection>]
[-EnableScriptScanning <Boolean>]
-InputObject <IResultObject>
[-MonitorFileProgramActivity <Boolean>]
[-NetworkExploitProtection <Boolean>]
[-PassThru]
[-RealTimeProtectionOn <Boolean>]
[-RealTimeScanOption <RealTimeScanOptionType>]
[-ScanAllDownloaded <Boolean>]
[-UseBehaviorMonitor <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigSampleSubmission <Boolean>]
[-AllowDeleteQuarantineFileDaysModification <Boolean>]
[-AllowExclusionModification <Boolean>]
[-AllowUserViewHistory <Boolean>]
[-CreateSystemRestorePointBeforeClean <Boolean>]
[-DeleteQuarantineFileDays <Int32>]
[-DisableClientUI <Boolean>]
[-EnableAutoSampleSubmission <Boolean>]
[-EnableReparsePointScanning <Boolean>]
-Name <String>
[-PassThru]
[-RandomizeScheduledScanStartTime <Boolean>]
[-ShowNotification <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowClientUserConfigSampleSubmission <Boolean>]
[-AllowDeleteQuarantineFileDaysModification <Boolean>]
[-AllowExclusionModification <Boolean>]
[-AllowUserViewHistory <Boolean>]
[-CreateSystemRestorePointBeforeClean <Boolean>]
[-DeleteQuarantineFileDays <Int32>]
[-DisableClientUI <Boolean>]
[-EnableAutoSampleSubmission <Boolean>]
[-EnableReparsePointScanning <Boolean>]
-InputObject <IResultObject>
[-PassThru]
[-RandomizeScheduledScanStartTime <Boolean>]
[-ShowNotification <Boolean>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowMapsModification <Boolean>]
[-CloudBlockLevel <CloudBlockLevelType>]
[-ExtendedCloudCheckSec <Int32>]
[-JoinSpyNet <JoinSpyNetType>]
-Name <String>
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-AllowMapsModification <Boolean>]
[-CloudBlockLevel <CloudBlockLevelType>]
[-ExtendedCloudCheckSec <Int32>]
-InputObject <IResultObject>
[-JoinSpyNet <JoinSpyNetType>]
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-CheckLatestDefinition <Boolean>]
[-EnableCatchupScan <Boolean>]
[-EnableQuickScan <Boolean>]
[-EnableScheduledScan <Boolean>]
[-LimitCpuUsage <Int32>]
-Name <String>
[-PassThru]
[-QuickScanTime <DateTime>]
[-ScanWhenClientNotInUse <Boolean>]
[-ScheduledScanTime <DateTime>]
[-ScheduledScanType <ScheduledScanType>]
[-ScheduledScanWeekday <ScheduledScanWeekdayType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-CheckLatestDefinition <Boolean>]
[-EnableCatchupScan <Boolean>]
[-EnableQuickScan <Boolean>]
[-EnableScheduledScan <Boolean>]
-InputObject <IResultObject>
[-LimitCpuUsage <Int32>]
[-PassThru]
[-QuickScanTime <DateTime>]
[-ScanWhenClientNotInUse <Boolean>]
[-ScheduledScanTime <DateTime>]
[-ScheduledScanType <ScheduledScanType>]
[-ScheduledScanWeekday <ScheduledScanWeekdayType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-DefaultActionHigh <DefaultActionSevereAndHighType>]
[-DefaultActionLow <DefaultActionMediumAndLowType>]
[-DefaultActionMedium <DefaultActionMediumAndLowType>]
[-DefaultActionSevere <DefaultActionSevereAndHighType>]
-Name <String>
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-DefaultActionHigh <DefaultActionSevereAndHighType>]
[-DefaultActionLow <DefaultActionMediumAndLowType>]
[-DefaultActionMedium <DefaultActionMediumAndLowType>]
[-DefaultActionSevere <DefaultActionSevereAndHighType>]
-InputObject <IResultObject>
[-PassThru]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMAntimalwarePolicy
[-Description <String>]
-InputObject <IResultObject>
[-NewName <String>]
[-PassThru]
[-Priority <PriorityChangeType>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] 说明
Set-CMAntiMalwarePolicy cmdlet 配置终结点保护反恶意软件策略的设置。
首先使用 New-CMAntimalwarePolicy 创建策略对象。 创建策略时,使用 Policy 参数指定策略包括哪些类型的设置。 如果使用 Set-CMAntiMalwarePolicy 配置最初未添加的策略类型的设置,它将在配置设置时添加类型。
有关详细信息,请参阅如何在 Configuration Manager 中为Endpoint Protection和部署反恶意软件策略。
备注
从 Configuration Manager 站点驱动器运行 Configuration Manager cmdlet,例如 PS XYZ:\> 。 有关详细信息,请参阅 入门。
示例
示例 1:创建反恶意软件策略并启用 PUA 审核
本示例首先创建一个新的反恶意软件策略,其中包括 RealTimeProtection 设置 类型。 然后,它将配置该策略,以在 PUA (启用) 。
$polName = "Real-time protection policy"
$polDesc = "via Pwsh by " + $env:UserName + " at " + $(Get-Date)
New-CMAntimalwarePolicy -Name $polName -Description $polDesc -Policy RealTimeProtection
Set-CMAntimalwarePolicy -Name $polName -PuaProtection Audit示例 2:提高反恶意软件策略的优先级
此命令增加了名为 ContosoPolicy的反恶意软件策略的优先级。
Set-CMAntiMalwarePolicy -Name "ContosoPolicy" -Priority Increase参数
-AddDefinitionUpdateFileShare
如果选择 UNC 文件共享作为安全智能更新源,请使用此参数向列表中添加更多网络路径。
| Type: | String[] |
| Aliases: | AddDefinitionUpdateFileSharesSources, AddDefinitionUpdateFileShares |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddExcludedFilePath
指定要从反恶意软件扫描中排除的文件或文件夹路径。 排除项可帮助更快地完成扫描或避免与某些应用程序冲突。 它还会增加恶意软件风险。
使用此参数向列表中添加更多路径。
例如: %windir%\explorer.exe 、 %windir%\system32
| Type: | String[] |
| Aliases: | AddExcludedFilePaths |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddExcludedFileType
指定文件扩展名以从反恶意软件扫描中排除此类型的所有文件。 排除项可帮助更快地完成扫描或避免与某些应用程序冲突。 它还会增加恶意软件风险。
使用此参数向列表中添加更多类型。
例如: .jpg 、 .txt
| Type: | String[] |
| Aliases: | AddExcludedFileTypes |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddExcludedProcess
指定进程可执行文件的路径,以将其从反恶意软件扫描中排除。 排除项可帮助更快地完成扫描或避免与某些应用程序冲突。 它还会增加恶意软件风险。
使用此参数向列表中添加更多进程。
例如:%windir%\system32\service.exe
| Type: | String[] |
| Aliases: | AddExcludedProcesses |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AddThreat
指定威胁名称和相应替代操作哈希表。 此表定义扫描期间检测到指定威胁名称时要采取的修正操作。
使用此参数向列表中添加更多威胁。
| Type: | Hashtable |
| Aliases: | AddThreats |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowClientUserConfigLimitCpuUsage
设置此参数 $true 以允许客户端计算机上的用户在扫描期间配置 CPU 使用率。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowClientUserConfigRealTime
设置此参数 $true 以允许客户端计算机上的用户配置实时保护设置。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowClientUserConfigSampleSubmission
设置此参数 $true 以允许客户端计算机上的用户修改自动示例文件提交设置。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowDeleteQuarantineFileDaysModification
设置此参数 $true 以允许客户端计算机上的用户配置隔离文件删除的设置。
| Type: | Boolean |
| Aliases: | AllowUserConfigQuarantinedFileDeletionPeriod |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowExclusionModification
设置此参数以允许客户端计算机上的用户从扫描中排除文件和文件夹、 $true 文件类型和进程。
| Type: | Boolean |
| Aliases: | AllowUserAddExcludes |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowMapsModification
设置此参数 $true 以允许客户端计算机上的用户修改云保护服务设置。
| Type: | Boolean |
| Aliases: | AllowUserChangeSpyNetSettings |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowUserViewHistory
设置此参数 $true 以允许客户端计算机上的所有用户查看完整历史记录结果。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CheckLatestDefinition
设置此参数 $true 以在运行扫描之前检查最新的安全智能更新。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanDefinitionUpdateFileShare
添加此参数可删除要用作安全智能更新源的网络文件共享列表。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanExcludedFilePath
添加此参数可删除要从扫描中排除的文件路径列表。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanExcludedFileType
添加此参数以删除要从扫描中排除的文件扩展名列表。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanExcludedProcess
添加此参数以删除要从扫描中排除的进程列表。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CleanThreat
添加此参数可删除检测到的威胁名称的预定义修正操作表。
| Type: | SwitchParameter |
| Aliases: | CleanThreats |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CloudBlockLevel
对于云保护服务,指定阻止可疑文件的级别。
| Type: | CloudBlockLevelType |
| Accepted values: | Normal, High, HighExtraProtection, BlockUnknown |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CreateSystemRestorePointBeforeClean
设置此参数 $true 以在清理计算机之前创建系统还原点。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionHigh
指定终结点保护为响应在高级别分类的威胁而执行的默认操作。
| Type: | DefaultActionSevereAndHighType |
| Accepted values: | Recommended, Quarantine, Remove |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionLow
指定终结点保护为响应其分类为低级别的威胁而执行 的默认 操作。
| Type: | DefaultActionMediumAndLowType |
| Accepted values: | None, Quarantine, Remove, Allow |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionMedium
指定终结点保护为响应在中等级别分类的威胁 而执行的默认 操作。
| Type: | DefaultActionMediumAndLowType |
| Accepted values: | None, Quarantine, Remove, Allow |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultActionSevere
指定终结点保护为响应其分类为严重级别的威胁而采取的默认操作。
| Type: | DefaultActionSevereAndHighType |
| Accepted values: | Recommended, Quarantine, Remove |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefinitionUpdateFileShare
指定用于下载安全智能更新的 UNC 文件共享源的数组。 按指定的顺序联系源。
如果指定此参数,客户端将联系所提供的资源以进行更新。 客户端从一个源成功下载更新后,它不会与列表中的其余源联系。 如果不指定此参数,列表将保持为空,并且不会联系任何源。
| Type: | String[] |
| Aliases: | DefinitionUpdateFileSharesSources, DefinitionUpdateFileShares |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DeleteQuarantineFileDays
指定在删除项目之前应在隔离文件夹中保留的天数。
如果指定此参数,则项目在指定的天数后从隔离文件夹中删除。 如果不指定此参数,项目将保留在隔离文件夹中,保留默认策略中指定的天数(即 30 天)。
| Type: | Int32 |
| Aliases: | DeleteQuarantinedFilesPeriod |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableClientUI
设置此参数 $true 以禁用客户端用户界面。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
此参数将通配符视为文字字符值。 不能将其与 ForceWildcardHandling 结合使用。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableAutoSampleSubmission
设置此参数 $true 以启用自动示例文件提交。 此功能可帮助 Microsoft 确定某些检测到的项目是否是恶意项目。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableCatchupScan
如果客户端计算机在两次或两次以上计划扫描期间处于脱机状态,则设置此参数以强制扫描 $true 所选扫描类型。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnablePuaProtection
在版本 2103 或更早版本中,将此参数设置为启用对 $true PUA (可能不需要的应用程序) 。
从版本 2107 开始,使用 PuaProtection 参数配置此设置。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableQuickScan
设置此参数 $true 以在客户端计算机上运行每日快速扫描。
| Type: | Boolean |
| Aliases: | EnableQuickDailyScan |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableReparsePointScanning
设置此参数 $true 以启用重新分析点扫描。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableScheduledScan
设置此参数 $true 以配置此策略以在客户端计算机上运行计划扫描。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableScriptScanning
设置此参数 $true 以启用脚本扫描。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableSignatureUpdateCatchup
如果客户端计算机连续两次计划更新处于脱机状态,则设置此参数以强制进行 $true 安全智能更新。
| Type: | Boolean |
| Aliases: | EnableSignatureUpdateCatchupInterval |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeFilePath
指定已禁用计划扫描和实时扫描的文件路径数组。
| Type: | String[] |
| Aliases: | ExcludedFilePaths, ExcludeFilePaths |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeFileType
指定从计划扫描和实时扫描中排除的文件类型数组。
| Type: | String[] |
| Aliases: | ExcludedFileTypes, ExcludeFileTypes |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExcludeProcess
指定一个进程数组,其中任何进程打开的任何文件都从计划扫描和实时扫描中排除。 不会排除进程本身。
| Type: | String[] |
| Aliases: | ExcludedProcesses, ExcludeProcesses |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExtendedCloudCheckSec
指定允许与云保护服务进行扩展检查以阻止和扫描可疑文件的秒数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FallbackOrder
定义客户端使用的安全智能更新源,以及其联系的顺序。
| Type: | FallbackOrderType[] |
| Accepted values: | UpdatesDistributedFromConfigurationManager, UpdatesFromUncFileShares, UpdatesDistributedFromWsus, UpdatesDistributedFromMicrosoftUpdate, UpdatesDistributedFromMicrosoftMalwareProtectionCenter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FallbackToAlternateSourceHr
如果使用 Configuration Manager 作为安全智能更新的源,则当安全智能超过使用此值指定的小时数时,客户端将仅从备用源进行更新。
| Type: | Int32 |
| Aliases: | AuGracePeriod, FallbackToAlternateSourceHour |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
此参数处理通配符,并且可能会导致意外行为 (不建议) 。 不能将其与 DisableWildcardHandling 结合使用。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FullScanNetworkDrive
将此参数设置为 $true 在运行完全扫描时扫描映射的网络驱动器。
| Type: | Boolean |
| Aliases: | FullScanNetworkDrives |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
指定要配置的反恶意软件策略对象。 若要获取此对象,请使用 Get-CMAntiMalwarePolicy cmdlet。
| Type: | IResultObject |
| Aliases: | AntiMalwarePolicy |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-JoinSpyNet
指定云保护服务成员身份类型。
DoNotJoinMaps:不发送任何信息。BasicMembership:收集并发送检测到的恶意软件的列表。AdvancedMembership:可能包含个人信息的基本信息和更全面的信息。 例如,文件路径和部分内存转储。
| Type: | JoinSpyNetType |
| Accepted values: | DoNotJoinMaps, BasicMembership, AdvancedMembership |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LimitCpuUsage
指定扫描期间限制 CPU 使用率的百分比。
| Type: | Int32 |
| Accepted values: | 0, 10, 20, 30, 40, 50, 60, 70, 80, 90 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MonitorFileProgramActivity
设置此参数 $true 以监视客户端计算机上的文件和程序活动。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NetworkExploitProtection
设置此参数 $true 以启用对基于网络的攻击的保护。
| Type: | Boolean |
| Aliases: | NetworkProtectionAgainstExploits |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NewName
使用此参数可重命名使用 Name 或 InputObject 参数指定的策略。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OverrideAction
指定威胁替代操作。 此参数与 ThreatName 参数一起用于配置威胁替代设置。
| Type: | DefaultActionMediumAndLowType[] |
| Aliases: | OverrideActions |
| Accepted values: | None, Quarantine, Remove, Allow |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
添加此参数可返回一个对象,该对象表示您正使用的项目。 默认情况下,此 cmdlet 可能不会生成任何输出。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Priority
使用此参数可更改反恶意软件策略的优先级。
| Type: | PriorityChangeType |
| Accepted values: | Increase, Decrease |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PuaProtection
从版本 2107 开始,使用此参数配置 PUA (可能不需要) 。 指定下列值之一: Disable 、 Enable 或 Audit
| Type: | PuaProtection |
| Accepted values: | Disable, Enable, Audit |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-QuickScanTime
指定用于何时执行每日快速扫描的 datetime 对象。 若要获取此对象,请使用 Get-Date 内置 cmdlet。
| Type: | DateTime |
| Aliases: | ScheduledScanQuickTime |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RandomizeScheduledScanStartTime
设置此参数 $true 以随机化计划扫描和安全智能更新开始时间。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RealTimeProtectionOn
设置此参数 $true 以启用实时保护。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RealTimeScanOption
指定实时保护如何扫描系统文件。 出于性能原因,如果服务器具有高传入或传出文件活动,您可能必须更改默认值。
| Type: | RealTimeScanOptionType |
| Accepted values: | ScanIncomingAndOutgoingFiles, ScanIncomingFilesOnly, ScanOutgoingFilesOnly |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveDefinitionUpdateFileShare
指定要从列表中删除的网络文件共享路径。 若要清除整个列表,请使用 CleanDefinitionUpdateFileShare 参数。
| Type: | String[] |
| Aliases: | RemoveDefinitionUpdateFileSharesSources, RemoveDefinitionUpdateFileShares |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveExcludedFilePath
指定要从列表中删除的已排除文件路径。 若要清除整个列表,请使用 CleanExcludedFilePath 参数。
| Type: | String[] |
| Aliases: | RemoveExcludedFilePaths |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveExcludedFileType
指定要从列表中删除的已排除文件类型。 若要清除整个列表,请使用 CleanExcludedFileType 参数。
| Type: | String[] |
| Aliases: | RemoveExcludedFileTypes |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveExcludedProcess
指定要从列表中删除的已排除进程。 若要清除整个列表,请使用 CleanExcludedProcesses 参数。
| Type: | String[] |
| Aliases: | RemoveExcludedProcesses |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RemoveThreat
指定要从威胁替代表中删除的威胁的名称。
| Type: | String[] |
| Aliases: | RemoveThreats, RemoveThreatsByName |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanAllDownloaded
设置此参数 $true 以扫描所有下载的文件,并启用浏览器的 Exploit Protection。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanArchive
设置此参数 $true 以扫描存档的文件,例如 .zip 或 .cab 文件。
| Type: | Boolean |
| Aliases: | ScanArchivedFiles |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanEmail
设置此参数 $true 以扫描电子邮件和电子邮件附件。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanNetworkDrive
设置此参数 $true 以扫描网络文件。
| Type: | Boolean |
| Aliases: | ScanNetworkDrives |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanRemovableStorage
设置此参数 $true 以扫描可移动存储设备,如 USB 驱动器。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScanWhenClientNotInUse
将此参数 $true 设置为仅在计算机空闲时启动计划扫描。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanTime
指定何时执行计划扫描的 datetime 对象。 若要获取此对象,请使用 Get-Date 内置 cmdlet。
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanType
指定计划扫描的类型。
QuickScan:这种类型的扫描会检查内存中的进程和通常找到恶意软件的文件夹。 与完全扫描相比,它需要的资源更少。FullScan:这种类型的扫描会将所有本地文件和文件夹的完全检查添加到快速扫描中扫描的项目。 此扫描所花的时间比快速扫描更长,并且客户端计算机上的 CPU 处理和内存资源也更多。
在大多数情况下,使用 快速扫描 最大程度地减少客户端计算机上的系统资源使用。 如果恶意软件删除需要完全扫描,终结点保护将生成在 Configuration Manager 控制台中显示的警报。 默认值为快速 扫描。
| Type: | ScheduledScanType |
| Accepted values: | None, QuickScan, FullScan |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanUserControl
指定计划扫描的用户控制。
| Type: | ScheduledScanUserControlType |
| Accepted values: | NoControl, ScanTimeOnly, FullControl |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScheduledScanWeekday
指定一周中运行计划扫描的时间。
| Type: | ScheduledScanWeekdayType |
| Accepted values: | Daily, Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ShowNotification
设置此参数 $true 以在用户需要运行完全扫描、更新安全智能或脱机运行时在客户端计算机Windows Defender通知。
| Type: | Boolean |
| Aliases: | ShowNotificationMessages |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SignatureUpdateHr
指定检查安全智能更新之间的时间间隔(小时)。 使用最多为 24 的整数值,例如:
0:禁用间隔检查1:每小时检查一次更新24:每天检查一次
| Type: | Int32 |
| Aliases: | SignatureUpdateInterval, SignatureUpdateIntervalHour |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SignatureUpdateTime
指定客户端每天检查安全智能更新的日期时间对象。 若要获取此对象,请使用 Get-Date 内置 cmdlet。
此设置仅在使用 禁用基于间隔的检查时适用 -SignatureUpdateHr 0 。
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ThreatName
指定威胁的名称。 此参数与 OverrideAction 参数一起用于配置威胁替代设置。
| Type: | String[] |
| Aliases: | ThreatNames |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseBehaviorMonitor
设置此参数 $true 以启用行为监视。
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
显示在 cmdlet 运行时发生的情况。 cmdlet 不运行。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-名称
指定要配置的反恶意软件策略的名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-描述
指定反恶意软件策略的可选说明以帮助你识别它。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输入
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
输出
System.Object