Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
1340 lines (1080 sloc) 35.6 KB

<<<<<<< HEAD

title: Set-CMAntimalwarePolicy titleSuffix: Configuration Manager description: Changes configuration settings for an antimalware policy for Endpoint Protection. ms.date: 05/07/2019 ms.prod: configuration-manager ms.technology: configmgr-other ms.topic: conceptual author: aczechowski ms.author: aaroncz manager: dougeby

--- external help file: AdminUI.PS.EP.dll-Help.xml ms.assetid: 4734FA75-5803-4806-B280-988762C51D22 online version: https://go.microsoft.com/fwlink/?linkid=833625 schema: 2.0.0

master


Set-CMAntimalwarePolicy

SYNOPSIS

Changes configuration settings for an antimalware policy for Endpoint Protection.

SYNTAX

SetByName (Default)

Set-CMAntimalwarePolicy -Name <String> [-NewName <String>] [-Description <String>]
 [-Priority <PriorityChangeType>] [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf]
 [-Confirm] [<CommonParameters>]

SetScheduledScanSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-EnableScheduledScan <Boolean>]
 [-ScheduledScanType <ScheduledScanType>] [-ScheduledScanWeekday <ScheduledScanWeekdayType>]
 [-ScheduledScanTime <DateTime>] [-EnableQuickScan <Boolean>] [-QuickScanTime <DateTime>]
 [-CheckLatestDefinition <Boolean>] [-ScanWhenClientNotInUse <Boolean>] [-EnableCatchupScan <Boolean>]
 [-LimitCpuUsage <Int32>] [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm]
 [<CommonParameters>]

SetScanSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-ScanEmail <Boolean>] [-ScanRemovableStorage <Boolean>]
 [-FullScanNetworkDrive <Boolean>] [-ScanNetworkDrive <Boolean>] [-ScanArchive <Boolean>]
 [-AllowClientUserConfigLimitCpuUsage <Boolean>] [-ScheduledScanUserControl <ScheduledScanUserControlType>]
 [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetDefaultActionSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-DefaultActionSevere <DefaultActionSevereAndHighType>]
 [-DefaultActionHigh <DefaultActionSevereAndHighType>] [-DefaultActionMedium <DefaultActionMediumAndLowType>]
 [-DefaultActionLow <DefaultActionMediumAndLowType>] [-PassThru] [-DisableWildcardHandling]
 [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetRealtimeProtectionSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-RealTimeProtectionOn <Boolean>]
 [-MonitorFileProgramActivity <Boolean>] [-RealTimeScanOption <RealTimeScanOptionType>]
 [-EnableScriptScanning <Boolean>] [-EnablePuaProtection <Boolean>] [-ScanAllDownloaded <Boolean>]
 [-UseBehaviorMonitor <Boolean>] [-NetworkExploitProtection <Boolean>]
 [-AllowClientUserConfigRealTime <Boolean>] [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling]
 [-WhatIf] [-Confirm] [<CommonParameters>]

SetAdvancedSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-CreateSystemRestorePointBeforeClean <Boolean>]
 [-EnableAutoSampleSubmission <Boolean>] [-AllowClientUserConfigSampleSubmission <Boolean>]
 [-DisableClientUI <Boolean>] [-ShowNotification <Boolean>] [-DeleteQuarantineFileDays <Int32>]
 [-AllowDeleteQuarantineFileDaysModification <Boolean>] [-AllowExclusionModification <Boolean>]
 [-AllowUserViewHistory <Boolean>] [-EnableReparsePointScanning <Boolean>]
 [-RandomizeScheduledScanStartTime <Boolean>] [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling]
 [-WhatIf] [-Confirm] [<CommonParameters>]

SetMAPSSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-JoinSpyNet <JoinSpyNetType>] [-AllowMapsModification <Boolean>]
 [-CloudBlockLevel <CloudBlockLevelType>] [-ExtendedCloudCheckSec <Int32>] [-PassThru]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetDefinitionUpdatesSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-SignatureUpdateHr <Int32>] [-SignatureUpdateTime <DateTime>]
 [-EnableSignatureUpdateCatchup <Boolean>] [-FallbackOrder <FallbackOrderType[]>]
 [-FallbackToAlternateSourceHr <Int32>] [-DefinitionUpdateFileShare <String[]>] [-PassThru]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetExclusionSettingsByName

Set-CMAntimalwarePolicy -Name <String> [-ExcludeFilePath <String[]>] [-ExcludeFileType <String[]>]
 [-ExcludeProcess <String[]>] [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf]
 [-Confirm] [<CommonParameters>]

SetThreatOverridesSettingsByName

Set-CMAntimalwarePolicy -Name <String> -ThreatName <String[]> -OverrideAction <DefaultActionMediumAndLowType[]>
 [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetByValue

Set-CMAntimalwarePolicy [-NewName <String>] [-Description <String>] [-Priority <PriorityChangeType>]
 -InputObject <IResultObject> [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf]
 [-Confirm] [<CommonParameters>]

SetScheduledScanSettingsByValue

Set-CMAntimalwarePolicy [-EnableScheduledScan <Boolean>] [-ScheduledScanType <ScheduledScanType>]
 [-ScheduledScanWeekday <ScheduledScanWeekdayType>] [-ScheduledScanTime <DateTime>]
 [-EnableQuickScan <Boolean>] [-QuickScanTime <DateTime>] [-CheckLatestDefinition <Boolean>]
 [-ScanWhenClientNotInUse <Boolean>] [-EnableCatchupScan <Boolean>] [-LimitCpuUsage <Int32>]
 -InputObject <IResultObject> [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf]
 [-Confirm] [<CommonParameters>]

SetScanSettingsByValue

Set-CMAntimalwarePolicy [-ScanEmail <Boolean>] [-ScanRemovableStorage <Boolean>]
 [-FullScanNetworkDrive <Boolean>] [-ScanNetworkDrive <Boolean>] [-ScanArchive <Boolean>]
 [-AllowClientUserConfigLimitCpuUsage <Boolean>] [-ScheduledScanUserControl <ScheduledScanUserControlType>]
 -InputObject <IResultObject> [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf]
 [-Confirm] [<CommonParameters>]

SetDefaultActionSettingsByValue

Set-CMAntimalwarePolicy [-DefaultActionSevere <DefaultActionSevereAndHighType>]
 [-DefaultActionHigh <DefaultActionSevereAndHighType>] [-DefaultActionMedium <DefaultActionMediumAndLowType>]
 [-DefaultActionLow <DefaultActionMediumAndLowType>] -InputObject <IResultObject> [-PassThru]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetRealtimeProtectionSettingsByValue

Set-CMAntimalwarePolicy [-RealTimeProtectionOn <Boolean>] [-MonitorFileProgramActivity <Boolean>]
 [-RealTimeScanOption <RealTimeScanOptionType>] [-EnableScriptScanning <Boolean>]
 [-EnablePuaProtection <Boolean>] [-ScanAllDownloaded <Boolean>] [-UseBehaviorMonitor <Boolean>]
 [-NetworkExploitProtection <Boolean>] [-AllowClientUserConfigRealTime <Boolean>] -InputObject <IResultObject>
 [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetAdvancedSettingsByValue

Set-CMAntimalwarePolicy [-CreateSystemRestorePointBeforeClean <Boolean>]
 [-EnableAutoSampleSubmission <Boolean>] [-AllowClientUserConfigSampleSubmission <Boolean>]
 [-DisableClientUI <Boolean>] [-ShowNotification <Boolean>] [-DeleteQuarantineFileDays <Int32>]
 [-AllowDeleteQuarantineFileDaysModification <Boolean>] [-AllowExclusionModification <Boolean>]
 [-AllowUserViewHistory <Boolean>] [-EnableReparsePointScanning <Boolean>]
 [-RandomizeScheduledScanStartTime <Boolean>] -InputObject <IResultObject> [-PassThru]
 [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetMAPSSettingsByValue

Set-CMAntimalwarePolicy [-JoinSpyNet <JoinSpyNetType>] [-AllowMapsModification <Boolean>]
 [-CloudBlockLevel <CloudBlockLevelType>] [-ExtendedCloudCheckSec <Int32>] -InputObject <IResultObject>
 [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetDefinitionUpdatesSettingsByValue

Set-CMAntimalwarePolicy [-SignatureUpdateHr <Int32>] [-SignatureUpdateTime <DateTime>]
 [-EnableSignatureUpdateCatchup <Boolean>] [-FallbackOrder <FallbackOrderType[]>]
 [-FallbackToAlternateSourceHr <Int32>] [-DefinitionUpdateFileShare <String[]>] -InputObject <IResultObject>
 [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetExclusionSettingsByValue

Set-CMAntimalwarePolicy [-ExcludeFilePath <String[]>] [-ExcludeFileType <String[]>]
 [-ExcludeProcess <String[]>] -InputObject <IResultObject> [-PassThru] [-DisableWildcardHandling]
 [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]

SetThreatOverridesSettingsByValue

Set-CMAntimalwarePolicy -ThreatName <String[]> -OverrideAction <DefaultActionMediumAndLowType[]>
 -InputObject <IResultObject> [-PassThru] [-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf]
 [-Confirm] [<CommonParameters>]

DESCRIPTION

The Set-CMAntiMalwarePolicy cmdlet changes configuration settings for an antimalware policy for System Center 2016 Endpoint Protection. You can increase or decrease the priority by which an antimalware policy is applied. You can apply an action to the security scope of an antimalware policy.

EXAMPLES

[!NOTE] Configuration Manager CmdLets must be run from the Configuration Manager site drive. For more information, see the getting started documentation.

Example 1: Increase the priority of an antimalware policy

PS XYZ:\> Set-CMAntiMalwarePolicy -Priority Increase -Name "ContosoPolicy"

This command increases the priority of the antimalware policy named ContosoPolicy.

PARAMETERS

-AllowClientUserConfigLimitCpuUsage

Indicates whether users on client computers can limit CPU usage.

Type: Boolean
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowClientUserConfigRealTime

Indicates whether users on client computers can configure real-time protection settings.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowClientUserConfigSampleSubmission

Indicates whether users are allowed to modify auto sample file submission settings.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowDeleteQuarantineFileDaysModification

Indicates whether users are allowed to configure the deletion period for quarantined files.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: AllowUserConfigQuarantinedFileDeletionPeriod

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowExclusionModification

Indicates whether users are allowed to modify exclusions.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: AllowUserAddExcludes

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowMapsModification

Indicates whether a local override for the Group Policy configuration to join Microsoft SpyNet is enabled.

If set to $True, the local preference setting takes priority over Group Policy. If set to $False, or not set, Group Policy takes priority over the local preference setting.

Type: Boolean
Parameter Sets: SetMAPSSettingsByName, SetMAPSSettingsByValue
Aliases: AllowUserChangeSpyNetSettings

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowUserViewHistory

Indicates whether users can view the full History results.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CheckLatestDefinition

Indicates whether the policy checks for the latest definition updates before it runs a scan.

Type: Boolean
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CloudBlockLevel

Specifies the level for blocking suspicious files. Valid values are:

  • Normal
  • High
Type: CloudBlockLevelType
Parameter Sets: SetMAPSSettingsByName, SetMAPSSettingsByValue
Aliases: 
Accepted values: Normal, High, HighExtraProtection, BlockUnknown

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-CreateSystemRestorePointBeforeClean

Indicates whether the cmdlet creates a system restore point before computers are cleaned.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultActionHigh

Specifies the default action taken for the High alert level. Valid values are:

  • Quarantine
  • Recommended
  • Remove
Type: DefaultActionSevereAndHighType
Parameter Sets: SetDefaultActionSettingsByName, SetDefaultActionSettingsByValue
Aliases: 
Accepted values: Recommended, Quarantine, Remove

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultActionLow

Specifies the default action taken for the Low alert level. Valid values are:

  • Allow
  • None
  • Quarantine
  • Remove
Type: DefaultActionMediumAndLowType
Parameter Sets: SetDefaultActionSettingsByName, SetDefaultActionSettingsByValue
Aliases: 
Accepted values: None, Quarantine, Remove, Allow

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultActionMedium

Specifies the default action taken for the Medium alert level. Valid values are:

  • Allow
  • None
  • Quarantine
  • Remove
Type: DefaultActionMediumAndLowType
Parameter Sets: SetDefaultActionSettingsByName, SetDefaultActionSettingsByValue
Aliases: 
Accepted values: None, Quarantine, Remove, Allow

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultActionSevere

Specifies the default action taken for the Severe alert level. Valid values are:

  • Quarantine
  • Recommended
  • Remove
Type: DefaultActionSevereAndHighType
Parameter Sets: SetDefaultActionSettingsByName, SetDefaultActionSettingsByValue
Aliases: 
Accepted values: Recommended, Quarantine, Remove

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefinitionUpdateFileShare

Specifies an array of UNC file share sources used to download definition updates. Sources are contacted in the order specified.

If you specify this parameter, the provided resources are contacted for definition updates. Once definition updates have been successfully downloaded from one source, the remaining sources in the list are not contacted. If you do not specify this parameter, the list remains empty and no sources are contacted.

Type: String[]
Parameter Sets: SetDefinitionUpdatesSettingsByName, SetDefinitionUpdatesSettingsByValue
Aliases: DefinitionUpdateFileSharesSources, DefinitionUpdateFileShares

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DeleteQuarantineFileDays

Specifies the number of days that items should be kept in the Quarantine folder before being removed.

If you specify this parameter, items are removed from the Quarantine folder after the specified number of days. If you do not specify this parameter, items are kept in the Quarantine folder for the number of days specified in the default policy, which is 30 days.

Type: Int32
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: DeleteQuarantinedFilesPeriod

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Description

Specifies a description for the antimalware policy.

Type: String
Parameter Sets: SetByName, SetByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DisableClientUI

Indicates whether the client user interface is disabled.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DisableWildcardHandling

DisableWildcardHandling treats wildcard characters as literal character values. Cannot be combined with ForceWildcardHandling.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableAutoSampleSubmission

Indicates whether auto sample file submission is enabled. Auto sample file submission helps Microsoft determine whether certain detected items are malicious.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableCatchupScan

Indicates whether a scan of the selected scan type is forced if a client computer is offline during two or more scheduled scans.

Type: Boolean
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnablePuaProtection

Indicates whether Potentially Unwanted Applications (PUAs) are blocked at download and prior to installation.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableQuickScan

Indicates whether the Quick scan type is specified for a scheduled scan.

Type: Boolean
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: EnableQuickDailyScan

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableReparsePointScanning

Indicates whether reparse point scanning is enabled.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableScheduledScan

Indicates whether a scheduled scan is run on client computers.

Type: Boolean
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableScriptScanning

Indicates whether the scanning of JavaScript scripts before running them in Internet Explorer is enabled.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EnableSignatureUpdateCatchup

Indicates whether a catch-up definition update will occur.

Type: Boolean
Parameter Sets: SetDefinitionUpdatesSettingsByName, SetDefinitionUpdatesSettingsByValue
Aliases: EnableSignatureUpdateCatchupInterval

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExcludeFilePath

Specifies an array of file paths for which scheduled and real-time scanning is disabled.

Type: String[]
Parameter Sets: SetExclusionSettingsByName, SetExclusionSettingsByValue
Aliases: ExcludedFilePaths, ExcludeFilePaths

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExcludeFileType

Specifies an array of file types to exclude from scheduled and real-time scanning.

Type: String[]
Parameter Sets: SetExclusionSettingsByName, SetExclusionSettingsByValue
Aliases: ExcludedFileTypes, ExcludeFileTypes

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExcludeProcess

Specifies an array of processes for which any files opened by any of the processes are excluded from scheduled and real-time scanning. The process itself is not excluded.

Type: String[]
Parameter Sets: SetExclusionSettingsByName, SetExclusionSettingsByValue
Aliases: ExcludedProcesses, ExcludeProcesses

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExtendedCloudCheckSec

Type: Int32
Parameter Sets: SetMAPSSettingsByName, SetMAPSSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FallbackOrder

Specifies an array of fallback order types. Valid values are:

  • UpdatesDistributedFromConfigurationManager
  • UpdatesDistributedFromMicrosoftMalwareProtectionCenter
  • UpdatesDistributedFromMicrosoftUpdate
  • UpdatesDistributedFromWsus
  • UpdatesFromUncFileShares
Type: FallbackOrderType[]
Parameter Sets: SetDefinitionUpdatesSettingsByName, SetDefinitionUpdatesSettingsByValue
Aliases: 
Accepted values: UpdatesDistributedFromConfigurationManager, UpdatesFromUncFileShares, UpdatesDistributedFromWsus, UpdatesDistributedFromMicrosoftUpdate, UpdatesDistributedFromMicrosoftMalwareProtectionCenter

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FallbackToAlternateSourceHr

Specifies the amount of time, in hours, since the client last updated its definition, whereby it will not check an alternative source for definitions.

Type: Int32
Parameter Sets: SetDefinitionUpdatesSettingsByName, SetDefinitionUpdatesSettingsByValue
Aliases: AuGracePeriod, FallbackToAlternateSourceHour

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ForceWildcardHandling

ForceWildcardHandling processes wildcard characters and may lead to unexpected behavior (not recommended). Cannot be combined with DisableWildcardHandling.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FullScanNetworkDrive

Indicates whether a full scan for network files is enabled. If set to $True, network files are scanned. If set to $False or not set, network files are not scanned.

Type: Boolean
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: FullScanNetworkDrives

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-InputObject

Type: IResultObject
Parameter Sets: SetByValue, SetScheduledScanSettingsByValue, SetScanSettingsByValue, SetDefaultActionSettingsByValue, SetRealtimeProtectionSettingsByValue, SetAdvancedSettingsByValue, SetMAPSSettingsByValue, SetDefinitionUpdatesSettingsByValue, SetExclusionSettingsByValue, SetThreatOverridesSettingsByValue
Aliases: AntiMalwarePolicy

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-JoinSpyNet

Specifies the Microsoft Active Protection Service membership type. Valid values are:

  • AdvancedMembership
  • BasicMembership
  • DoNotJoinMaps
Type: JoinSpyNetType
Parameter Sets: SetMAPSSettingsByName, SetMAPSSettingsByValue
Aliases: 
Accepted values: DoNotJoinMaps, BasicMembership, AdvancedMembership

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-LimitCpuUsage

Specifies the limit CPU usage during scans, in percentage.

Type: Int32
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 
Accepted values: 0, 10, 20, 30, 40, 50, 60, 70, 80, 90

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MonitorFileProgramActivity

Indicates whether file and program activity is monitored on the computer.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Name

Specifies the name of an antimalware policy.

Type: String
Parameter Sets: SetByName, SetScheduledScanSettingsByName, SetScanSettingsByName, SetDefaultActionSettingsByName, SetRealtimeProtectionSettingsByName, SetAdvancedSettingsByName, SetMAPSSettingsByName, SetDefinitionUpdatesSettingsByName, SetExclusionSettingsByName, SetThreatOverridesSettingsByName
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NetworkExploitProtection

Indicates whether network protection is enabled.

If set to $True, or not set, network protection is enabled. If set to $False, network protection is disabled.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: NetworkProtectionAgainstExploits

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NewName

Specifies a new name for the antimalware policy.

Type: String
Parameter Sets: SetByName, SetByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OverrideAction

Specifies the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings. Valid values are:

  • Allow
  • None
  • Quarantine
  • Remove
Type: DefaultActionMediumAndLowType[]
Parameter Sets: SetThreatOverridesSettingsByName, SetThreatOverridesSettingsByValue
Aliases: OverrideActions
Accepted values: None, Quarantine, Remove, Allow

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PassThru

Returns the current working object. By default, this cmdlet does not generate any output.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Priority

Specifies the priority of an antimalware policy. Valid values are:

  • Increase
  • Decrease
Type: PriorityChangeType
Parameter Sets: SetByName, SetByValue
Aliases: 
Accepted values: Increase, Decrease

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-QuickScanTime

Specifies the time of day at which to perform a daily quick scan.

Type: DateTime
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: ScheduledScanQuickTime

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RandomizeScheduledScanStartTime

Indicates whether scheduled scan and definition update start times are randomized within 30 minutes.

Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RealTimeProtectionOn

Indicates whether real-time protection is enabled.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RealTimeScanOption

Specifies the system files scan type. Valid values are:

  • ScanIncomingAndOutgoingFiles
  • ScanIncomingFilesOnly
  • ScanOutgoingFilesOnly
Type: RealTimeScanOptionType
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 
Accepted values: ScanIncomingAndOutgoingFiles, ScanIncomingFilesOnly, ScanOutgoingFilesOnly

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanAllDownloaded

Indicates whether all downloaded files and attachments are scanned.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanArchive

Indicates whether archived files, such as .ZIP or .CAB files, are scanned for malicious and unwanted software.

Type: Boolean
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: ScanArchivedFiles

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanEmail

Indicates whether email and email attachments are scanned.

Type: Boolean
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanNetworkDrive

Indicates whether scanning is enabled for network drives.

Type: Boolean
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: ScanNetworkDrives

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanRemovableStorage

Indicates whether removable storage devices, such as USB drives, are scanned.

Type: Boolean
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanWhenClientNotInUse

Indicates whether a scheduled scan is started only when the computer is idle.

Type: Boolean
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScheduledScanTime

Specifies the time of a scheduled scan.

Type: DateTime
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScheduledScanType

Specifies the type of a scheduled scan. Valid values are:

  • FullScan
  • None
  • QuickScan
Type: ScheduledScanType
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 
Accepted values: None, QuickScan, FullScan

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScheduledScanUserControl

Specifies the user control of scheduled scans. Valid values are:

  • FullControl
  • NoControl
  • ScanTimeOnly
Type: ScheduledScanUserControlType
Parameter Sets: SetScanSettingsByName, SetScanSettingsByValue
Aliases: 
Accepted values: NoControl, ScanTimeOnly, FullControl

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScheduledScanWeekday

Specifies the day of the week a scheduled scan runs. Valid values are:

  • Daily
  • Monday
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
  • Sunday
Type: ScheduledScanWeekdayType
Parameter Sets: SetScheduledScanSettingsByName, SetScheduledScanSettingsByValue
Aliases: 
Accepted values: Daily, Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ShowNotification

Indicates whether notifications are displayed to clients when they need to perform the following actions:

  • Run a full scan
  • Download the latest virus and spyware definitions
  • Download Standalone System Sweeper
Type: Boolean
Parameter Sets: SetAdvancedSettingsByName, SetAdvancedSettingsByValue
Aliases: ShowNotificationMessages

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SignatureUpdateHr

Specifies the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).

Type: Int32
Parameter Sets: SetDefinitionUpdatesSettingsByName, SetDefinitionUpdatesSettingsByValue
Aliases: SignatureUpdateInterval, SignatureUpdateIntervalHour

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SignatureUpdateTime

Specifies the time that the policy checks for Endpoint Protection definitions.

Type: DateTime
Parameter Sets: SetDefinitionUpdatesSettingsByName, SetDefinitionUpdatesSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ThreatName

Specifies the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.

Type: String[]
Parameter Sets: SetThreatOverridesSettingsByName, SetThreatOverridesSettingsByValue
Aliases: ThreatNames

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-UseBehaviorMonitor

Indicates whether behavior monitoring is enabled.

Type: Boolean
Parameter Sets: SetRealtimeProtectionSettingsByName, SetRealtimeProtectionSettingsByValue
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

OUTPUTS

NOTES

RELATED LINKS

Export-CMAntimalwarePolicy

Get-CMAntiMalwarePolicy

Import-CMAntimalwarePolicy

Merge-CMAntimalwarePolicy

New-CMAntimalwarePolicy

Remove-CMAntiMalwarePolicy

You can’t perform that action at this time.