Set-​CM​Antimalware​Policy

Changes configuration settings for an antimalware policy for Endpoint Protection.

Syntax

Set-CMAntimalwarePolicy
   [-AllowClientUserConfigLimitCpuUsage <Boolean>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-FullScanNetworkDrive <Boolean>]
   -Name <String>
   [-PassThru]
   [-ScanArchive <Boolean>]
   [-ScanEmail <Boolean>]
   [-ScanNetworkDrive <Boolean>]
   [-ScanRemovableStorage <Boolean>]
   [-ScheduledScanUserControl <ScheduledScanUserControlType>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowClientUserConfigLimitCpuUsage <Boolean>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-FullScanNetworkDrive <Boolean>]
   -InputObject <IResultObject>
   [-PassThru]
   [-ScanArchive <Boolean>]
   [-ScanEmail <Boolean>]
   [-ScanNetworkDrive <Boolean>]
   [-ScanRemovableStorage <Boolean>]
   [-ScheduledScanUserControl <ScheduledScanUserControlType>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowClientUserConfigRealTime <Boolean>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-EnablePuaProtection <Boolean>]
   [-EnableScriptScanning <Boolean>]
   [-ForceWildcardHandling]
   [-MonitorFileProgramActivity <Boolean>]
   -Name <String>
   [-NetworkExploitProtection <Boolean>]
   [-PassThru]
   [-RealTimeProtectionOn <Boolean>]
   [-RealTimeScanOption <RealTimeScanOptionType>]
   [-ScanAllDownloaded <Boolean>]
   [-UseBehaviorMonitor <Boolean>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowClientUserConfigRealTime <Boolean>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-EnablePuaProtection <Boolean>]
   [-EnableScriptScanning <Boolean>]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-MonitorFileProgramActivity <Boolean>]
   [-NetworkExploitProtection <Boolean>]
   [-PassThru]
   [-RealTimeProtectionOn <Boolean>]
   [-RealTimeScanOption <RealTimeScanOptionType>]
   [-ScanAllDownloaded <Boolean>]
   [-UseBehaviorMonitor <Boolean>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowClientUserConfigSampleSubmission <Boolean>]
   [-AllowDeleteQuarantineFileDaysModification <Boolean>]
   [-AllowExclusionModification <Boolean>]
   [-AllowUserViewHistory <Boolean>]
   [-Confirm]
   [-CreateSystemRestorePointBeforeClean <Boolean>]
   [-DeleteQuarantineFileDays <Int32>]
   [-DisableClientUI <Boolean>]
   [-DisableWildcardHandling]
   [-EnableAutoSampleSubmission <Boolean>]
   [-EnableReparsePointScanning <Boolean>]
   [-ForceWildcardHandling]
   -Name <String>
   [-PassThru]
   [-RandomizeScheduledScanStartTime <Boolean>]
   [-ShowNotification <Boolean>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowClientUserConfigSampleSubmission <Boolean>]
   [-AllowDeleteQuarantineFileDaysModification <Boolean>]
   [-AllowExclusionModification <Boolean>]
   [-AllowUserViewHistory <Boolean>]
   [-Confirm]
   [-CreateSystemRestorePointBeforeClean <Boolean>]
   [-DeleteQuarantineFileDays <Int32>]
   [-DisableClientUI <Boolean>]
   [-DisableWildcardHandling]
   [-EnableAutoSampleSubmission <Boolean>]
   [-EnableReparsePointScanning <Boolean>]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-PassThru]
   [-RandomizeScheduledScanStartTime <Boolean>]
   [-ShowNotification <Boolean>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowMapsModification <Boolean>]
   [-CloudBlockLevel <CloudBlockLevelType>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-ExtendedCloudCheckSec <Int32>]
   [-ForceWildcardHandling]
   [-JoinSpyNet <JoinSpyNetType>]
   -Name <String>
   [-PassThru]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-AllowMapsModification <Boolean>]
   [-CloudBlockLevel <CloudBlockLevelType>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-ExtendedCloudCheckSec <Int32>]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-JoinSpyNet <JoinSpyNetType>]
   [-PassThru]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-CheckLatestDefinition <Boolean>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-EnableCatchupScan <Boolean>]
   [-EnableQuickScan <Boolean>]
   [-EnableScheduledScan <Boolean>]
   [-ForceWildcardHandling]
   [-LimitCpuUsage <Int32>]
   -Name <String>
   [-PassThru]
   [-QuickScanTime <DateTime>]
   [-ScanWhenClientNotInUse <Boolean>]
   [-ScheduledScanTime <DateTime>]
   [-ScheduledScanType <ScheduledScanType>]
   [-ScheduledScanWeekday <ScheduledScanWeekdayType>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-CheckLatestDefinition <Boolean>]
   [-Confirm]
   [-DisableWildcardHandling]
   [-EnableCatchupScan <Boolean>]
   [-EnableQuickScan <Boolean>]
   [-EnableScheduledScan <Boolean>]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-LimitCpuUsage <Int32>]
   [-PassThru]
   [-QuickScanTime <DateTime>]
   [-ScanWhenClientNotInUse <Boolean>]
   [-ScheduledScanTime <DateTime>]
   [-ScheduledScanType <ScheduledScanType>]
   [-ScheduledScanWeekday <ScheduledScanWeekdayType>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DefaultActionHigh <DefaultActionSevereAndHighType>]
   [-DefaultActionLow <DefaultActionMediumAndLowType>]
   [-DefaultActionMedium <DefaultActionMediumAndLowType>]
   [-DefaultActionSevere <DefaultActionSevereAndHighType>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   -Name <String>
   [-PassThru]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DefaultActionHigh <DefaultActionSevereAndHighType>]
   [-DefaultActionLow <DefaultActionMediumAndLowType>]
   [-DefaultActionMedium <DefaultActionMediumAndLowType>]
   [-DefaultActionSevere <DefaultActionSevereAndHighType>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-PassThru]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DefinitionUpdateFileShare <String[]>]
   [-DisableWildcardHandling]
   [-EnableSignatureUpdateCatchup <Boolean>]
   [-FallbackOrder <FallbackOrderType[]>]
   [-FallbackToAlternateSourceHr <Int32>]
   [-ForceWildcardHandling]
   -Name <String>
   [-PassThru]
   [-SignatureUpdateHr <Int32>]
   [-SignatureUpdateTime <DateTime>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DefinitionUpdateFileShare <String[]>]
   [-DisableWildcardHandling]
   [-EnableSignatureUpdateCatchup <Boolean>]
   [-FallbackOrder <FallbackOrderType[]>]
   [-FallbackToAlternateSourceHr <Int32>]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-PassThru]
   [-SignatureUpdateHr <Int32>]
   [-SignatureUpdateTime <DateTime>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-Description <String>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   -Name <String>
   [-NewName <String>]
   [-PassThru]
   [-Priority <PriorityChangeType>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-Description <String>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-NewName <String>]
   [-PassThru]
   [-Priority <PriorityChangeType>]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DisableWildcardHandling]
   [-ExcludeFilePath <String[]>]
   [-ExcludeFileType <String[]>]
   [-ExcludeProcess <String[]>]
   [-ForceWildcardHandling]
   -Name <String>
   [-PassThru]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DisableWildcardHandling]
   [-ExcludeFilePath <String[]>]
   [-ExcludeFileType <String[]>]
   [-ExcludeProcess <String[]>]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   [-PassThru]
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   -InputObject <IResultObject>
   -OverrideAction <DefaultActionMediumAndLowType[]>
   [-PassThru]
   -ThreatName <String[]>
   [-WhatIf]
   [<CommonParameters>]
Set-CMAntimalwarePolicy
   [-Confirm]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   -Name <String>
   -OverrideAction <DefaultActionMediumAndLowType[]>
   [-PassThru]
   -ThreatName <String[]>
   [-WhatIf]
   [<CommonParameters>]

Description

The Set-CMAntiMalwarePolicy cmdlet changes configuration settings for an antimalware policy for System Center 2016 Endpoint Protection. You can increase or decrease the priority by which an antimalware policy is applied. You can apply an action to the security scope of an antimalware policy.

Examples

Example 1: Increase the priority of an antimalware policy

PS C:\> Set-CMAntiMalwarePolicy -Priority Increase -Name "ContosoPolicy"

This command increases the priority of the antimalware policy named ContosoPolicy.

Required Parameters

-InputObject

{{Fill InputObject Description}}

Type:IResultObject
Aliases:AntiMalwarePolicy
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-Name

Specifies the name of an antimalware policy.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-OverrideAction

Specifies the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings. Valid values are:- Allow

  • None
  • Quarantine
  • Remove
Type:DefaultActionMediumAndLowType[]
Aliases:OverrideActions
Parameter Sets:None, Quarantine, Remove, Allow
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ThreatName

Specifies the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.

Type:String[]
Aliases:ThreatNames
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-AllowClientUserConfigLimitCpuUsage

Indicates whether users on client computers can limit CPU usage.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowClientUserConfigRealTime

Indicates whether users on client computers can configure real-time protection settings.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowClientUserConfigSampleSubmission

Indicates whether users are allowed to modify auto sample file submission settings.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowDeleteQuarantineFileDaysModification

Indicates whether users are allowed to configure the deletion period for quarantined files.

Type:Boolean
Aliases:AllowUserConfigQuarantinedFileDeletionPeriod
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowExclusionModification

Indicates whether users are allowed to modify exclusions.

Type:Boolean
Aliases:AllowUserAddExcludes
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowMapsModification

Indicates whether a local override for the Group Policy configuration to join Microsoft SpyNet is enabled.If set to $True, the local preference setting takes priority over Group Policy. If set to $False, or not set, Group Policy takes priority over the local preference setting.

Type:Boolean
Aliases:AllowUserChangeSpyNetSettings
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AllowUserViewHistory

Indicates whether users can view the full History results.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CheckLatestDefinition

Indicates whether the policy checks for the latest definition updates before it runs a scan.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CloudBlockLevel

Specifies the level for blocking suspicious files. Valid values are:- Normal

  • High
Type:CloudBlockLevelType
Parameter Sets:Normal, High, HighExtraProtection, BlockUnknown
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-CreateSystemRestorePointBeforeClean

Indicates whether the cmdlet creates a system restore point before computers are cleaned.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultActionHigh

Specifies the default action taken for the High alert level. Valid values are:- Quarantine

  • Recommended
  • Remove
Type:DefaultActionSevereAndHighType
Parameter Sets:Recommended, Quarantine, Remove
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultActionLow

Specifies the default action taken for the Low alert level. Valid values are:- Allow

  • None
  • Quarantine
  • Remove
Type:DefaultActionMediumAndLowType
Parameter Sets:None, Quarantine, Remove, Allow
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultActionMedium

Specifies the default action taken for the Medium alert level. Valid values are:- Allow

  • None
  • Quarantine
  • Remove
Type:DefaultActionMediumAndLowType
Parameter Sets:None, Quarantine, Remove, Allow
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultActionSevere

Specifies the default action taken for the Severe alert level. Valid values are:- Quarantine

  • Recommended
  • Remove
Type:DefaultActionSevereAndHighType
Parameter Sets:Recommended, Quarantine, Remove
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefinitionUpdateFileShare

Specifies an array of UNC file share sources used to download definition updates. Sources are contacted in the order specified.If you specify this parameter, the provided resources are contacted for definition updates. Once definition updates have been successfully downloaded from one source, the remaining sources in the list are not contacted. If you do not specify this parameter, the list remains empty and no sources are contacted.

Type:String[]
Aliases:DefinitionUpdateFileSharesSources, DefinitionUpdateFileShares
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DeleteQuarantineFileDays

Specifies the number of days that items should be kept in the Quarantine folder before being removed.If you specify this parameter, items are removed from the Quarantine folder after the specified number of days. If you do not specify this parameter, items are kept in the Quarantine folder for the number of days specified in the default policy, which is 30 days.

Type:Int32
Aliases:DeleteQuarantinedFilesPeriod
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Description

Specifies a description for the antimalware policy.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisableClientUI

Indicates whether the client user interface is disabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisableWildcardHandling

DisableWildcardHandling treats wildcard characters as literal character values. Cannot be combined with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableAutoSampleSubmission

Indicates whether auto sample file submission is enabled. Auto sample file submission helps Microsoft determine whether certain detected items are malicious.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableCatchupScan

Indicates whether a scan of the selected scan type is forced if a client computer is offline during two or more scheduled scans.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnablePuaProtection

Indicates whether Potentially Unwanted Applications (PUAs) are blocked at download and prior to installation.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableQuickScan

Indicates whether the Quick scan type is specified for a scheduled scan.

Type:Boolean
Aliases:EnableQuickDailyScan
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableReparsePointScanning

Indicates whether reparse point scanning is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableScheduledScan

Indicates whether a scheduled scan is run on client computers.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableScriptScanning

Indicates whether the scanning of JavaScript scripts before running them in Internet Explorer is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EnableSignatureUpdateCatchup

Indicates whether a catch-up definition update will occur.

Type:Boolean
Aliases:EnableSignatureUpdateCatchupInterval
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludeFilePath

Specifies an array of file paths for which scheduled and real-time scanning is disabled.

Type:String[]
Aliases:ExcludedFilePaths, ExcludeFilePaths
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludeFileType

Specifies an array of file types to exclude from scheduled and real-time scanning.

Type:String[]
Aliases:ExcludedFileTypes, ExcludeFileTypes
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludeProcess

Specifies an array of processes for which any files opened by any of the processes are excluded from scheduled and real-time scanning. The process itself is not excluded.

Type:String[]
Aliases:ExcludedProcesses, ExcludeProcesses
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExtendedCloudCheckSec

{{Fill ExtendedCloudCheckSec Description}}

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FallbackOrder

Specifies an array of fallback order types. Valid values are:- UpdatesDistributedFromConfigurationManager

  • UpdatesDistributedFromMicrosoftMalwareProtectionCenter
  • UpdatesDistributedFromMicrosoftUpdate
  • UpdatesDistributedFromWsus
  • UpdatesFromUncFileShares
Type:FallbackOrderType[]
Parameter Sets:UpdatesDistributedFromConfigurationManager, UpdatesFromUncFileShares, UpdatesDistributedFromWsus, UpdatesDistributedFromMicrosoftUpdate, UpdatesDistributedFromMicrosoftMalwareProtectionCenter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FallbackToAlternateSourceHr

Specifies the amount of time, in hours, since the client last updated its definition, whereby it will not check an alternative source for definitions.

Type:Int32
Aliases:AuGracePeriod, FallbackToAlternateSourceHour
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForceWildcardHandling

ForceWildcardHandling processes wildcard characters and may lead to unexpected behavior (not recommended). Cannot be combined with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FullScanNetworkDrive

Indicates whether a full scan for network files is enabled. If set to $True, network files are scanned. If set to $False or not set, network files are not scanned.

Type:Boolean
Aliases:FullScanNetworkDrives
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-JoinSpyNet

Specifies the Microsoft Active Protection Service membership type. Valid values are:- AdvancedMembership

  • BasicMembership
  • DoNotJoinMaps
Type:JoinSpyNetType
Parameter Sets:DoNotJoinMaps, BasicMembership, AdvancedMembership
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-LimitCpuUsage

Specifies the limit CPU usage during scans, in percentage.

Type:Int32
Parameter Sets:0, 10, 20, 30, 40, 50, 60, 70, 80, 90
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-MonitorFileProgramActivity

Indicates whether file and program activity is monitored on the computer.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-NetworkExploitProtection

Indicates whether network protection is enabled.If set to $True, or not set, network protection is enabled. If set to $False, network protection is disabled.

Type:Boolean
Aliases:NetworkProtectionAgainstExploits
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-NewName

Specifies a new name for the antimalware policy.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassThru

Returns the current working object. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Priority

Specifies the priority of an antimalware policy. Valid values are:- Increase

  • Decrease
Type:PriorityChangeType
Parameter Sets:Increase, Decrease
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-QuickScanTime

Specifies the time of day at which to perform a daily quick scan.

Type:DateTime
Aliases:ScheduledScanQuickTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RandomizeScheduledScanStartTime

Indicates whether scheduled scan and definition update start times are randomized within 30 minutes.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RealTimeProtectionOn

Indicates whether real-time protection is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RealTimeScanOption

Specifies the system files scan type. Valid values are:- ScanIncomingAndOutgoingFiles

  • ScanIncomingFilesOnly
  • ScanOutgoingFilesOnly
Type:RealTimeScanOptionType
Parameter Sets:ScanIncomingAndOutgoingFiles, ScanIncomingFilesOnly, ScanOutgoingFilesOnly
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScanAllDownloaded

Indicates whether all downloaded files and attachments are scanned.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScanArchive

Indicates whether archived files, such as .ZIP or .CAB files, are scanned for malicious and unwanted software.

Type:Boolean
Aliases:ScanArchivedFiles
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScanEmail

Indicates whether email and email attachments are scanned.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScanNetworkDrive

Indicates whether scanning is enabled for network drives.

Type:Boolean
Aliases:ScanNetworkDrives
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScanRemovableStorage

Indicates whether removable storage devices, such as USB drives, are scanned.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScanWhenClientNotInUse

Indicates whether a scheduled scan is started only when the computer is idle.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScheduledScanTime

Specifies the time of a scheduled scan.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScheduledScanType

Specifies the type of a scheduled scan. Valid values are:- FullScan

  • None
  • QuickScan
Type:ScheduledScanType
Parameter Sets:None, QuickScan, FullScan
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScheduledScanUserControl

Specifies the user control of scheduled scans. Valid values are:- FullControl

  • NoControl
  • ScanTimeOnly
Type:ScheduledScanUserControlType
Parameter Sets:NoControl, ScanTimeOnly, FullControl
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ScheduledScanWeekday

Specifies the day of the week a scheduled scan runs. Valid values are:- Daily

  • Monday
  • Tuesday
  • Wednesday
  • Thursday
  • Friday
  • Saturday
  • Sunday
Type:ScheduledScanWeekdayType
Parameter Sets:Daily, Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ShowNotification

Indicates whether notifications are displayed to clients when they need to perform the following actions:- Run a full scan

  • Download the latest virus and spyware definitions
  • Download Standalone System Sweeper
Type:Boolean
Aliases:ShowNotificationMessages
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SignatureUpdateHr

Specifies the number of hours between update checks. Valid values range from 1 (every hour) to 24 (once per day).

Type:Int32
Aliases:SignatureUpdateInterval, SignatureUpdateIntervalHour
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SignatureUpdateTime

Specifies the time that the policy checks for Endpoint Protection definitions.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UseBehaviorMonitor

Indicates whether behavior monitoring is enabled.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False