使用适用于 Microsoft Intune 的 Endpoint Protection 帮助保障 Windows PC 的安全Help secure Windows PCs with Endpoint Protection for Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

通提供对恶意软件威胁的实时防护、使恶意软件定义保持最新以及自动扫描计算机的 Endpoint Protection,Microsoft Intune 可帮助保障托管计算机的安全。Microsoft Intune can help you to secure your managed computers with Endpoint Protection, which provides real-time protection against malware threats, keeps malware definitions up-to date, and automatically scans computers. Endpoint Protection 还提供可帮助你管理和监视恶意软件攻击的工具。Endpoint Protection also provides tools that help you to manage and monitor malware attacks.

如果你尚未在计算机上安装 Intune 客户端,请参阅使用 Microsoft Intune 安装 Windows 电脑客户端If you have not yet installed the Intune client on your computers, see Install the Windows PC client with Microsoft Intune.

使用以下各部分的信息来帮助你配置、部署和监视 Endpoint Protection。Use the information in the following sections to help you configure, deploy, and monitor Endpoint Protection.

选择何时使用 Endpoint ProtectionChoose when to use Endpoint Protection

IT 管理员的主要工作之一是保持所管理的计算机中没有恶意软件和病毒。As an IT admin, one of your top priorities is keeping the computers that you manage free of malware and viruses. 在将 Intune 部署到组织中的 Windows PC 之前,你应通过选择下列选项之一并配置其关联的策略设置来决定如何保护计算机:Before you deploy Intune to Windows PCs in your organization, you should decide how to protect your computers by selecting one of the following options and configuring its associated policy settings:

你希望:You want to: Endpoint Protection 策略设置Endpoint Protection policy settings 更多信息More information
仅当未安装第三方 Endpoint Protection 应用程序时,才使用 Microsoft Intune Endpoint Protection。Use Microsoft Intune Endpoint Protection only if no third-party endpoint protection application is installed.

在未安装第三方 Endpoint Protection 应用程序的所有计算机上,可以使用 Microsoft Intune Endpoint Protection。You can use Microsoft Intune Endpoint Protection on all computers where a third-party endpoint protection application is not installed.
安装 Endpoint Protection =“是”Install Endpoint Protection = Yes

启用 Endpoint Protection =“是”Enable Endpoint Protection = Yes

安装 Endpoint Protection,即使安装了第三方 Endpoint Protection 应用程序也不例外 =“否”Install Endpoint Protection even if a third-party endpoint protection application is installed = No
如果检测到第三方 Endpoint Protection 应用程序,则表明未安装 Microsoft Intune Endpoint Protection,或者此前安装过,但已被卸载。If a third-party endpoint protection application is detected, Microsoft Intune Endpoint Protection is not installed, and is uninstalled if it was installed previously.
即使安装了第三方 Endpoint Protection 应用程序,仍使用 Microsoft Intune Endpoint Protection。Use Microsoft Intune Endpoint Protection, even if a third-party endpoint protection application is installed.

采用此将同时运行 Microsoft Intune Endpoint Protection 和第三方 Endpoint Protection 应用程序。With this approach, you will be running Microsoft Intune Endpoint Protection and the third-party endpoint protection application simultaneously. 由于存在潜在的性能问题,不建议采用此配置。Because of potential performance issues, we don't recommend this configuration.
安装 Endpoint Protection =“是”Install Endpoint Protection = Yes

启用 Endpoint Protection =“是”Enable Endpoint Protection = Yes

安装 Endpoint Protection,即使安装了第三方 Endpoint Protection 应用程序也不例外 =“是”Install Endpoint Protection even if a third-party endpoint protection application is installed = Yes
何时使用:Use when:

- 要切换为使用 Microsoft Intune Endpoint Protection。- You want to switch to using Microsoft Intune Endpoint Protection.
- 将部署使用 Microsoft Intune Endpoint Protection 的新客户端。- You deploy a new client that will use Microsoft Intune Endpoint Protection.
- 升级任何将使用 Microsoft Intune Endpoint Protection 的客户端。- You upgrade any client that will use Microsoft Intune Endpoint Protection.
在没有 Microsoft Intune Endpoint Protection 的情况下使用 IntuneUse Intune without Microsoft Intune Endpoint Protection. 作为替代,你将依赖于第三方 Endpoint Protection 应用程序。Instead, you will rely on a third-party endpoint protection application. 安装 Endpoint Protection =“否”Install Endpoint Protection = No 如果未使用第三方 Endpoint Protection 应用程序,则不建议使用此配置,因为它可能会使组织的计算机面临恶意软件或其他攻击的威胁。If you are not using a third-party endpoint protection application, this configuration is not recommended, because it could expose your organization’s computers to malware or other attacks.

未安装 Microsoft Intune Endpoint Protection,如果之前已安装,则已卸载。Microsoft Intune Endpoint Protection is not installed, and is uninstalled if it was installed previously.

若要从当前 Endpoint Protection 应用程序切换到 Microsoft Intune Endpoint Protection,请执行以下操作:To switch from your current endpoint protection application to Microsoft Intune Endpoint Protection, do the following:

  1. 向那些计算机部署 Intune 客户端软件时,让当前 Endpoint Protection 应用程序一直运行。Leave your current endpoint protection application running while you deploy the Intune client software to those computers.

  2. 确认 Microsoft Intune Endpoint Protection 已安装并且正在帮助保护客户端计算机的安全。Confirm that Microsoft Intune Endpoint Protection is installed and is helping to secure client computers.

  3. 通过以下方法删除第三方端点保护软件:Remove the third-party endpoint protection software by:

    • 使用 Intune 软件分发部署第三方 Endpoint Protection 应用程序制造商提供的软件删除工具。Using Intune software distribution to deploy a software removal tool that's provided by the manufacturer of the third-party endpoint protection application. 有关详细信息,请参阅使用 Microsoft Intune 部署应用For more information, see Deploy apps with Microsoft Intune.

    • 手动删除第三方 Endpoint Protection 应用程序。Removing the third-party endpoint protection application manually.

备注

Intune 将不会自动卸载第三方 Endpoint Protection 应用程序。Intune will not automatically uninstall third-party endpoint protection applications.

配置 Microsoft Intune Endpoint ProtectionConfigure Microsoft Intune Endpoint Protection

使用以下步骤可帮助你配置适用于 Microsoft Intune 的 Endpoint Protection。Use the following steps to help you configure Endpoint Protection for Microsoft Intune.

  1. Microsoft Intune 管理控制台中,选择“策略” > “添加策略”。In the Microsoft Intune administration console, choose Policy > Add Policy.

  2. 展开“计算机管理”,然后选择“Microsoft Intune 代理设置”。Expand Computer Management, and then select Microsoft Intune Agent Settings. 选择“创建并部署自定义策略”,为 Endpoint Protection 设置指定策略。Select Create and Deploy a Custom Policy to specify a policy for Endpoint Protection settings. 然后选择“创建策略”按钮。Then choose the Create Policy button.

你可以使用建议的设置,或对设置进行自定义。You can use the recommended settings or customize the settings. 如果需要有关如何创建和部署策略的详细信息,请参阅使用 Microsoft Intune 计算机客户端的常见 Windows PC 管理任务主题。If you need more information about how to create and deploy policies, see the topic Common Windows PC management tasks with the Microsoft Intune computer client.

Endpoint Protection 设置

你可以在“策略”工作区的“所有策略”页上查看部署的 Endpoint Protection 策略。You can view the deployed Endpoint Protection policy on the All Policies page of the Policy workspace.

指定 Endpoint Protection 服务设置Specify Endpoint Protection service settings

策略设置Policy setting 详细信息Details
安装 Endpoint ProtectionInstall Endpoint Protection 设置为“是”即可在被管理的计算机上安装 Endpoint Protection。Set to Yes to install Endpoint Protection on managed computers. 如果在安装期间检测到第三方 Endpoint Protection 应用程序,则将不安装 Endpoint Protection,除非将即使安装了第三方 Endpoint Protection 应用程序,也安装 Endpoint Protection 设置为“是”。If a third-party endpoint protection application is detected during installation, Endpoint Protection will not be installed unless the setting Install Endpoint Protection even if a third-party endpoint protection application is installed is set to Yes. 注意:Intune Endpoint Protection 已默认安装在托管计算机上。Note: Intune Endpoint Protection is installed on managed computers by default. 如果不希望在收管理的计算机上安装 Endpoint Protection,则必须将此策略显式设置为“否”。If you don’t want to install Endpoint Protection on your managed computers, you must explicitly set this policy to No. 如果之前安装了 Endpoint Protection,且该策略已更新为“否”,则 Endpoint Protection 客户端将卸载。If Endpoint Protection was previously installed and the policy is updated to No, then the Endpoint Protection client will be uninstalled.
建议的值:Recommended value: Yes
即使安装了第三方 Endpoint Protection 应用程序,仍要安装 Endpoint ProtectionInstall Endpoint Protection even if a third-party endpoint protection application is installed 设置为“是”后,即使检测到第三方 Endpoint Protection 应用程序也能安装 Microsoft Intune Endpoint Protection。Set to Yes to install Microsoft Intune Endpoint Protection even if a third-party endpoint protection application is detected.

建议的值:Recommended value: Yes
启用 Endpoint ProtectionEnable Endpoint Protection 设置为“是”可在具有 Endpoint Protection 客户端的计算机上启用 Microsoft Intune Endpoint Protection。Set to Yes to enable Microsoft Intune Endpoint Protection on computers that have the Endpoint Protection client.

如果设置为“否”,并且安装了 Microsoft Intune Endpoint Protection,则不向用户显示 Endpoint Protection 客户端用户界面,并且所有保护功能处于非活动状态。If set to No, and Microsoft Intune Endpoint Protection is installed, the Endpoint Protection client user interface is not displayed to users, and all protection features are inactive.

建议的值:Recommended value: Yes
禁用客户端 UIDisable Client UI 设置为“是”即可向用户隐藏 Microsoft Intune Endpoint Protection 客户端用户界面(重启客户端计算机后才能生效)。Set to Yes to hide the Microsoft Intune Endpoint Protection client user interface from users (requires a client computer restart to take effect).

建议的值:Recommended value: No
即使安装了第三方 Endpoint Protection 应用程序,仍要安装 Endpoint ProtectionInstall Endpoint Protection even if a third-party endpoint protection application is installed 设置为“是”后,即使检测到第三方 Endpoint Protection 应用程序也能强制安装 Microsoft Intune Endpoint Protection。Set to Yes to force the installation of Microsoft Intune Endpoint Protection, even if a third-party endpoint protection application is detected.

建议的值:Recommended value: No
在修正恶意软件之前创建系统还原点Create a system restore point before malware remediation 设置为“是”以在任何恶意软件修正开始之前创建 Windows 系统还原点。Set to Yes to create a Windows System Restore Point before any malware remediation begins.

建议的值:Recommended value: Yes
跟踪已解决的恶意软件(天)Track resolved malware (days) 让 Endpoint Protection 跟踪解决的恶意软件一段指定的时间,以便你能够手动检查以前感染的计算机。Enables Endpoint Protection to track resolved malware for a specified time so that you can manually check previously infected computers.

可以指定从 0 到 30 天的值。You can specify a value from 0 to 30 days.

建议的值:7 天Recommended value: 7 days

如果将“安装 Endpoint Protection”和“启用 Endpoint Protection”设置的策略值设置为“是”,并将“即使安装了第三方 Endpoint Protection 应用程序,仍安装 Endpoint Protection”的策略值设置为“否”,则 Microsoft Intune Endpoint Protection 将会检测是否安装了其他 Endpoint Protection 应用程序。If you have set the policy values for the settings Install Endpoint Protection and Enable Endpoint Protection to Yes, and the policy value for Install Endpoint Protection even if a third-party endpoint protection application is installed to No, Microsoft Intune Endpoint Protection detects that another endpoint protection application is installed. 这意味着不会安装 Endpoint Protection(若已安装则将其卸载)。This means that Endpoint Protection won't be installed, or will be uninstalled if it is already present. 但是,Microsoft Intune Endpoint Protection 会报告 Intune 中其他 Endpoint Protection 应用程序的运行状况。However, Microsoft Intune Endpoint Protection does report about the health of the other endpoint protection application in Intune.

当潜在威胁(如病毒和间谍软件)试图在电脑上进行安装或运行时,Microsoft Security Essentials 可通过实时保护发出提醒。Microsoft Security Essentials alerts you with real-time protection when potential threats such as viruses and spyware are trying to install themselves or run on your PC. 出现这种情况时,你会在任务栏右侧的通知区域中看到一条消息。The moment this happens, you’ll see a message in the notification area to the right side of the taskbar.

指定实时保护设置Specify real-time protection settings

策略设置Policy setting 详细信息Details
启用实时保护Enable real-time protection 启用对所访问的所有文件和应用程序的监视和扫描。Enables monitoring and scanning of all files and applications that are accessed. 在任何恶意文件和应用程序能够在计算机上运行之前,此设置还会阻止这些文件和应用程序。It also blocks any malicious files and applications before they can run on computers.

建议的值:Recommended value: Yes
扫描所有下载Scan all downloads 启用对从 Internet 下载到计算机的所有文件和附件的扫描。Enables the scanning of all files and attachments that are downloaded from the Internet to computers.

建议的值:Recommended value: Yes
监视计算机上的文件和程序活动Monitor file and program activity on computers 启用对计算机上的传入文件和传出文件以及程序活动的监视。Enables the monitoring of incoming and outgoing files, and program activity on computers. 利用此设置,Endpoint Protection 可监视文件和程序何时开始运行,并将它们所执行的任何操作或针对它们执行的操作的相关信息通知你。With this setting, Endpoint Protection can monitor when files and programs start to run and alert you about any actions they perform or actions that are taken on them.

建议的值:Recommended value: Yes
受监视的文件Files monitored 允许选择只监视传入文件、传出文件或所有文件。Enables you to choose if only incoming, only outgoing, or all files are monitored.

建议的值:监视所有文件Recommended value: Monitor all files
启用行为监视Enable behavior monitoring 确保 Microsoft Intune Endpoint Protection 可检查客户端计算机上特定模式的可疑活动。Enables Microsoft Intune Endpoint Protection to check for certain patterns of suspicious activity on client computers.

建议的值:Recommended value: Yes
启用网络检查系统Enable Network Inspection System 在客户端计算机上启用网络检查系统 (NIS)。Enables Network Inspection System (NIS) on client computers. NIS 使用 Microsoft Malware Protection Center(Microsoft 恶意软件防护中心) 中的已知漏洞签名来帮助检测和阻止恶意网络流量。NIS uses signatures of known vulnerabilities from the Microsoft Malware Protection Center to help detect and block malicious network traffic.

建议的值:Recommended value: Yes

Endpoint Protection 的实时设置

指定扫描计划设置Specify scan schedule settings

策略设置Policy setting 更多信息More information
计划每日一次快速扫描Schedule a daily quick scan 计划对计算机上的常用文件和重要系统文件每天进行一次快速扫描。Schedules a daily quick scan of both frequently used files and important system files on computers. 此快速扫描对性能的影响最小。This quick scan has a minimal effect on performance.

建议的值:Recommended value: Yes
如果错过两次连续的扫描,则运行快速扫描Run a quick scan if you have missed two consecutive scans 配置 Endpoint Protection 以在计算机错过两次连续快速扫描的情况下自动运行快速扫描。Configures Endpoint Protection to automatically run a quick scan on computers if they have missed two consecutive quick scans.

建议的值:Recommended value: Yes
计划完全扫描Schedule a full scan 配置对本地计算机硬盘上的所有文件和资源进行完全扫描。Configures a full scan of all files and resources on the local computer hard disks. 此扫描可能需要一些时间,并可能会影响计算机性能(具体时间取决于扫描的文件和资源的数目)。This scan can take time and can affect computer performance (the amount time it takes depends on the number of files and resources that are scanned).

建议的值:Recommended value: No
如果错过两次连续的完全扫描,则运行完全扫描Run a full scan if you have missed two consecutive full scans 配置 Endpoint Protection 以在计算机错过两次连续扫描的情况下自动运行完全扫描。Configures Endpoint Protection to automatically run a full scan on computers if they have missed two consecutive scans.

建议的值:未配置Recommend value: Not configured

指定扫描选项设置Specify scan options settings

策略设置Policy setting 详细信息Details
在安装 Endpoint Protection 后运行完全扫描Run a full scan after installation of Endpoint Protection 设置为“是”Endpoint Protection 在计算机上安装之后自动运行一次完全系统扫描。Set to Yes to let Endpoint Protection automatically run a full system scan after it is installed on computers. 此扫描仅在计算机空闲时运行,以最大程度减小对用户工作效率的影响。This scan runs only when computers are idle to minimize the effect on user productivity.

建议的值:Recommended value: Yes
需要在删除恶意软件后执行后续操作时自动运行完全扫描Automatically run a full scan when needed to follow up malware removal 设置为“是”以让 Endpoint Protection 在恶意软件删除之后在计算机上自动运行一次完全系统扫描,以帮助确认其他文件未受影响。Set to Yes to let Endpoint Protection automatically run a full system scan on computers after the removal of malware to help confirm that other files were not affected.

建议的值:Recommended value: Yes
仅在计算机空闲时才开始计划的扫描Start a scheduled scan only when the computer is idle 设置为“是”以在计算机处于使用状态时防止计划扫描开始,以避免对用户工作效率造成任何损失。Set to Yes to prevent scheduled scans from starting when computers are in use to prevent any loss of user productivity.

建议的值:Recommended value: Yes
在开始扫描之前检查最新的恶意软件定义Check for the latest malware definitions before starting a scan 设置为“是”以让 Endpoint Protection 在开始在计算机上扫描之前自动检查是否有最新的恶意软件定义。Set to Yes to let Endpoint Protection automatically check for the latest malware definitions before it starts a scan on computers.

建议的值:Recommended value: Yes
扫描存档文件Scan archive files 设置为“是”以将 Endpoint Protection 配置为在计算机上的存档文件(如 .zip 或 .cab 文件)中扫描恶意软件。Set to Yes to configure Endpoint Protection to scan for malware in archive files (like .zip or .cab files) on computers.

建议的值:Recommended value: No
扫描电子邮件Scan email messages 设置为“是”以将 Endpoint Protection 配置为当电子邮件到达计算机上时对其进行扫描。Set to Yes to configure Endpoint Protection to scan incoming email messages when they arrive on computers.

建议的值:Recommended value: Yes
扫描从网络共享文件夹中打开的文件Scan files opened from network shared folders 设置为“是”以将 Endpoint Protection 配置为对从网络上的共享文件夹中打开的文件进行扫描。Set to Yes to configure Endpoint Protection to scan files that are opened from shared folders on the network. 这些通常是使用通用命名约定 (UNC) 路径访问的文件。These are typically files that are accessed by using a Universal Naming Convention (UNC) path. 启用此功能可能会导致具有只读访问权限的用户遇到问题,因为他们无法删除恶意软件。Enabling this feature can cause problems for users who have read-only access because they cannot remove malware.

建议的值:Recommended value: No
扫描映射的网络驱动器Scan mapped network drives 设置为“是”以将 Endpoint Protection 配置对映射的网络驱动器上的文件进行扫描。Set to Yes to configure Endpoint Protection to scan files on mapped network drives. 启用此功能可能会导致具有只读访问权限的用户遇到问题,因为他们无法删除恶意软件。Enabling this feature can cause problems for users who have read-only access because they cannot remove malware.

建议的值:Recommended value: No
扫描可移动驱动器Scan removable drives 设置为“是”以将 Endpoint Protection 配置为当你在计算机上运行完全扫描时在可移动驱动器(如 USB 闪存驱动器)上扫描恶意软件和不需要的软件。Set to Yes to configure Endpoint Protection to scan for malware and unwanted software on removable drives, like USB flash drives, when you run a full scan on computers.

建议的值:Recommended value: Yes
在扫描期间限制 CPU 使用率Limit CPU usage during a scan 设置在计算机上进行计划扫描期间可使用的最大 CPU 使用率百分比。Set the maximum percentage of CPU usage that can be used during scheduled scans on computers. 可以将此值设置为 1% 到 100%。You can set this value from 1 to 100 percent.

建议的值:50%Recommended value: 50%

选择默认操作设置Choose default actions settings

“选择 Endpoint Protection 处理以下警报级别的恶意软件的方式”设置指定在检测到各种警报级别的恶意软件时 Endpoint Protection 采取的默认操作。The setting Choose how Endpoint Protection acts on malware of the following alert levels specifies the default action that Endpoint Protection takes when malware of various alert levels is detected. 对于每个警报级别,你可以删除恶意软件、将其隔离,或者采取 Microsoft 建议的操作。For each alert level, you can remove the malware, quarantine it, or take Microsoft’s recommended action.

建议值:“建议的操作”,可确保 Endpoint Protection 推荐操作。Recommended value: Recommended action, which enables Endpoint Protection to recommend action.

决定是否选择排除的文件和文件夹设置Decide whether to choose the excluded files and folders settings

“在运行扫描或使用实时保护时要排除的文件和文件夹”设置在运行扫描时或在计算机上使用实时保护时排除特定文件或文件夹。The setting Files and folders to exclude when running a scan or using real-time protection excludes specific files or folders when a scan is run or when real-time protection is used on computers.

决定是否选择排除的进程设置Decide whether to choose the excluded processes settings

“在运行扫描或使用实时保护时要排除的进程”让你能在计算机上运行扫描或使用实时保护时排除特定的进程。The setting Processes to exclude when running a scan or using real-time protection lets you exclude specific processes when a scan is run or when real-time protection is used on computers. 只能排除具有下列扩展名的文件:.exe.com.scrYou can exclude only files with the following extensions: .exe, .com, or .scr.

决定是否选择排除的文件类型设置Decide whether to choose the excluded file types settings

“在运行扫描或使用实时保护时要排除的文件扩展名”设置让你能在计算机上运行扫描或使用实时保护时排除特定的文件扩展名。The setting File extensions to exclude when running a scan or using real-time protection lets you exclude specific file name extensions when a scan is run or when real-time protection is used on computers.

指定 Microsoft Active Protection Service 设置Specify Microsoft Active Protection Service Settings

Microsoft Active Protection Service 是一个可帮助你决定如何应对潜在威胁的在线社区。Microsoft Active Protection Service is an online community that helps you decide how to respond to potential threats. 该社区还可帮助防止新的恶意软件感染的传播。The community also helps stop the spread of new malware infections. 可以通过选择“是”来“加入 Microsoft Active Protection Service”,然后指定“成员资格级别”:You can Join Microsoft Active Protection Service by selecting Yes, and then specifying your Membership Level:

  • “基本”- 将有关检测到的恶意软件的基本信息发送到 Microsoft。Basic - Sends basic information to Microsoft about detected malware. 这包括软件来自何处、你实施的或 Endpoint Protection 自动实施的操作,以及这些操作是否成功等。This includes where the software came from, the actions that you apply or that Endpoint Protection applies automatically, and whether the actions were successful.
  • “高级”- 将有关恶意软件、间谍软件和可能不需要的软件的详细信息发送到 Microsoft。Advanced - Sends more information to Microsoft about malware, spyware, and potentially unwanted software. 这包括软件的位置、文件名、软件如何工作和它如何影响计算机等信息。This includes information about the location of the software, file names, how the software operates, and how it has affected your computer.

还可以接收基于 Microsoft Active Protection Service 报表的动态定义You can also Receive dynamic definitions based on Microsoft Active Protection Service reports.

选择 Endpoint Protection 的管理任务Choose management tasks for Endpoint Protection

下列任务可帮助你在运行 Endpoint Protection 的被管理的计算机上执行各种管理任务:The following tasks help you to carry out various management tasks on managed computers that run Endpoint Protection:

  • 更新恶意软件定义Update malware definitions
    • Intune 控制台 - 从“组”工作区中,选择要更新的计算机。Intune console - From the Groups workspace, select the computers that you want to update. 选择“远程任务”>更新恶意软件定义”。Choose Remote Tasks > Update Malware Definitions.
    • 被管理的计算机 - 从 Windows 通知区域中启动 Endpoint Protection 客户端软件。Managed computer - Start the Endpoint Protection client software from the Windows notification area. 选择“更新”选项卡,然后选择“更新”。Choose the Update tab, and then choose Update.
  • 运行恶意软件扫描:Run a malware scan:
    • Intune 控制台 - 从“组”工作区中,选择要扫描的计算机。Intune console - From the Groups workspace, select the computers that you want to scan. 选择“运行完全恶意软件扫描”或“运行快速恶意软件扫描”。Choose Run a Full Malware Scan or Run a Quick Malware Scan.
    • 被管理的计算机 - 从 Windows 通知区域中启动 Endpoint Protection 客户端软件。Managed computer - Start the Endpoint Protection client software from the Windows notification area. 选择“快速”、“完全”或“自定义”,然后选择“立即扫描”。Select Quick, Full, or Custom, and then choose Scan now.

可通过选择 Intune 控制台右下角的“远程任务”链接来查看远程任务的状态。You can view the status of a remote task by choosing the Remote Tasks link in the bottom right corner of the Intune console. “远程任务状态”当前远程任务、任务状态、设备名称以及报告的任何错误。The Remote Task Status dialog box lists current remote tasks, task status, device name, and any reported errors. 还可提供适用的故障排除信息链接。It also provides a link to troubleshooting information, if appropriate.

监视 Endpoint ProtectionMonitor Endpoint Protection

通过监视计算机上的恶意软件状态 保护 工作区 Microsoft Intune 管理控制台You monitor the status of malware on your computers by using the Protection workspace of the Microsoft Intune administration console. 此工作区包含两页:This workspace contains two pages:

  • “Protection 概要”以链接的形式显示重要问题,你可以选择这些链接来了解详细信息。Protection Overview -Displays important issues as links that you can choose for more information. 可能显示的问题包括:Issues that might be displayed include:
    • “需要跟进的恶意软件实例” – 单击链接以查看恶意软件问题的列表,包括为解决问题所需采取的跟进操作。Malware instances that need follow-up – Click the link to see a list of malware issues, including the follow-up action that needs to be taken to resolve the issue. 你可以进一步探索此列表,查看哪些计算机受到影响。You can further explore this list to see which computers are affected.
    • “具有需要跟进的恶意软件的计算机” – 单击链接以查看具有未解决的恶意软件问题的所有计算机,以及为解决问题所需采取的跟进操作。Computers with malware that need follow-up – Click the link to see all computers with unresolved malware issues, as well as the follow-up action that needs to be taken to resolve the issue.
    • “不受保护的设备”– 单击链接以查看由于未安装软件或存在错误而未受任何 Endpoint Protection 软件保护的计算机。Devices that are not protected – Click the link to see computers that are not protected by any endpoint protection software, either because no software is installed, or because there is an error. 选择一台计算机以查看更多详细信息。Select a computer to view more details.
    • “正在运行另一个 Endpoint Protection 应用程序的设备”– 单击链接以查看正在运行第三方 Endpoint Protection 应用程序的计算机。Devices with another endpoint protection application running – Click the link to see computers that are running a third-party endpoint protection application.
  • “所有恶意软件” - 显示在计算机上找到的所有活动恶意软件的列表。All Malware - Displays a list of all active malware that's found on your computers. 可以探索此列表,查看受某个特定恶意软件影响的所有计算机,或者你可以选择下列任务之一:You can explore this list to see all computers that are affected by a particular piece of malware, or you can select one of the following tasks:
    • “查看属性”– 打开包含所选恶意软件详细信息的页面。View Properties – Opens a page with more information about the selected malware.
    • “了解此恶意软件”– 打开 Microsoft 恶意软件防护中心中包含恶意软件详细信息的主题。Learn About This Malware – Opens a topic from the Microsoft Malware Protection Center with more information about the malware.

重要

直到已安装客户端,并管理至少一台计算机客户端,“保护”工作区才会显示在管理控制台中。The Protection workspace is not displayed in the administration console until you have installed the client and are managing at least one computer client.

监视 Endpoint Protection

如何在计算机上查看恶意软件的最近检测路径How to view Recent Detection Paths for malware on computers

Intune 可以在设备上显示多达 10 个最近检测到的恶意软件实例的路径。Intune can display the paths of up to 10 of the most recently detected instances of malware on a device. “最近检测路径”默认处于禁用状态。The Recent Detection Path is disabled by default. 启用此视图:To enable this view:

  1. Microsoft Intune 管理控制台中,选择“组” > “所有设备” > “所有计算机”。In the Microsoft Intune administration console, choose Groups > All Devices > All Computers.
  2. 右键单击要查看其最近检测路径的计算机,然后选择“属性”。Right-click the computer whose recent detection paths you want to see and select Properties.
  3. 从顶部的选项卡中选择“恶意软件”。Select Malware from the tabs across the top.

    选择“恶意软件”选项卡,然后单击“最近检测路径”复选框

  4. 右键单击列标题。Right-click the column header. 将显示可用列的列表。A list of available columns appears. 在列表中选择“最近检测路径”复选框。Select the Recent Detection Paths check box in the list. 将出现“最近检测路径”列,并显示在设备上监视的多达 10 个最近的恶意软件实例。The Recent Detection Paths column appears and displays up to 10 of the most recently monitored malware instances on the device.

在计算机上运行恶意软件扫描或更新恶意软件定义Run a malware scan or update malware definitions on a computer

Intune 可以在安装有 Intune 客户端的远程托管电脑上使用 Endpoint Protection 或 Windows Defender 运行完整或快速的恶意软件扫描。Intune can run either a full or quick malware scan by using Endpoint Protection or Windows Defender on a remotely managed PC that has the Intune client installed.

  1. Microsoft Intune 管理控制台中,转到“组” > 概述” > 所有设备” > “所有计算机”,然后选择你的目标计算机。In the Microsoft Intune administration console, go to Groups > Overview > All Devices > All Computers, and then select the computer that you want to target.

  2. 选择“远程任务”下拉列表,然后选择要在远程计算机上运行的任务。Choose the Remote Tasks drop-down list, and then select the task to run on the remote computer.

需要更多帮助?Need more help?

有关更多帮助和支持,请参阅 Microsoft Intune 中的 Endpoint Protection 疑难解答For further help and support, see Troubleshoot Endpoint Protection in Microsoft Intune.

另请参阅See Also

保护 Windows 电脑的策略Policies to protect Windows PCs