Set-CMAntimalwarePolicy

Syntax

SetByName (Default)

Set-CMAntimalwarePolicy
    -Name <String>
    [-Description <String>]
    [-NewName <String>]
    [-PassThru]
    [-Priority <PriorityChangeType>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetDefinitionUpdatesSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AddDefinitionUpdateFileShare <String[]>]
    [-CleanDefinitionUpdateFileShare]
    [-DefinitionUpdateFileShare <String[]>]
    [-EnableSignatureUpdateCatchup <Boolean>]
    [-FallbackOrder <FallbackOrderType[]>]
    [-FallbackToAlternateSourceHr <Int32>]
    [-PassThru]
    [-RemoveDefinitionUpdateFileShare <String[]>]
    [-SignatureUpdateHr <Int32>]
    [-SignatureUpdateTime <DateTime>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetDefinitionUpdatesSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AddDefinitionUpdateFileShare <String[]>]
    [-CleanDefinitionUpdateFileShare]
    [-DefinitionUpdateFileShare <String[]>]
    [-EnableSignatureUpdateCatchup <Boolean>]
    [-FallbackOrder <FallbackOrderType[]>]
    [-FallbackToAlternateSourceHr <Int32>]
    [-PassThru]
    [-RemoveDefinitionUpdateFileShare <String[]>]
    [-SignatureUpdateHr <Int32>]
    [-SignatureUpdateTime <DateTime>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetExclusionSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AddExcludedFilePath <String[]>]
    [-AddExcludedFileType <String[]>]
    [-AddExcludedProcess <String[]>]
    [-CleanExcludedFilePath]
    [-CleanExcludedFileType]
    [-CleanExcludedProcess]
    [-ExcludeFilePath <String[]>]
    [-ExcludeFileType <String[]>]
    [-ExcludeProcess <String[]>]
    [-PassThru]
    [-RemoveExcludedFilePath <String[]>]
    [-RemoveExcludedFileType <String[]>]
    [-RemoveExcludedProcess <String[]>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetExclusionSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AddExcludedFilePath <String[]>]
    [-AddExcludedFileType <String[]>]
    [-AddExcludedProcess <String[]>]
    [-CleanExcludedFilePath]
    [-CleanExcludedFileType]
    [-CleanExcludedProcess]
    [-ExcludeFilePath <String[]>]
    [-ExcludeFileType <String[]>]
    [-ExcludeProcess <String[]>]
    [-PassThru]
    [-RemoveExcludedFilePath <String[]>]
    [-RemoveExcludedFileType <String[]>]
    [-RemoveExcludedProcess <String[]>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetThreatOverridesSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AddThreat <Hashtable>]
    [-CleanThreat]
    [-OverrideAction <DefaultActionMediumAndLowType[]>]
    [-PassThru]
    [-RemoveThreat <String[]>]
    [-ThreatName <String[]>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetThreatOverridesSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AddThreat <Hashtable>]
    [-CleanThreat]
    [-OverrideAction <DefaultActionMediumAndLowType[]>]
    [-PassThru]
    [-RemoveThreat <String[]>]
    [-ThreatName <String[]>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetScanSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AllowClientUserConfigLimitCpuUsage <Boolean>]
    [-FullScanNetworkDrive <Boolean>]
    [-PassThru]
    [-ScanArchive <Boolean>]
    [-ScanEmail <Boolean>]
    [-ScanNetworkDrive <Boolean>]
    [-ScanRemovableStorage <Boolean>]
    [-ScheduledScanUserControl <ScheduledScanUserControlType>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetScanSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AllowClientUserConfigLimitCpuUsage <Boolean>]
    [-FullScanNetworkDrive <Boolean>]
    [-PassThru]
    [-ScanArchive <Boolean>]
    [-ScanEmail <Boolean>]
    [-ScanNetworkDrive <Boolean>]
    [-ScanRemovableStorage <Boolean>]
    [-ScheduledScanUserControl <ScheduledScanUserControlType>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetRealtimeProtectionSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AllowClientUserConfigRealTime <Boolean>]
    [-EnablePuaProtection <Boolean>]
    [-PuaProtection <PuaProtection>]
    [-EnableScriptScanning <Boolean>]
    [-MonitorFileProgramActivity <Boolean>]
    [-NetworkExploitProtection <Boolean>]
    [-PassThru]
    [-RealTimeProtectionOn <Boolean>]
    [-RealTimeScanOption <RealTimeScanOptionType>]
    [-ScanAllDownloaded <Boolean>]
    [-UseBehaviorMonitor <Boolean>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetRealtimeProtectionSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AllowClientUserConfigRealTime <Boolean>]
    [-EnablePuaProtection <Boolean>]
    [-PuaProtection <PuaProtection>]
    [-EnableScriptScanning <Boolean>]
    [-MonitorFileProgramActivity <Boolean>]
    [-NetworkExploitProtection <Boolean>]
    [-PassThru]
    [-RealTimeProtectionOn <Boolean>]
    [-RealTimeScanOption <RealTimeScanOptionType>]
    [-ScanAllDownloaded <Boolean>]
    [-UseBehaviorMonitor <Boolean>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetAdvancedSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AllowClientUserConfigSampleSubmission <Boolean>]
    [-AllowDeleteQuarantineFileDaysModification <Boolean>]
    [-AllowExclusionModification <Boolean>]
    [-AllowUserViewHistory <Boolean>]
    [-CreateSystemRestorePointBeforeClean <Boolean>]
    [-DeleteQuarantineFileDays <Int32>]
    [-DisableClientUI <Boolean>]
    [-EnableAutoSampleSubmission <Boolean>]
    [-EnableReparsePointScanning <Boolean>]
    [-PassThru]
    [-RandomizeScheduledScanStartTime <Boolean>]
    [-ShowNotification <Boolean>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetAdvancedSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AllowClientUserConfigSampleSubmission <Boolean>]
    [-AllowDeleteQuarantineFileDaysModification <Boolean>]
    [-AllowExclusionModification <Boolean>]
    [-AllowUserViewHistory <Boolean>]
    [-CreateSystemRestorePointBeforeClean <Boolean>]
    [-DeleteQuarantineFileDays <Int32>]
    [-DisableClientUI <Boolean>]
    [-EnableAutoSampleSubmission <Boolean>]
    [-EnableReparsePointScanning <Boolean>]
    [-PassThru]
    [-RandomizeScheduledScanStartTime <Boolean>]
    [-ShowNotification <Boolean>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetMAPSSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-AllowMapsModification <Boolean>]
    [-CloudBlockLevel <CloudBlockLevelType>]
    [-ExtendedCloudCheckSec <Int32>]
    [-JoinSpyNet <JoinSpyNetType>]
    [-PassThru]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetMAPSSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-AllowMapsModification <Boolean>]
    [-CloudBlockLevel <CloudBlockLevelType>]
    [-ExtendedCloudCheckSec <Int32>]
    [-JoinSpyNet <JoinSpyNetType>]
    [-PassThru]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetScheduledScanSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-CheckLatestDefinition <Boolean>]
    [-EnableCatchupScan <Boolean>]
    [-EnableQuickScan <Boolean>]
    [-EnableScheduledScan <Boolean>]
    [-LimitCpuUsage <Int32>]
    [-PassThru]
    [-QuickScanTime <DateTime>]
    [-ScanWhenClientNotInUse <Boolean>]
    [-ScheduledScanTime <DateTime>]
    [-ScheduledScanType <ScheduledScanType>]
    [-ScheduledScanWeekday <ScheduledScanWeekdayType>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetScheduledScanSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-CheckLatestDefinition <Boolean>]
    [-EnableCatchupScan <Boolean>]
    [-EnableQuickScan <Boolean>]
    [-EnableScheduledScan <Boolean>]
    [-LimitCpuUsage <Int32>]
    [-PassThru]
    [-QuickScanTime <DateTime>]
    [-ScanWhenClientNotInUse <Boolean>]
    [-ScheduledScanTime <DateTime>]
    [-ScheduledScanType <ScheduledScanType>]
    [-ScheduledScanWeekday <ScheduledScanWeekdayType>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetDefaultActionSettingsByName

Set-CMAntimalwarePolicy
    -Name <String>
    [-DefaultActionHigh <DefaultActionSevereAndHighType>]
    [-DefaultActionLow <DefaultActionMediumAndLowType>]
    [-DefaultActionMedium <DefaultActionMediumAndLowType>]
    [-DefaultActionSevere <DefaultActionSevereAndHighType>]
    [-PassThru]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetDefaultActionSettingsByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-DefaultActionHigh <DefaultActionSevereAndHighType>]
    [-DefaultActionLow <DefaultActionMediumAndLowType>]
    [-DefaultActionMedium <DefaultActionMediumAndLowType>]
    [-DefaultActionSevere <DefaultActionSevereAndHighType>]
    [-PassThru]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

SetByValue

Set-CMAntimalwarePolicy
    -InputObject <IResultObject>
    [-Description <String>]
    [-NewName <String>]
    [-PassThru]
    [-Priority <PriorityChangeType>]
    [-DisableWildcardHandling]
    [-ForceWildcardHandling]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Examples

Example 1: Create an antimalware policy and enable PUA auditing

$polName = "Real-time protection policy"
$polDesc = "via Pwsh by " + $env:UserName + " at " + $(Get-Date)
New-CMAntimalwarePolicy -Name $polName -Description $polDesc -Policy RealTimeProtection

Set-CMAntimalwarePolicy -Name $polName -PuaProtection Audit

Example 2: Increase the priority of an antimalware policy

Set-CMAntiMalwarePolicy -Name "ContosoPolicy" -Priority Increase

Parameters

-AddDefinitionUpdateFileShare

If you select UNC file shares as a security intelligence update source, use this parameter to add more network paths to the list.

Parameter properties

Parameter sets

-AddExcludedFilePath

Specify a file or folder path to exclude from antimalware scans. Exclusions can help scans complete faster or avoid conflicts with some applications. It can also increase the malware risk.

Use this parameter to add more paths to the list.

For example: %windir%\explorer.exe, %windir%\system32

Parameter properties

Parameter sets

-AddExcludedFileType

Specify a file extension to exclude all files of this type from antimalware scans. Exclusions can help scans complete faster or avoid conflicts with some applications. It can also increase the malware risk.

Use this parameter to add more types to the list.

For example: .jpg, .txt

Parameter properties

Parameter sets

-AddExcludedProcess

Specify the path to a process executable file to exclude it from antimalware scans. Exclusions can help scans complete faster or avoid conflicts with some applications. It can also increase the malware risk.

Use this parameter to add more processes to the list.

For example: %windir%\system32\service.exe

Parameter properties

Parameter sets

-AddThreat

Specify a hashtable of threat names and corresponding override action. This table defines remediation actions to take when the specified threat name is detected during a scan.

Use this parameter to add more threats to the list.

Parameter properties

Parameter sets

-AllowClientUserConfigLimitCpuUsage

Set this parameter to $true to allow users on client computers to configure CPU usage during scans.

Parameter properties

Parameter sets

-AllowClientUserConfigRealTime

Set this parameter to $true to allow users on client computers to configure real-time protection settings.

Parameter properties

Parameter sets

-AllowClientUserConfigSampleSubmission

Set this parameter to $true to allow users on client computers to modify auto sample file submission settings.

Parameter properties

Parameter sets

-AllowDeleteQuarantineFileDaysModification

Set this parameter to $true to allow users on client computers to configure the setting for quarantined file deletion.

Parameter properties

Parameter sets

-AllowExclusionModification

Set this parameter to $true to allow users on client computers to exclude files and folders, file types, and processes from scans.

Parameter properties

Parameter sets

-AllowMapsModification

Set this parameter to $true to allow users on client computers to modify Cloud Protection Service settings.

Parameter properties

Parameter sets

-AllowUserViewHistory

Set this parameter to $true to allow all users on client computers to view the full history results.

Parameter properties

Parameter sets

-CheckLatestDefinition

Set this parameter to $true to check for the latest security intelligence updates before running a scan.

Parameter properties

Parameter sets

-CleanDefinitionUpdateFileShare

Add this parameter to remove the list of network file shares to use as security intelligence update sources.

Parameter properties

Parameter sets

-CleanExcludedFilePath

Add this parameter to remove the list of file paths to exclude from scans.

Parameter properties

Parameter sets

-CleanExcludedFileType

Add this parameter to remove the list of file extensions to exclude from scans.

Parameter properties

Parameter sets

-CleanExcludedProcess

Add this parameter to remove the list of processes to exclude from scans.

Parameter properties

Parameter sets

-CleanThreat

Add this parameter to remove the table of predefined remediation actions for detected threat names.

Parameter properties

Parameter sets

-CloudBlockLevel

For the Cloud Protection Service, specify the level of blocking suspicious files.

Parameter properties

Parameter sets

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Parameter sets

-CreateSystemRestorePointBeforeClean

Set this parameter to $true to create a system restore point before computers are cleaned.

Parameter properties

Parameter sets

-DefaultActionHigh

Specify the default action that endpoint protection takes in response to a threat it classifies at the High level.

Parameter properties

Parameter sets

-DefaultActionLow

Specify the default action that endpoint protection takes in response to a threat it classifies at the Low level.

Parameter properties

Parameter sets

-DefaultActionMedium

Specify the default action that endpoint protection takes in response to a threat it classifies at the Medium level.

Parameter properties

Parameter sets

-DefaultActionSevere

Specify the default action that endpoint protection takes in response to a threat it classifies at the Severe level.

Parameter properties

Parameter sets

-DefinitionUpdateFileShare

Specify an array of UNC file share sources used to download security intelligence updates. Sources are contacted in the order specified.

If you specify this parameter, the client contacts the provided resources for updates. Once the client successfully downloads updates from one source, it doesn't contact the remaining sources in the list. If you don't specify this parameter, the list remains empty and no sources are contacted.

Parameter properties

Parameter sets

-DeleteQuarantineFileDays

Specify the number of days that items should be kept in the Quarantine folder before being removed.

If you specify this parameter, items are removed from the Quarantine folder after the specified number of days. If you don't specify this parameter, items are kept in the Quarantine folder for the number of days specified in the default policy, which is 30 days.

Parameter properties

Parameter sets

-Description

Specify an optional description for the antimalware policy to help you identify it.

Parameter properties

Parameter sets

-DisableClientUI

Set this parameter to $true to disable the client user interface.

Parameter properties

Parameter sets

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Parameter properties

Parameter sets

-EnableAutoSampleSubmission

Set this parameter to $true to enable auto sample file submission. This feature helps Microsoft determine whether certain detected items are malicious.

Parameter properties

Parameter sets

-EnableCatchupScan

Set this parameter to $true to force a scan of the selected scan type if a client computer is offline during two or more scheduled scans.

Parameter properties

Parameter sets

-EnablePuaProtection

In version 2103 or earlier, set this parameter to $true to enable detection for potentially unwanted applications (PUA).

Starting in version 2107, use the PuaProtection parameter to configure this setting.

Parameter properties

Parameter sets

-EnableQuickScan

Set this parameter to $true to run a daily quick scan on client computers.

Parameter properties

Parameter sets

-EnableReparsePointScanning

Set this parameter to $true to enable reparse point scanning.

Parameter properties

Parameter sets

-EnableScheduledScan

Set this parameter to $true to configure this policy to run a scheduled scan on client computers.

Parameter properties

Parameter sets

-EnableScriptScanning

Set this parameter to $true to enable script scanning.

Parameter properties

Parameter sets

-EnableSignatureUpdateCatchup

Set this parameter to $true to force a security intelligence update if the client computer is offline for more than two consecutive scheduled updates.

Parameter properties

Parameter sets

-ExcludeFilePath

Specify an array of file paths for which scheduled and real-time scanning is disabled.

Parameter properties

Parameter sets

-ExcludeFileType

Specify an array of file types to exclude from scheduled and real-time scanning.

Parameter properties

Parameter sets

-ExcludeProcess

Specify an array of processes for which any files opened by any of the processes are excluded from scheduled and real-time scanning. The process itself is not excluded.

Parameter properties

Parameter sets

-ExtendedCloudCheckSec

Specify the number of seconds to allow an extended check with the Cloud Protection Service to block and scan suspicious files.

Parameter properties

Parameter sets

-FallbackOrder

Define which security intelligence update sources the client uses, and the order in which it contacts them.

Parameter properties

Parameter sets

-FallbackToAlternateSourceHr

If you use Configuration Manager as a source for security intelligence updates, clients will only update from alternative sources if security intelligence is older than the number of hours that you specify with this value.

Parameter properties

Parameter sets

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Parameter properties

Parameter sets

-FullScanNetworkDrive

Set this parameter to $true to scan mapped network drives when running a full scan.

Parameter properties

Parameter sets

-InputObject

Specify an antimalware policy object to configure. To get this object, use the Get-CMAntiMalwarePolicy cmdlet.

Parameter properties

Parameter sets

-JoinSpyNet

Specify the Cloud Protection Service membership type.

• DoNotJoinMaps: No information is sent.
• BasicMembership: Collect and send lists of detected malware.
• AdvancedMembership: Basic information and more comprehensive information that could contain personal information. For example, file paths and partial memory dumps.

Parameter properties

Parameter sets

-LimitCpuUsage

Specify the percentage to limit CPU usage during scans.

Parameter properties

Parameter sets

-MonitorFileProgramActivity

Set this parameter to $true to monitor file and program activity on the client computer.

Parameter properties

Parameter sets

-Name

Specify the name of an antimalware policy to configure.

Parameter properties

Parameter sets

-NetworkExploitProtection

Set this parameter to $true to enable protection against network-based exploits.

Parameter properties

Parameter sets

-NewName

Use this parameter to rename the policy that you specify with either the Name or InputObject parameters.

Parameter properties

Parameter sets

-OverrideAction

Specify the threat override action. Use this parameter with the ThreatName parameter to configure threat override settings.

Parameter properties

Parameter sets

-PassThru

Add this parameter to return an object that represents the item with which you're working. By default, this cmdlet may not generate any output.

Parameter properties

Parameter sets

-Priority

Use this parameter to change the priority of the antimalware policy.

Parameter properties

Parameter sets

-PuaProtection

Starting in version 2107, use this parameter to configure detection for potentially unwanted applications (PUA). Specify one of the following values: Disable, Enable, or Audit

Parameter properties

Parameter sets

-QuickScanTime

Specify a datetime object for when to do a daily quick scan. To get this object, use the Get-Date built-in cmdlet.

Parameter properties

Parameter sets

-RandomizeScheduledScanStartTime

Set this parameter to $true to randomize scheduled scan and security intelligence update start times.

Parameter properties

Parameter sets

-RealTimeProtectionOn

Set this parameter to $true to enable real-time protection.

Parameter properties

Parameter sets

-RealTimeScanOption

Specify how real-time protection scans system files. For performance reasons, you might have to change the default value if a server has high incoming or outgoing file activity.

Parameter properties

Parameter sets

-RemoveDefinitionUpdateFileShare

Specify the network file share paths to remove from the list. To clear the entire list, use the CleanDefinitionUpdateFileShare parameter.

Parameter properties

Parameter sets

-RemoveExcludedFilePath

Specify the excluded file paths to remove from the list. To clear the entire list, use the CleanExcludedFilePath parameter.

Parameter properties

Parameter sets

-RemoveExcludedFileType

Specify the excluded file types to remove from the list. To clear the entire list, use the CleanExcludedFileType parameter.

Parameter properties

Parameter sets

-RemoveExcludedProcess

Specify the excluded processes to remove from the list. To clear the entire list, use the CleanExcludedProcesses parameter.

Parameter properties

Parameter sets

-RemoveThreat

Specify the names of threats to remove from the threat override table.

Parameter properties

Parameter sets

-ScanAllDownloaded

Set this parameter to $true to scan all downloaded files and enable exploit protection for the browser.

Parameter properties

Parameter sets

-ScanArchive

Set this parameter to $true to scan archived files, for example .zip or .cab files.

Parameter properties

Parameter sets

-ScanEmail

Set this parameter to $true to scan email and email attachments.

Parameter properties

Parameter sets

-ScanNetworkDrive

Set this parameter to $true to scan network files.

Parameter properties

Parameter sets

-ScanRemovableStorage

Set this parameter to $true to scan removable storage devices such as USB drives.

Parameter properties

Parameter sets

-ScanWhenClientNotInUse

Set this parameter to $true to start a scheduled scan only when the computer is idle.

Parameter properties

Parameter sets

-ScheduledScanTime

Specify a datetime object for when to do a scheduled scan. To get this object, use the Get-Date built-in cmdlet.

Parameter properties

Parameter sets

-ScheduledScanType

Specify the type of a scheduled scan.

• QuickScan: This type of scan checks the in-memory processes and folders where malware is typically found. It requires fewer resources than a full scan.

• FullScan: This type of scan adds a full check of all local files and folders to the items scanned in the quick scan. This scan takes longer than a quick scan and uses more CPU processing and memory resources on client computers.

In most cases, use Quick scan to minimize the use of system resources on client computers. If malware removal requires a full scan, endpoint protection generates an alert that's displayed in the Configuration Manager console. The default value is Quick scan.

Parameter properties

Parameter sets

-ScheduledScanUserControl

Specify the user control of scheduled scans.

Parameter properties

Parameter sets

-ScheduledScanWeekday

Specify the day of the week when a scheduled scan runs.

Parameter properties

Parameter sets

-ShowNotification

Set this parameter to $true to show notifications on the client computer when the user needs to run a full scan, update security intelligence, or run Windows Defender Offline.

Parameter properties

Parameter sets

-SignatureUpdateHr

Specify the interval of hours between checks for security intelligence updates. Use an integer value up to 24, for example:

• 0: Disable check on interval
• 1: Check for updates every hour
• 24: Check once per day

Parameter properties

Parameter sets

-SignatureUpdateTime

Specify a datetime object for when the client checks for security intelligence updates each day. To get this object, use the Get-Date built-in cmdlet.

This setting only applies if you disable interval-based checks with -SignatureUpdateHr 0.

Parameter properties

Parameter sets

-ThreatName

Specify the name of a threat. Use this parameter with the OverrideAction parameter to configure threat override settings.

Parameter properties

Parameter sets

-UseBehaviorMonitor

Set this parameter to $true to enable behavior monitoring.

Parameter properties

Parameter sets

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Parameter properties

Parameter sets

CommonParameters

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object

Related Links

• Export-CMAntimalwarePolicy
• Get-CMAntiMalwarePolicy
• Import-CMAntimalwarePolicy
• Merge-CMAntimalwarePolicy
• New-CMAntimalwarePolicy
• Remove-CMAntiMalwarePolicy
• New-CMAntimalwarePolicyDeployment