General Settings |
|
> Allow anti-malware service to startup with normal priority
|
This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance.
|
> Turn on spyware definitions |
This policy setting allows you to manage whether spyware definitions are used during a scan.
|
> Turn on virus definitions |
This policy setting allows you to manage whether virus definitions are used during a scan.
|
> Configure local administrator merge behaviour for lists
|
This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and exclusions.
|
> Define addresses to bypass proxy server |
This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL.
|
> Define proxy server for connecting to the network |
This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for definition updates and SpyNet reporting. If the named proxy fails or if there is no proxy specified, the following settings
will be used (in order):
- Internet Explorer proxy settings
- Autodetect
- None
|
> Randomized scheduled task times |
This policy setting allows you to enable or disable randomization of the scheduled scan time and the scheduled definition update start time.
|
> Allow anti-malware service to remain running always |
This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remains disabled.
|
Client interface |
|
> Display notifications to clients when they need to perform actions
|
This policy setting allows you to configure whether or not to display notifications to client when they need to perform the following actions:
- Run a full scan
- Download the latest virus and spyware definitions
- Download Standalone System Sweeper
|
> Display additional text to clients when they need to perform an action
|
This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action.
|
Network Inspection System |
|
> Turn on protocol recognition |
This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities.
|
> Turn on definition retirement |
This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities.
|
> Define the rate of detections events for logging |
This policy setting limits the rate at which detection events for network protection against exploits of known vulnerabilities will be logged.
|
Specify additional definition sets for network traffic inspection
|
This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting.
|
IP address range exclusions |
This policy, if defined, will prevent network protection against exploits of known vulnerabilities from inspecting the specified IP addresses.
|
Port number exclusions |
This policy setting defines a list of TCP port numbers from which network traffic inspection will be disabled.
|
Process exclusions for outbound traffic |
This policy setting defines processes from which outbound network traffic will not be inspected.
|
Threat ID exclusions |
This policy setting defines threats which will be excluded from detection during network traffic inspection.
|
Quarantine |
|
> Configure local setting override for the removal of items from Quarantine
|
This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed.
|
> Configure removal of items from Quarantine folder |
This policy setting defines the number of days items should be kept in the Quarantine folder before being removed.
|
Real-time Protection |
|
> Turn on Information Protection Control |
This policy setting allows you to configure Information Protection Control.
|
> Turn on raw volume write notifications |
This policy setting controls whether raw volume write notifications are sent to behavior monitoring.
|
> Turn on process scanning whenever real-time protection is enabled
|
This policy setting allows you to configure process scanning when real-time protection is turned on.
|
> Define the maximum size of downloaded files and attachments to be scanned
|
This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned.
|
> Configure local setting override for turn on behaviour monitoring
|
This policy setting configures a local override for the configuration of behavior monitoring.
|
> Configure local setting override for scanning all downloaded files and attachments
|
This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy.
|
> Configure local setting override to turn off Intrusion Prevention System
|
This policy setting configures a local override for the configuration of network protection against exploits of known vulnerabilities.
|
> Configure local setting override for monitoring file and program activity on your computer
|
This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy.
|
> Configure local setting override to turn on real-time protection
|
This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy.
|
> Configure local setting override for monitoring for incoming and outgoing file activity
|
This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity.
|
Remediation |
|
> Configure local setting override for the time of day to run a scheduled full scan to complete remediation
|
This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation.
|
> Specify the day of the week to run a scheduled full scan to complete remediation
|
This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation.
|
> Specify the time of day to run a scheduled full scan to complete remediation
|
This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation.
|
Reporting |
|
> Configure time out for detections requiring additional action
|
This policy setting configures the time in minutes before a detection in the “additional action” state moves to the “cleared” state.
|
> Configure time out for detections in critically failed state
|
This policy setting configures the time in minutes before a detection in the “critically failed” state moves to either the “additional action” state or the “cleared” state.
|
> Configure Watson events |
This policy setting allows you to configure whether or not Watson events are sent.
|
> Configure time out for detections in non-critical failed state
|
This policy setting configures the time in minutes before a detection in the “non-critically failed” state moves to the “cleared” state.
|
> Configure time out for detections in recently remediated state
|
This policy setting configures the time in minutes before a detection in the “completed” state moves to the “cleared” state.
|
> Configure Windows software trace preprocessor components
|
This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
|
> Configure WPP tracing level |
This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
|
Scan |
|
> Allow users to pause scan |
This policy setting allows you to manage whether or not end users can pause a scan in progress.
|
> Specify the maximum depth to scan archive files |
This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are unpacked during scanning. The default directory depth level is 0.
|
> Specify the maximum size of archive files to be scanned
|
This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned.
|
> Scan archive files |
This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files.
|
> Turn on catch-up full scan |
This policy setting allows you to configure catch-up scans for scheduled full scan. A catch-up scan is a scan that is initiates because a regularly scheduled scan was missed.
|
> Turn on catch-up quick scan |
This policy setting allows you to configure catch-up scans scheduled quick scans. A catch-up scan is a scan that is initiates because a regularly scheduled scan was missed.
|
> Turn on e-mail scanning |
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files according to their specified format, in order to analyze the mail bodies and attachments.
|
> Turn on heuristics |
This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client.
|
> Scan packed executables |
This policy setting allows you to configure scanning for packed executables.
|
> Scan removable drives |
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.
|
> Turn on reparse point scanning |
This policy setting allows you to configure reparse point scanning.
|
> Create a system restore point |
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
|
> Run full scan on mapped network drives |
This policy setting allows you to configure scanning mapped network drives.
|
> Scan network files |
This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting.
|
> Configure local setting override for maximum percentage of CPU utilization
|
This policy setting configures a local override for maximum percentage of CPU utilization.
|
> Configure local setting override for the scan type to use for a scheduled scan
|
This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan.
|
> Configure local setting override for schedule scan day |
This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy.
|
> Configure local setting override for scheduled quick scan time
|
This policy setting configures a local override for the configuration of scheduled quick scan time.
|
> Configure local setting override for scheduled scan time
|
This policy setting configures a local override for the configuration of scheduled scan time.
|
> Turn on removal of items from scan history folder |
This policy setting defines the number of days items should be kept in the scan history folder before being permanently removed. The value represents the number of days to keep items in the folder. If set to zero, items will be kept forever and will not
be automatically removed.
|
> Specify the interval to run quick scans per day |
This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans.
|
Signature Updates |
|
> Define the number of days before spyware definitions are considered out of date
|
This policy setting allows you to define the number of days that must pass before spyware definitions are considered out of date.
|
> Define the number of days before virus definitions are considered out of date
|
This policy setting allows you to define the number days that must pass before virus definitions are considered out of date.
|
> Define file shares for downloading definition updates |
This policy setting allows you to configure UNC file share sources for downloading definition updates.
|
> Turn on scan after signature update |
This policy setting allows you to configure the automatic scan which starts after a definition update has occurred.
|
> Allow definition updates when running on battery power |
This policy setting allows you to configure definition updates when the computer is running on battery power.
|
> Initiate definition update on startup |
This policy setting allows you to configure definition updates on startup when there is no anti-malware engine present.
|
> Define the order of sources for downloading definition updates
|
This policy setting allows you to define the order in which different definition update sources should be contacted.
|
> Allow definition updates from Microsoft Update |
This policy setting allows you to enable download of definition updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update.
|
> Allow real-time definition updates based on reports to Microsoft SpyNet
|
This policy setting allows you to enable real-time definition updates in response to reports sent to Microsoft SpyNet.
|
> Specify the day of the week to check for definition updates
|
This policy setting allows you to specify the day of the week on which to check for definition updates.
|
> Specify the time to check for definition updates |
This policy setting allows you to specify the time of day ay which to check for definition updates.
|
> Allow notifications to disable definition based reports to Microsoft SpyNet
|
This policy setting allows you to configure antimalware service to receive notifications to disable individual definitions in reponse to reports it sends to Microsoft SpyNet.
|
> Define the number of days after which a catch-up definition update is required
|
This policy setting allows you to define the number of days after which a catch-up definition update will be required.
|
> Specify the interval to check for definition updates |
This policy setting allows you to specify an interval at which to check for definition updates.
|
> Check for the latest virus and spyware definitions on startup
|
This policy setting allows you to manage whether a check for new virus and spyware definition will occur immediately after service startup.
|
SpyNet |
|
> Configure local setting override for reporting to Microsoft SpyNet
|
This policy setting configures a local override for the configuration to join Microsoft SpyNet.
|
Threat Id Default Action |
This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan.
|