Summary
This article describes an anti-malware platform update package for the following clients:
-
Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients
-
System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients
-
Microsoft Forefront Endpoint Protection 2010 clients
These packages update Endpoint Protection client services, drivers, and UI components.
Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated February 2015.
Note This update has been replaced by the following revised update:
3041687 Revised February 2015 anti-malware platform update Endpoint Protection clients
Update information
This anti-malware platform update contains the following improvements:
-
Improvements to registry and file system protection to counter tampering from malware.
-
Sub-mount points can be automatically excluded, and volumes can be fully excluded in Real time protection (RTP).
-
This update also includes the deprecation of the DisableGenericReports subkey in the following registry location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting
Note Unless this key is edited directly in the registry, this update should not have any effect on telemetry behavior.
After you apply this update, to disable telemetry that's sent by Endpoint Protection through Microsoft Active Protection Service (MAPS), open the Endpoint Protection UI, click the Settings tab, select the MAPS section, and then click I don't want to join MAPS.
Notes-
Administrators can manage the MAPS configuration options through Windows Management Infrastructure (WMI), Windows PowerShell, and Group Policy.
-
Endpoint Protection may request file samples to be sent to Microsoft for further analysis. By default, Endpoint Protection will always prompt before it sends such samples. There is an option available to send samples automatically. To opt in to automatic sample submission, open the Endpoint Protection UI, click the Settings tab, select the Advanced section, and then click Send file samples automatically when further analysis is required.
-
Administrators can manage automatic sample submission with additional configuration options through WMI, PowerShell, and Group Policy by using the following registry subkeys:
-
MAPS Configuration
Registry location:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet
DWORD name: SpyNetReporting
DWORD values:-
0 - Off
-
1 - Basic Membership
-
2 - Advanced Membership
-
-
Sample Submission
Registry location:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet
DWORD name:Â SubmitSamplesConsent
DWORD values:-
0 (default) – Automatic sample submission disabled. End-users will always be prompted for samples.
-
1 – Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
-
2 – All sample submission disabled. Samples will never be sent and end-users will never be prompted.
-
3 – All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting.
-
-
-
How to obtain this update
This update is available from Microsoft Update.
Microsoft Update
Anti-malware platform updates for stand-alone System Center 2012 R2 clients, System Center 2012 clients, and Forefront Endpoint Protection 2010 clients are available from Microsoft Update.
For information about the change to Microsoft Update for obtaining these updates, see the following topic on the following TechNet website:
Prerequisites
To apply this update, you must have one of the following installed:
-
Cumulative Update 1 or later for System Center 2012 R2 Configuration Manager
-
Cumulative Update 5 or later for System Center 2012 Configuration Manager Service Pack 1
-
Service Pack 2 for System Center Configuration Manager 2007, Update Rollup 1 for Forefront Endpoint Protection 2010, and update 2952678 for Forefront Endpoint Protection 2010.
Restart information
You may have to restart the computer after you apply this update.
Note We recommend that you close Configuration Manager Administration Console before you install this update package.
Update replacement information
This update replaces update 2998627, the October 2014 anti-malware platform update for Endpoint Protection clients.
Version information
This update brings the anti-malware client version to 4.7.205.0. To find the version information, click About on the Help menu of the Endpoint Protection client UI.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For System Center 2012 R2 Endpoint Protection
|
File name |
File version |
File size |
Date (UTC) |
Time (UTC) |
|---|---|---|---|---|
|
Scepinstall.exe |
4.7.205.0 |
28,308,584 |
30-Jan-15 |
16:00 |
For System Center 2012 Endpoint Protection
|
File name |
File version |
File size |
Date (UTC) |
Time (UTC) |
|---|---|---|---|---|
|
Scepinstall.exe |
4.7.205.0 |
28,308,584 |
30-Jan-15 |
16:00 |
For Forefront Endpoint Protection 2010
|
File name |
File version |
File size |
Date (UTC) |
Time (UTC) |
|---|---|---|---|---|
|
Fepinstall.exe |
4.7.205.0 |
28,534,888 |
30-Jan-15 |
16:00 |
References
For more information, see the following Microsoft websites:
