Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


This article describes an anti-malware platform update package for the following clients:

  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection Service Pack 1 (SP1) clients

  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients

  • Microsoft System Center 2012 Endpoint Protection Service Pack 2 (SP2) clients

  • Microsoft System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients

  • System Center Configuration Manager, current branch

These packages update Endpoint Protection client services, drivers, and user interface (UI) components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that's constantly changing. This update package is dated September 2016.

Update information

This anti-malware platform update contains the following improvements:

  • Better support for Proxy Pac usage for Microsoft Active Protection Service (MAPS) and Cloud-protection connectivity

    • Improved MAPS reliability and additional support to MAPS for proxy auto-configuration. Administrators can configure the URL of a proxy .pac file that System Center Endpoint Protection (SCEP) or Windows Defender's MAPS reporting by setting the Define proxy auto-config (.pac) for connecting to the network Group Policy setting in the ADMX Group Policy object that's included in this update. This Group Policy setting is located under Computer Configuration/Administrative Templates/Windows Components/Endpoint Protection. If administrators enable this setting, SCEP or Windows Defender will use the specified proxy .pac file for its proxy configurations. Otherwise, administrators can disable it or leave it blank.

      Note The expected URL format for the specified proxy .pac file is https://example_server/example_file.pac.

  • The Microsoft anti-malware platform previously introduced the Network Real-time Inspection (NRI) feature for augmenting the network detection capabilities of the anti-malware client. By default, the existing Network Inspection System feature was disabled because of the potential performance impact it may have on systems. This triggered an internal shift in investment to focus only on NRI capabilities and signatures. As there has not been an active NIS signature in more than five years, the capabilities and control surface for NIS are removed from Endpoint Protection with this update.

How to obtain this update

This update is available from Microsoft Update.

Microsoft Update

Anti-malware platform updates for stand-alone System Center 2012 R2 clients and System Center 2012 clients are available from Microsoft Update.

Restart information

You may have to restart the computer after you apply this update.

Note We recommend that you close Configuration Manager Administration Console before you install this update package.

Update replacement information

This update replaces the following update:

3153224 Revised March 2016 anti-malware platform update for Endpoint Protection clients

Version information

This update brings the anti-malware client version to To find the version information, click About on the Help menu of the Endpoint Protection client user interface.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File name

File version

File size









More Information

Define proxy auto-config (.pac) for connecting to the network

This policy setting defines the URL of a proxy .pac file that should be used when the client tries to connect to the network for definition updates and MAPS reporting. If the proxy auto-configuration fails or if there is no proxy auto-configuration specified, the client will fall back to the alternative options (in the following order):

  1. Proxy server (if it is specified)

  2. Proxy .pac URL (if it is specified)

  3. None

  4. Internet Explorer proxy settings

  5. Autodetect

If you enable this setting, the proxy setting will use the specified proxy .pac file according to the order specified.

If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!