February 2015 anti-malware platform update for Endpoint Protection clients

Summary
This article describes an anti-malware platform update package for the following clients:
  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients
  • System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients
  • Microsoft Forefront Endpoint Protection 2010 clients

These packages update Endpoint Protection client services, drivers, and UI components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated February 2015.

Note This update has been replaced by the following revised update: 
3041687 Revised February 2015 anti-malware platform update Endpoint Protection clients

Update information

This anti-malware platform update contains the following improvements:
  • Improvements to registry and file system protection to counter tampering from malware.
  • Sub-mount points can be automatically excluded, and volumes can be fully excluded in Real time protection (RTP).
  • This update also includes the deprecation of the DisableGenericReports subkey in the following registry location:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting

    Note Unless this key is edited directly in the registry, this update should not have any effect on telemetry behavior.

    After you apply this update, to disable telemetry that's sent by Endpoint Protection through Microsoft Active Protection Service (MAPS), open the Endpoint Protection UI, click the Settings tab, select the MAPS section, and then click I don't want to join MAPS.

    Notes
    • Administrators can manage the MAPS configuration options through Windows Management Infrastructure (WMI), Windows PowerShell, and Group Policy.
    • Endpoint Protection may request file samples to be sent to Microsoft for further analysis. By default, Endpoint Protection will always prompt before it sends such samples. There is an option available to send samples automatically. To opt in to automatic sample submission, open the Endpoint Protection UI, click the Settings tab, select the Advanced section, and then click Send file samples automatically when further analysis is required.
    • Administrators can manage automatic sample submission with additional configuration options through WMI, PowerShell, and Group Policy by using the following registry subkeys:
      • MAPS Configuration

        Registry location:
        HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet

        DWORD name: SpyNetReporting
        DWORD values:
        • 0 - Off
        • 1 - Basic Membership
        • 2 - Advanced Membership

      • Sample Submission

        Registry location:
        HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet

        DWORD name: SubmitSamplesConsent
        DWORD values:
        • 0 (default) – Automatic sample submission disabled. End-users will always be prompted for samples.
        • 1 – Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
        • 2 – All sample submission disabled. Samples will never be sent and end-users will never be prompted.
        • 3 – All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting.

How to obtain this update

This update is available from Microsoft Update.

Microsoft Update
Anti-malware platform updates for stand-alone System Center 2012 R2 clients, System Center 2012 clients, and Forefront Endpoint Protection 2010 clients are available from Microsoft Update.

For information about the change to Microsoft Update for obtaining these updates, see the following topic on the following TechNet website:


Prerequisites

To apply this update, you must have one of the following installed:

Restart information

You may have to restart the computer after you apply this update.

Note We recommend that you close Configuration Manager Administration Console before you install this update package.

Update replacement information

This update replaces update 2998627, the October 2014 anti-malware platform update for Endpoint Protection clients.


Version information

This update brings the anti-malware client version to 4.7.205.0. To find the version information, click About on the Help menu of the Endpoint Protection client UI.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For System Center 2012 R2 Endpoint Protection
File nameFile versionFile sizeDate (UTC)Time (UTC)
Scepinstall.exe4.7.205.028,308,58430-Jan-1516:00
For System Center 2012 Endpoint Protection
File nameFile versionFile sizeDate (UTC)Time (UTC)
Scepinstall.exe4.7.205.028,308,58430-Jan-1516:00
For Forefront Endpoint Protection 2010
File nameFile versionFile sizeDate (UTC)Time (UTC)
Fepinstall.exe4.7.205.028,534,88830-Jan-1516:00
References
For more information, see the following Microsoft websites:
Properties

Article ID: 3036437 - Last Review: 07/02/2015 15:38:00 - Revision: 5.0

Microsoft System Center 2012 R2 Configuration Manager, Microsoft System Center 2012 Configuration Manager Service Pack 1, Microsoft Forefront Endpoint Protection 2010

  • kbqfe kbfix kbsurveynew kbexpertiseinter atdownload KB3036437
Feedback