Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


This article describes an anti-malware platform update package for the following clients:

  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients

  • System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients

  • Microsoft Forefront Endpoint Protection 2010 clients

These packages update Endpoint Protection client services, drivers, and UI components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated February 2015.

Note This update has been replaced by the following revised update:

3041687 Revised February 2015 anti-malware platform update Endpoint Protection clients

Update information

This anti-malware platform update contains the following improvements:

  • Improvements to registry and file system protection to counter tampering from malware.

  • Sub-mount points can be automatically excluded, and volumes can be fully excluded in Real time protection (RTP).

  • This update also includes the deprecation of the DisableGenericReports subkey in the following registry location:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting
    Note Unless this key is edited directly in the registry, this update should not have any effect on telemetry behavior.

    After you apply this update, to disable telemetry that's sent by Endpoint Protection through Microsoft Active Protection Service (MAPS), open the Endpoint Protection UI, click the Settings tab, select the MAPS section, and then click I don't want to join MAPS.


    • Administrators can manage the MAPS configuration options through Windows Management Infrastructure (WMI), Windows PowerShell, and Group Policy.

    • Endpoint Protection may request file samples to be sent to Microsoft for further analysis. By default, Endpoint Protection will always prompt before it sends such samples. There is an option available to send samples automatically. To opt in to automatic sample submission, open the Endpoint Protection UI, click the Settings tab, select the Advanced section, and then click Send file samples automatically when further analysis is required.

    • Administrators can manage automatic sample submission with additional configuration options through WMI, PowerShell, and Group Policy by using the following registry subkeys:

      • MAPS Configuration

        Registry location:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet
        DWORD name: SpyNetReporting
        DWORD values:

        • 0 - Off

        • 1 - Basic Membership

        • 2 - Advanced Membership

      • Sample Submission

        Registry location:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet
        DWORD name: SubmitSamplesConsent
        DWORD values:

        • 0 (default) – Automatic sample submission disabled. End-users will always be prompted for samples.

        • 1 – Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.

        • 2 – All sample submission disabled. Samples will never be sent and end-users will never be prompted.

        • 3 – All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting.

How to obtain this update

This update is available from Microsoft Update.

Microsoft Update

Anti-malware platform updates for stand-alone System Center 2012 R2 clients, System Center 2012 clients, and Forefront Endpoint Protection 2010 clients are available from Microsoft Update.

For information about the change to Microsoft Update for obtaining these updates, see the following topic on the following TechNet website:

Anti-malware platform updates for Forefront Endpoint Protection/System Center Endpoint Protection will be released to Microsoft Update


To apply this update, you must have one of the following installed:

Restart information

You may have to restart the computer after you apply this update.

Note We recommend that you close Configuration Manager Administration Console before you install this update package.

Update replacement information

This update replaces update 2998627, the October 2014 anti-malware platform update for Endpoint Protection clients.

Version information

This update brings the anti-malware client version to To find the version information, click About on the Help menu of the Endpoint Protection client UI.

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For System Center 2012 R2 Endpoint Protection

File name

File version

File size

Date (UTC)

Time (UTC)





For System Center 2012 Endpoint Protection

File name

File version

File size

Date (UTC)

Time (UTC)





For Forefront Endpoint Protection 2010

File name

File version

File size

Date (UTC)

Time (UTC)






For more information, see the following Microsoft websites:

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!