Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

March 2016 anti-malware platform update for Endpoint Protection clients


View products that this article applies to.

Summary

This article describes an anti-malware platform update package for the following clients:
  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection Service Pack 1 (SP1) clients
  • Microsoft System Center 2012 R2 Configuration Manager Endpoint Protection clients
  • Microsoft System Center 2012 Endpoint Protection Service Pack 2 (SP2) clients
  • Microsoft System Center 2012 Endpoint Protection Service Pack 1 (SP1) clients
  • Microsoft Forefront Endpoint Protection 2010 clients

This package updates Endpoint Protection client services, drivers, and user interface (UI) components.

Microsoft regularly releases anti-malware platform updates to guarantee consistency in protection, performance, robustness, and usability in a malware landscape that is constantly changing. This update package is dated March 2016.

↑ Back to the top


Update information

This anti-malware platform update contains the following improvements:

  • Improved detection for Potentially Unwanted Applications (PUAs). This blocks PUAs from being downloaded through Internet Explorer, Firefox, and Chrome. It also detects PUAs in the following circumstances and locations:

    It will not detect outside these folders and will not remove already installed PUAs. You must turn it on by configuring the following registry subkey:
     
    Registry location: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\MpEngine
    DWORD name: MpEnablePUS
    DWORD value: 1
    • A file that has Mark of the Web (MOTW)
    • A file in the Downloads folder
    • A file in the Temp folder
  • VDI improvements to the UI to better handle multiple remote sessions and to prevent any user from rebooting the machine if a malware clean-up requires a reboot. Administrators can control this by using this GPO.
     
    Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\UX Configuration
    DWORD name: SuppressRebootNotification
    DWORD value: 1
  • Virtual machine performance optimizations concern memory usage and initial VM load time. A script is available to allow signatures to be downloaded one time on the host server and reused by the VMs. This saves network bandwidth when downloading the signatures. For information about the script, click here.
  • The hash (SHA1) of detected threat files can be recorded in the event log for additional research and correlation with other threat streams. To enable SHA1 logging, configure the following registry subkey:
    Registry location: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware
    DWORD name: ThreatFileHashLogging
    DWORD value: 1

    When a threat file is detected and hash logging is enabled, EventID 1120 is recorded in the System log.
  • To enable SHA1 logging on Windows 10 and Windows Defender Antivirus, configure the following registry subkey:

    Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
    DWORD name: ThreatFileHashLogging
    DWORD value: 1

How to obtain this update

This update is available from Microsoft Update.
Anti-malware platform updates for stand-alone System Center 2012 R2 clients, System Center 2012 clients, and Forefront Endpoint Protection 2010 clients are available from Microsoft Update.

For information about the change to Microsoft Update for obtaining these updates, see the following topic on the Microsoft TechNet website:
   

Prerequisites

To apply this update, you must have one of the following installed:  

Restart information

You may have to restart the computer after you apply this update.
 

Update replacement information

This update replaces update 3049560 dated May 2015.
 

Version information

This update brings the anti-malware client version to 4.9.218.0. To find the version information, click About on the Help menu of the Endpoint Protection client user interface.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
 
File name File version File size Date Time Platform
Fepinstall.exe 4.9.218.0 28,771,472 30-Jan-2016 09:09 x86
Scepinstall.exe 4.9.218.0 28,545,168 30-Jan-2016 09:05 x86

↑ Back to the top


Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top


Keywords: kbqfe, kbsurveynew, kbnotautohotfix, kbfix, kbexpertiseinter, atdownload, kb

↑ Back to the top

Article Info
Article ID : 3106514
Revision : 10
Created on : 8/9/2018
Published on : 8/10/2018
Exists online : False
Views : 406