February 2015 anti-malware platform update for Endpoint Protection clients

Update information

This anti-malware platform update contains the following improvements:

• Improvements to registry and file system protection to counter tampering from malware.
• Sub-mount points can be automatically excluded, and volumes can be fully excluded in Real time protection (RTP).
• This update also includes the deprecation of the DisableGenericReports subkey in the following registry location:
  
  
  HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Antimalware\Reporting
  
  Note Unless this key is edited directly in the registry, this update should not have any effect on telemetry behavior.
  
  After you apply this update, to disable telemetry that's sent by Endpoint Protection through Microsoft Active Protection Service (MAPS), open the Endpoint Protection UI, click the Settings tab, select the MAPS section, and then click I don't want to join MAPS.
  
  Notes
  • Administrators can manage the MAPS configuration options through Windows Management Infrastructure (WMI), Windows PowerShell, and Group Policy.
  • Endpoint Protection may request file samples to be sent to Microsoft for further analysis. By default, Endpoint Protection will always prompt before it sends such samples. There is an option available to send samples automatically. To opt in to automatic sample submission, open the Endpoint Protection UI, click the Settings tab, select the Advanced section, and then click Send file samples automatically when further analysis is required.
  • Administrators can manage automatic sample submission with additional configuration options through WMI, PowerShell, and Group Policy by using the following registry subkeys:
    • MAPS Configuration
      
      Registry location:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet
      DWORD name: SpyNetReporting
      DWORD values:
      • 0 - Off
      • 1 - Basic Membership
      • 2 - Advanced Membership
      
      
    • Sample Submission
      
      Registry location:HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Microsoft Antimalware\SpyNet
      DWORD name: SubmitSamplesConsent
      DWORD values:
      • 0 (default) – Automatic sample submission disabled. End-users will always be prompted for samples.
      • 1 – Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
      • 2 – All sample submission disabled. Samples will never be sent and end-users will never be prompted.
      • 3 – All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting.

How to obtain this update

This update is available from Microsoft Update.

Microsoft Update

Anti-malware platform updates for stand-alone System Center 2012 R2 clients, System Center 2012 clients, and Forefront Endpoint Protection 2010 clients are available from Microsoft Update.

For information about the change to Microsoft Update for obtaining these updates, see the following topic on the following TechNet website:

Prerequisites

To apply this update, you must have one of the following installed:

• Cumulative Update 1 or later for System Center 2012 R2 Configuration Manager
• Cumulative Update 5 or later for System Center 2012 Configuration Manager Service Pack 1
• Service Pack 2 for System Center Configuration Manager 2007, Update Rollup 1 for Forefront Endpoint Protection 2010, and update 2952678 for Forefront Endpoint Protection 2010.

Restart information

You may have to restart the computer after you apply this update.

Note We recommend that you close Configuration Manager Administration Console before you install this update package.

Update replacement information

This update replaces update 2998627 , the October 2014 anti-malware platform update for Endpoint Protection clients.

Version information

This update brings the anti-malware client version to 4.7.205.0. To find the version information, click About on the Help menu of the Endpoint Protection client UI.