Microsoft Security Essentials
Un article de WindowsLinux.net - Astuces pour Windows et Linux !.
Sommaire |
Téléchargements
Le téléchargement de MSE (Microsoft Security Essentials) s'effectue depuis l'adresse suivante : http://www.microsoft.com/security_essentials/
Note : Javascript doit être activé dans votre navigateur."
Installation automatique
@ECHO OFF Echo Downloading Microsoft Security Essentials 2.0 (x86) start /wait bitsadmin /TRANSFER MSE20 http://download.microsoft.com/download/A/3/8/A38FFBF2-1122-48B4-AF60-E44F6DC28BD8/en-us/x86/mseinstall.exe %TEMP%\mseinstall.exe rem 64 bits version : http://download.microsoft.com/download/A/3/8/A38FFBF2-1122-48B4-AF60-E44F6DC28BD8/en-us/amd64/mseinstall.exe Echo Insalling Microsoft Security Essentials 2.0 (x86) start /wait %temp%\mseinstall.exe /s /runwgacheck /o Echo Updating Microsoft Security Essentials Signatures "C:\Program Files\Microsoft Security Client\msseces.exe" /update
Script pour scanner un fichier ou dossier
@Echo off FOR /F "Tokens=4" %%a IN (‘"C:\Program Files\Microsoft Security Client\AntiMalWare\mpcmdrun.exe" -Scan -ScanType 3 -File C:\TEMP\test.wim -DisableRemediation’) DO SET THREAT=%%a Echo. if "%THREAT%"=="no" ( color 2F Echo Aucun virus – Tout est propre ) ELSE ( color 4F Echo ATTENTION! Virus present ! ) Echo. pause
GPO
Voir ces deux articles :
http://www.grouppolicy.biz/2010/09/group-policy-for-microsoft-security-essentials/
http://fabienduchene.blogspot.com/2010/01/administrative-template-for-microsoft.html avec le fichier "microsoft_security_essentials.adm" du 11 janv.2010 :
CLASS MACHINE CATEGORY !!SecurityEssentials POLICY !!TurnOffVirusProtection KEYNAME "Software\Microsoft\Microsoft Antimalware" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!TurnOffVirusProtection_Help #endif VALUENAME "DisableAntiVirus" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!TurnOffSpywareProtection KEYNAME "Software\Microsoft\Microsoft Antimalware" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!TurnOffSpywareProtection_Help #endif VALUENAME "DisableAntiSpyware" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY CATEGORY !!RealTimeProtection POLICY !!DisableRealTimeMonitoring KEYNAME "Software\Microsoft\Microsoft Antimalware\Real-Time Protection" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableRealTimeMonitoring_Help #endif VALUENAME "DisableRealTimeMonitoring" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY POLICY !!DisableOnAccessProtection KEYNAME "Software\Microsoft\Microsoft Antimalware\Real-Time Protection" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableOnAccessProtection_Help #endif VALUENAME "DisableOnAccessProtection" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY POLICY !!DisableIOAVProtection KEYNAME "Software\Microsoft\Microsoft Antimalware\Real-Time Protection" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableIOAVProtection_Help #endif VALUENAME "DisableIOAVProtection" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY END CATEGORY ;; CATEGORY !!SpyNet POLICY !!SpyNetMembership KEYNAME "Software\Microsoft\Microsoft Antimalware\SpyNet" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!SpyNetMembership_Help #endif Part !!SpyNetReportType DROPDOWNLIST NOSORT REQUIRED VALUENAME "SpyNetReporting" ITEMLIST NAME !!SpyNetReportType0 VALUE NUMERIC 0 DEFAULT NAME !!SpyNetReportType1 VALUE NUMERIC 1 NAME !!SpyNetReportType2 VALUE NUMERIC 2 END ITEMLIST END PART END POLICY END CATEGORY ;; CATEGORY !!Privacy POLICY !!PrivacyMode KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisablePrivacyMode_Help #endif VALUENAME "DisablePrivacyMode" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY ;; CATEGORY !!Scan POLICY !!CheckForSignaturesBeforeScan KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!CheckForSignaturesBeforeScan_Help #endif VALUENAME "CheckForSignaturesBeforeRunningScan" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!DisableCatchupQuickScan KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableCatchupQuickScan_Help #endif VALUENAME "DisableCatchupQuickScan" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!DisableCatchupFullScan KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableCatchupFullScan_Help #endif VALUENAME "DisableCatchupFullScan" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!AllowPause KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!AllowPause_Help #endif VALUENAME "AllowPause" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!EnableRemovableDriveScanning KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!EnableRemovableDriveScanning_Help #endif VALUENAME "DisableRemovableDriveScanning" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY POLICY !!DisableArchiveScanning KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableArchiveScanning_Help #endif VALUENAME "DisableArchiveScanning" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!DisableRestorePoint KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DisableRestorePoint_Help #endif VALUENAME "DisableRestorePoint" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!AvgCPULoadFactor KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!AvgCPULoadFactor_Help #endif Part !!AvgCPULoadFactor_ShortDesc NUMERIC REQUIRED VALUENAME "AvgCPULoadFactor" MIN 1 MAX 100 DEFAULT 50 END PART END POLICY POLICY !!DoScheduledScan KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Scan" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DoScheduledScan_Help #endif Part !!DoScheduledScanDay DROPDOWNLIST NOSORT REQUIRED VALUENAME "ScheduleDay" ITEMLIST NAME !!DoScheduledScanDay_TurnOff VALUE NUMERIC 8 NAME !!DoScheduledScanDay_Daily VALUE NUMERIC 0 DEFAULT NAME !!DoScheduledScanDay_Sunday VALUE NUMERIC 1 NAME !!DoScheduledScanDay_Monday VALUE NUMERIC 2 NAME !!DoScheduledScanDay_Tuesday VALUE NUMERIC 3 NAME !!DoScheduledScanDay_Wednesday VALUE NUMERIC 4 NAME !!DoScheduledScanDay_Thursday VALUE NUMERIC 5 NAME !!DoScheduledScanDay_Friday VALUE NUMERIC 6 NAME !!DoScheduledScanDay_Saturday VALUE NUMERIC 7 END ITEMLIST END PART Part !!DoScheduledScanTime DROPDOWNLIST NOSORT REQUIRED VALUENAME "ScheduleTime" ITEMLIST NAME !!DoScheduledScanTime0 VALUE NUMERIC 0 NAME !!DoScheduledScanTime1 VALUE NUMERIC 60 NAME !!DoScheduledScanTime2 VALUE NUMERIC 120 NAME !!DoScheduledScanTime3 VALUE NUMERIC 180 DEFAULT NAME !!DoScheduledScanTime4 VALUE NUMERIC 240 NAME !!DoScheduledScanTime5 VALUE NUMERIC 300 NAME !!DoScheduledScanTime6 VALUE NUMERIC 360 NAME !!DoScheduledScanTime7 VALUE NUMERIC 420 NAME !!DoScheduledScanTime8 VALUE NUMERIC 480 NAME !!DoScheduledScanTime9 VALUE NUMERIC 540 NAME !!DoScheduledScanTime10 VALUE NUMERIC 600 NAME !!DoScheduledScanTime11 VALUE NUMERIC 660 NAME !!DoScheduledScanTime12 VALUE NUMERIC 720 NAME !!DoScheduledScanTime13 VALUE NUMERIC 780 NAME !!DoScheduledScanTime14 VALUE NUMERIC 840 NAME !!DoScheduledScanTime15 VALUE NUMERIC 900 NAME !!DoScheduledScanTime16 VALUE NUMERIC 960 NAME !!DoScheduledScanTime17 VALUE NUMERIC 1020 NAME !!DoScheduledScanTime18 VALUE NUMERIC 1080 NAME !!DoScheduledScanTime19 VALUE NUMERIC 1140 NAME !!DoScheduledScanTime20 VALUE NUMERIC 1200 NAME !!DoScheduledScanTime21 VALUE NUMERIC 1260 NAME !!DoScheduledScanTime22 VALUE NUMERIC 1320 NAME !!DoScheduledScanTime23 VALUE NUMERIC 1380 END ITEMLIST END PART Part !!DoScheduledScanType DROPDOWNLIST REQUIRED VALUENAME "ScanParameters" ITEMLIST NAME !!DoScheduledScanType1 VALUE NUMERIC 1 NAME !!DoScheduledScanType2 VALUE NUMERIC 2 DEFAULT END ITEMLIST END PART PART !!ScanOnlyIfIdle CHECKBOX DEFCHECKED VALUENAME "ScanOnlyIfIdle" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART END POLICY END CATEGORY ;; CATEGORY !!Updates POLICY !!UpdateInterval KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!UpdateInterval_Help #endif Part !!SetUpdateInterval DROPDOWNLIST NOSORT REQUIRED VALUENAME "SignatureUpdateInterval" ITEMLIST NAME !!SetUpdateInterval0 VALUE NUMERIC 0 NAME !!SetUpdateInterval1 VALUE NUMERIC 1 NAME !!SetUpdateInterval2 VALUE NUMERIC 2 NAME !!SetUpdateInterval3 VALUE NUMERIC 3 NAME !!SetUpdateInterval4 VALUE NUMERIC 4 NAME !!SetUpdateInterval5 VALUE NUMERIC 5 NAME !!SetUpdateInterval6 VALUE NUMERIC 6 DEFAULT NAME !!SetUpdateInterval7 VALUE NUMERIC 7 NAME !!SetUpdateInterval8 VALUE NUMERIC 8 NAME !!SetUpdateInterval9 VALUE NUMERIC 9 NAME !!SetUpdateInterval10 VALUE NUMERIC 10 NAME !!SetUpdateInterval11 VALUE NUMERIC 11 NAME !!SetUpdateInterval12 VALUE NUMERIC 12 NAME !!SetUpdateInterval13 VALUE NUMERIC 13 NAME !!SetUpdateInterval14 VALUE NUMERIC 14 NAME !!SetUpdateInterval15 VALUE NUMERIC 15 NAME !!SetUpdateInterval16 VALUE NUMERIC 16 NAME !!SetUpdateInterval17 VALUE NUMERIC 17 NAME !!SetUpdateInterval18 VALUE NUMERIC 18 NAME !!SetUpdateInterval19 VALUE NUMERIC 19 NAME !!SetUpdateInterval20 VALUE NUMERIC 20 NAME !!SetUpdateInterval21 VALUE NUMERIC 21 NAME !!SetUpdateInterval22 VALUE NUMERIC 22 NAME !!SetUpdateInterval23 VALUE NUMERIC 23 NAME !!SetUpdateInterval24 VALUE NUMERIC 24 END ITEMLIST END PART Part !!UseMicrosoftUpdateSite CHECKBOX DEFCHECKED VALUENAME "ForceUpdateFromMU" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END PART END POLICY POLICY !!ScheduleUpdates KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!ScheduleUpdates_Help #endif Part !!ScheduleUpdatesDay DROPDOWNLIST NOSORT REQUIRED VALUENAME "ScheduleDay" ITEMLIST NAME !!DoScheduledScanDay_TurnOff VALUE NUMERIC 8 NAME !!DoScheduledScanDay_Daily VALUE NUMERIC 0 DEFAULT NAME !!DoScheduledScanDay_Sunday VALUE NUMERIC 1 NAME !!DoScheduledScanDay_Monday VALUE NUMERIC 2 NAME !!DoScheduledScanDay_Tuesday VALUE NUMERIC 3 NAME !!DoScheduledScanDay_Wednesday VALUE NUMERIC 4 NAME !!DoScheduledScanDay_Thursday VALUE NUMERIC 5 NAME !!DoScheduledScanDay_Friday VALUE NUMERIC 6 NAME !!DoScheduledScanDay_Saturday VALUE NUMERIC 7 END ITEMLIST END PART Part !!ScheduleUpdatesTime DROPDOWNLIST NOSORT REQUIRED VALUENAME "ScheduleTime" ITEMLIST NAME !!DoScheduledScanTime0 VALUE NUMERIC 0 NAME !!DoScheduledScanTime1 VALUE NUMERIC 60 NAME !!DoScheduledScanTime2 VALUE NUMERIC 120 NAME !!DoScheduledScanTime3 VALUE NUMERIC 180 DEFAULT NAME !!DoScheduledScanTime4 VALUE NUMERIC 240 NAME !!DoScheduledScanTime5 VALUE NUMERIC 300 NAME !!DoScheduledScanTime6 VALUE NUMERIC 360 NAME !!DoScheduledScanTime7 VALUE NUMERIC 420 NAME !!DoScheduledScanTime8 VALUE NUMERIC 480 NAME !!DoScheduledScanTime9 VALUE NUMERIC 540 NAME !!DoScheduledScanTime10 VALUE NUMERIC 600 NAME !!DoScheduledScanTime11 VALUE NUMERIC 660 NAME !!DoScheduledScanTime12 VALUE NUMERIC 720 NAME !!DoScheduledScanTime13 VALUE NUMERIC 780 NAME !!DoScheduledScanTime14 VALUE NUMERIC 840 NAME !!DoScheduledScanTime15 VALUE NUMERIC 900 NAME !!DoScheduledScanTime16 VALUE NUMERIC 960 NAME !!DoScheduledScanTime17 VALUE NUMERIC 1020 NAME !!DoScheduledScanTime18 VALUE NUMERIC 1080 NAME !!DoScheduledScanTime19 VALUE NUMERIC 1140 NAME !!DoScheduledScanTime20 VALUE NUMERIC 1200 NAME !!DoScheduledScanTime21 VALUE NUMERIC 1260 NAME !!DoScheduledScanTime22 VALUE NUMERIC 1320 NAME !!DoScheduledScanTime23 VALUE NUMERIC 1380 END ITEMLIST END PART END POLICY END CATEGORY ;; CATEGORY !!DefaultActions POLICY !!DefaultActions KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!DefaultActions_Help #endif Part !!AlertLevelSevere DROPDOWNLIST NOSORT REQUIRED VALUENAME "5" ITEMLIST NAME !!ActionRemove VALUE NUMERIC 3 DEFAULT NAME !!ActionQuarantine VALUE NUMERIC 2 END ITEMLIST END PART Part !!AlertLevelHigh DROPDOWNLIST NOSORT REQUIRED VALUENAME "4" ITEMLIST NAME !!ActionRemove VALUE NUMERIC 3 DEFAULT NAME !!ActionQuarantine VALUE NUMERIC 2 END ITEMLIST END PART Part !!AlertLevelMedium DROPDOWNLIST NOSORT REQUIRED VALUENAME "2" ITEMLIST NAME !!ActionRemove VALUE NUMERIC 3 NAME !!ActionQuarantine VALUE NUMERIC 2 DEFAULT NAME !!ActionAllow VALUE NUMERIC 6 END ITEMLIST END PART Part !!AlertLevelLow DROPDOWNLIST NOSORT REQUIRED VALUENAME "1" ITEMLIST NAME !!ActionRemove VALUE NUMERIC 3 NAME !!ActionQuarantine VALUE NUMERIC 2 DEFAULT NAME !!ActionAllow VALUE NUMERIC 6 END ITEMLIST END PART END POLICY POLICY !!ApplyRecommendedActions KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!ApplyRecommendedActions_Help #endif VALUENAME "DisableRoutinelyTakingAction" VALUEON NUMERIC 0 VALUEOFF NUMERIC 1 END POLICY END CATEGORY CATEGORY !!Exclusions POLICY !!ExcludedFileTypes KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!ExcludedFileTypes_Help #endif Part !!ExcludedFileTypes LISTBOX ADDITIVE END PART END POLICY POLICY !!ExcludedPaths KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!ExcludedPaths_Help #endif Part !!ExcludedPaths LISTBOX ADDITIVE END PART END POLICY POLICY !!ExcludedProcesses KEYNAME "SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes" #if version >= 4 SUPPORTED !!SUPPORTED_WindowXPSP3 #endif #if version >= 3 EXPLAIN !!ExcludedProcesses #endif Part !!ExcludedProcesses LISTBOX ADDITIVE END PART END POLICY END CATEGORY ;; END CATEGORY ;; MSE [strings] SecurityEssentials="Security Essentials" SUPPORTED_WindowXPSP3="At least Windows XP Professional with SP3" CheckForSignaturesBeforeScan="Update definitions before running a scan" CheckForSignaturesBeforeScan_Help="If this setting is enabled, Security Essentials will attempt to download the latest definitions before running any scan." DisableCatchupQuickScan="Disable catchup quick scan" DisableCatchupQuickScan_Help="If this option is enabled, any missed quick scan will be performed as soon as possible. As a concern of user experience, it is recommended you enable this option. If you don't, and at least one quick scan was missed, it will be performed as soon as the computer will be turned on." DisableCatchupFullScan="Disable catchup full scan" DisableCatchupFullScan_Help="If this option is enabled, any missed full scan will be performed as soon as possible. As a concern of user experience, it is recommended you enable this option. If you don't, and at least one full scan was missed, it will be performed as soon as the computer will be turned on." AllowPause="Allow end-user to pause the scan" AllowPause_Help="If this setting is enabled, the scan could be paused by end-user. If this setting is disabled, the end-user will not be able to pause during any scan." EnableRemovableDriveScanning="Enable scanning of removable drives" EnableRemovableDriveScanning_Help="If this option is enabled, MSE will scan removable drives such as USB key, external hard drives... It is recommended you enable this option, since a lot of malware spread using these removable media." AvgCPULoadFactor="Average CPU load" AvgCPULoadFactor_Help="Configure the average CPU load to be used (range from 1 to 100%)" AvgCPULoadFactor_ShortDesc="Average CPU load (1 to 100%)" TurnOffSpywareProtection="Turn off spyware protection." TurnOffSpywareProtection_Help="If Enabled this setting TURNS OFF Security Essentials spyware protection.\n\nIf Disabled it TURNS ON all Security Essentials spyware protection.\n\nIt is recommended that you do not leave this policy set at the 'Not Configured' state." TurnOffVirusProtection="Turn off virus protection." TurnOffVirusProtection_Help="If Enabled this setting TURNS OFF Security Essentials virus protection.\n\nIf Disabled it TURNS ON all Security Essentials virus protection.\n\nIt is recommended that you do not leave this policy set at the 'Not Configured' state." Scan="Scan" Updates="Updates" SpyNet="SpyNet" SpyNetMembership="SpyNet Membership" SpyNetMembership_Type="Membership type" SpyNetMembership_Help="If Enabled allows you to set one of three possible states for the SpyNet reporting feature of Security Essentials. The three possible states are:\n1. No SpyNet reporting\n2. Basic SpyNet reporting\n3. Advanced Spynet Reporting\n\nIf Disabled or 'Not Configured' the local user can manually select the SpyNet reporting level." SpyNetReportType="Select the level of SpyNet reporting:" SpyNetReportType0="No SpyNet Reporting" SpyNetReportType1="Basic SpyNet Reporting" SpyNetReportType2="Advanced SpyNet Reporting" Privacy="Privacy" PrivacyMode="Allow all users to view the history full results" DisablePrivacyMode_Help="If this setting is enabled, all users - including non-administrator ones - will be able to view all the detected items in the history tab" DoScheduledScan="Configure scheduled scans." DoScheduledScan_Help="If Enabled allows you to set the day and time of scheduled full or quick scans, or select to turn off scheduled scans.\n\nYou MUST Enable this policy to have control over scheduled scans, even to turn them off. If this policy is Disabled or 'Not Configured' then scheduled scans will revert to the settings in place before Group Policy was applied." DoScheduledScanDay="Scheduled scan day:" DoScheduledScanDay_Daily="Daily" DoScheduledScanDay_Sunday="Sunday" DoScheduledScanDay_Monday="Monday" DoScheduledScanDay_Tuesday="Tuesday" DoScheduledScanDay_Wednesday="Wednesday" DoScheduledScanDay_Thursday="Thursday" DoScheduledScanDay_Friday="Friday" DoScheduledScanDay_Saturday="Saturday" DoScheduledScanDay_TurnOff="Turn off scheduled scans" DoScheduledScanTime="Scheduled scan time:" DoScheduledScanTime0="12:00 AM" DoScheduledScanTime1=" 1:00 AM" DoScheduledScanTime2=" 2:00 AM" DoScheduledScanTime3=" 3:00 AM" DoScheduledScanTime4=" 4:00 AM" DoScheduledScanTime5=" 5:00 AM" DoScheduledScanTime6=" 6:00 AM" DoScheduledScanTime7=" 7:00 AM" DoScheduledScanTime8=" 8:00 AM" DoScheduledScanTime9=" 9:00 AM" DoScheduledScanTime10="10:00 AM" DoScheduledScanTime11="11:00 AM" DoScheduledScanTime12="12:00 PM" DoScheduledScanTime13=" 1:00 PM" DoScheduledScanTime14=" 2:00 PM" DoScheduledScanTime15=" 3:00 PM" DoScheduledScanTime16=" 4:00 PM" DoScheduledScanTime17=" 5:00 PM" DoScheduledScanTime18=" 6:00 PM" DoScheduledScanTime19=" 7:00 PM" DoScheduledScanTime20=" 8:00 PM" DoScheduledScanTime21=" 9:00 PM" DoScheduledScanTime22="10:00 PM" DoScheduledScanTime23="11:00 PM" DoScheduledScanType="Scheduled scan type:" DoScheduledScanType1="Quick scan" DoScheduledScanType2="Full scan" ScanOnlyIfIdle="Start the scheduled scan only when my computer is not in use" DisableRestorePoint="Turn off MSE initiated system restore points." DisableRestorePoint_Help="If Enabled this setting configures Security Essentials to NOT create a system restore point before taking action on detected virus or spyware items.\n\nIf Disabled then Security Essentials WILL create a restore point before it takes action on detected virus or spyware items.\n\nIf left in a 'Not Configured' state then users with workstation administrative rights can change the system restore point setting in the Security Essentials console." DisableArchiveScanning="Turn off scanning of archive files." DisableArchiveScanning_Help="If Enabled this setting specifies that Security Essentials will NOT scan archive type files.\n\nIf Disabled Security Essentials will scan archive type files.\n\nIt is recommended that you do not leave this policy set at the 'Not Configured' state." RealTimeProtection="Real-Time protection" DisableRealTimeMonitoring="Enable real-time monitoring" DisableRealTimeMonitoring_Help="If this policy is disabled, the other two settings (scan downloaded files) have no effects." DisableOnAccessProtection="Monitor file and program activity on the computer" DisableOnAccessProtection_Help="If this setting is enabled, MSE will check for malware each time a file access is performed." DisableIOAVProtection="Scan all downloaded files and attachments" DisableIOAVProtection_Help="If this setting is enabled, MSE will check for malware in each dowloaded file from the Internet, including email attachments." SetUpdateInterval="Check for updates every:" SetUpdateInterval0="Turn Off Update Interval" SetUpdateInterval1="1 hour" SetUpdateInterval2="2 hours" SetUpdateInterval3="3 hours" SetUpdateInterval4="4 hours" SetUpdateInterval5="5 hours" SetUpdateInterval6="6 hours" SetUpdateInterval7="7 hours" SetUpdateInterval8="8 hours" SetUpdateInterval9="9 hours" SetUpdateInterval10="10 hours" SetUpdateInterval11="11 hours" SetUpdateInterval12="12 hours" SetUpdateInterval13="13 hours" SetUpdateInterval14="14 hours" SetUpdateInterval15="15 hours" SetUpdateInterval16="16 hours" SetUpdateInterval17="17 hours" SetUpdateInterval18="18 hours" SetUpdateInterval19="19 hours" SetUpdateInterval20="20 hours" SetUpdateInterval21="21 hours" SetUpdateInterval22="22 hours" SetUpdateInterval23="23 hours" SetUpdateInterval24="24 hours" UpdateInterval="Configure signature update interval." UpdateInterval_Help="If Enabled allows you to set the frequency of checking for updated malware definitions or select to turn off checking for updates at set intervals. The range that you can set is every 1 hour to every 24 hours. This is in addition to any other updates that you have configured such as checking for updates before running scheduled scans.\n\nYou can also select to check for updates from the Microsoft Update site if a WSUS server is not available. WSUS is a central distribution point for updates within an organization. If you do not use WSUS on your network or you are not sure then select to check for updates from the Microsoft Update site because this update checking feature will not function if WSUS is not available and the use Microsoft Update box is not checked.\n\nNote: If you do not set a check for updates interval or do not Enable to check for updates before scans Security Essentials will still receive periodic definition updates from the normal Microsoft Update process." UseMicrosoftUpdateSite="Only use Microsoft Update for updating definitions." ScheduleUpdates="Schedule updates" ScheduleUpdates_Help="If Enabled allows you to set the day and time of scheduled updates, or select to turn off updates.\n\nYou MUST Enable this policy to have control over updates, even to turn them off. If this policy is Disabled or 'Not Configured' then scheduled updates will revert to the settings in place before Group Policy was applied." ScheduleUpdatesDay="Schedule update day:" ScheduleUpdatesTime="Schedule update time:" DefaultActions="Default actions" DefaultActions_Help="Choose the action to display or apply by default when Microsoft Security Essentials detect potential threats with the following alert levels:" AlertLevelSevere="Severe alert level" AlertLevelHigh="High alert level" AlertLevelMedium="Medium alert level" AlertLevelLow="Low alert level" ActionRemove="Remove" ActionQuarantine="Quarantine" ActionAllow="Allow" ApplyRecommendedActions="Automatically apply default actions" ApplyRecommendedActions_Help="If this setting is enabled, all the defined default actions are automatically applied. If this setting is disabled, the end-user is prompted for the action to be taken. It is not recommended you let the end-user choose what to do." Exclusions="Exclusions" ExcludedFileTypes="Excluded file types" ExcludedFileTypes_Help="When MSE will perform a scan or use real-time protection, it is possible to exclude certain file types. Excluding these file types can help speed up the scan, but may leave the client computer less protected. \n \n Do not add files that have one of the following extensions: .cmd, .bat, .pif, .scf, .exe, .com, .scr" ExcludedPaths="Excluded files & locations" ExcludedPaths_Help="When MSE will perform a scan or use real-time protection, it is possible to exclude certain files and folders. Excluding these files and folders can help speed up the scan, but may leave the client computer less protected" ExcludedProcesses="Excluded processes" ExcludedProcesses_Help="When MSE will perform a scan or use real-time protection, it is possible to exclude certain processes. Excluding these processes can help speed up the scan, but may leave the client computer less protected. \n \n Add only files that have one of the following extensions: .cmd, .bat, .pif, .scf, .exe, .com, .scr"
Services
Démarrer le service de MSE :
net start MsMpSvc
Mises à jours des définitions anti-virales
Manuellement
Les mises à jours antivirale de MSE et son Changelog peuvent être consultés ici :
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
Automatiquement
MSE est reglé par défaut pour vérifier les mises à jours tous les 24h et 10 minutes après le redémarrage d'un poste client. L'anti-virus va vérifier si une connexion date de plus de 24 heures. Si cette condition est vraie, la mise à jour s'effectue.
Gros point négatif à ce système : les mises à jours journalières de MSE peuvent passer innaperçus. Un autre problème est que MSE considère une base de donnée antivirale dépassée au bout de 7 jours.
Pour une mise à jour automatique il faut vérifier que les services suivants s'exécutent :
- Automatic Updates service (wuauserv)
- Background Intelligent Transfer Service (BITS)
Base de registres
L'intervalle de mise à jour peut être modifié par une modification dans la base de registres (regedit) :
HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/Microsoft Antimalware/Signature Updates
Il faut modifier la clé SignatureUpdateInterval avec un chiffre entre 1 et 24 (Décimal), puis redémarrer le PC.
Note: il faut que votre utilisateur possède les droits de modifications sur lan clé Signature Updates !.
De plus un programme ou une mise à jour peut changer cette clé sans vous prévenir.
Tâche planifiée
La tâche planifiée peut être une solution préférable.
Il suffit de créer une tâche planifiée périodique lançant
"%ProgramFiles%\Microsoft Security Essentials\MpCmdRun.exe" -SignatureUpdate
Avec l'utilisateur :
- Sous Windows XP : NT AUTHORITY\SYSTEM (ou Système).
- Sous Windows 7 : AUTORITE NT\Système.
- Où si le poste est mono-utilisateur, avec le compte de celui-ci.
Logs
Avec la commande :
"%ProgramFiles%\Microsoft Security Essentials\MpCmdRun.exe" -GetFiles
de nombreux fichiers logs vont être compressés en .cab, fichiers que vous pourrez consulter par la suite.
Exemple :
C:\> "%ProgramFiles%\Microsoft Security Essentials\MpCmdRun.exe" -GetFiles Collecting events from System Event Log... Collecting configuration information... Getting Windows Update log... Getting MpCmdRun log (1/3)... Getting MpCmdRun log (2/3)... Getting MpCmdRun log (3/3)... Getting RTSD/SDN blobs... Getting MpSigStub log... Getting product service(s) registration information... Getting product service registration information... Getting minifilter driver registration information... Getting system information... Creating CAB file... Files successfully created in C:\Documents and Settings\All Users\Application Data\Microsoft\ Microsoft Antimalware\Support\MpSupportFiles.cab
Mise à niveau
Pour évoluer d'une version majeure à une autre pour MSE, il faut lancer Update.exe présent dans %ProgramFiles%\Microsoft Security Essentials\.
