Send file samples when further analysis is required.
This policy setting allows you to configure automatic sample submission to the Microsoft Active Protection Service (MAPS).
You can choose when to prompt the user for sample submissions, or disable sample submission. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.
Possible options are:
Automatic sample submission disabled. End-users will always be prompted for samples (default) (0x0)
Most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation (0x1)
All sample submission disabled. Samples will never be sent and end-users will never be prompted (0x2)
All samples will be sent automatically. All files determined to require further analysis will be sent automatically without prompting (0x3)
If you disable or do not configure this setting, the user will be prompted to send samples to the Microsoft Active Protection Service (MAPS).
Supported on: At least Windows Vista
| Registry Hive | HKEY_LOCAL_MACHINE |
| Registry Path | Software\Policies\Microsoft\Microsoft Antimalware\SpyNet |
| Value Name | SubmitSamplesConsent |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |
Send file samples when further analysis is required
- Automatic submission disabled - Always prompt
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Microsoft\Microsoft Antimalware\SpyNet Value Name SubmitSamplesConsent Value Type REG_DWORD Value 0 - Enabled - Prompt for samples that contain personal information
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Microsoft\Microsoft Antimalware\SpyNet Value Name SubmitSamplesConsent Value Type REG_DWORD Value 1 - All submission disabled - Never prompt
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Microsoft\Microsoft Antimalware\SpyNet Value Name SubmitSamplesConsent Value Type REG_DWORD Value 2 - Enabled - Always send samples without prompting
Registry Hive HKEY_LOCAL_MACHINE Registry Path Software\Policies\Microsoft\Microsoft Antimalware\SpyNet Value Name SubmitSamplesConsent Value Type REG_DWORD Value 3
systemcenterendpointprotection.admx
- System
- System Center Endpoint Protection
- Client Interface
- Exclusions
- Microsoft Active Protection Service (MAPS)
- Network Inspection System Exclusions
- Network Inspection System
- Quarantine
- Real-time Protection
- Configure local setting override for monitoring file and program activity on your computer
- Configure local setting override for monitoring for incoming and outgoing file activity
- Configure local setting override for scanning all downloaded files and attachments
- Configure local setting override for turn on behavior monitoring
- Configure local setting override for turn on script scanning
- Configure local setting override to turn off Intrusion Prevention System
- Configure local setting override to turn on real-time protection
- Configure monitoring for incoming and outgoing file and program activity
- Define the maximum size of downloaded files and attachments to be scanned
- Monitor file and program activity on your computer
- Scan all downloaded files and attachments
- Turn on behavior monitoring
- Turn on Information Protection Control
- Turn on network protection against exploits of known vulnerabilities
- Turn on process scanning whenever real-time protection is enabled
- Turn on raw volume write notifications
- Turn on real-time protection
- Turn on script scanning
- Remediation
- Reporting
- Configure time out for detections in critically failed state
- Configure time out for detections in non-critical failed state
- Configure time out for detections in recently remediated state
- Configure time out for detections requiring additional action
- Configure Watson events
- Configure Windows software trace preprocessor components
- Configure WPP tracing level
- Scan
- Allow users to pause scan
- Check for the latest virus and spyware definitions before running a scheduled scan
- Configure local setting override for maximum percentage of CPU utilization
- Configure local setting override for scheduled quick scan time
- Configure local setting override for scheduled scan time
- Configure local setting override for schedule scan day
- Configure local setting override for the scan type to use for a scheduled scan
- Create a system restore point
- Run full scan on mapped network drives
- Scan archive files
- Scan network files
- Scan packed executables
- Scan removable drives
- Specify the day of the week to run a scheduled scan
- Specify the interval to run quick scans per day
- Specify the maximum depth to scan archive files
- Specify the maximum percentage of CPU utilization during a scan
- Specify the maximum size of archive files to be scanned
- Specify the scan type to use for a scheduled scan
- Specify the time for a daily quick scan
- Specify the time of day to run a scheduled scan
- Start the scheduled scan only when computer is on but not in use
- Turn on catch-up full scan
- Turn on catch-up quick scan
- Turn on e-mail scanning
- Turn on heuristics
- Turn on removal of items from scan history folder
- Turn on reparse point scanning
- Signature Updates
- Allow definition updates from Microsoft Update
- Allow definition updates when running on battery power
- Allow notifications to disable definitions based reports to Microsoft Active Protection Service (MAPS).
- Allow real-time definition updates based on reports to Microsoft Active Protection Service (MAPS)
- Check for the latest virus and spyware definitions on startup
- Define the number of days after which a catch-up definition update is required
- Define the number of days before spyware definitions are considered out of date
- Define the number of days before virus definitions are considered out of date
- Define the order of sources for downloading definition updates
- Initiate definition update on startup
- Specify the day of the week to check for definition updates
- Specify the interval to check for definition updates
- Specify the time to check for definition updates
- Turn on scan after signature update
- Threats
- Allow antimalware service to remain running always
- Allow antimalware service to startup with normal priority
- Configure local administrator merge behavior for lists
- Define addresses to bypass proxy server
- Define proxy server for connecting to the network
- Randomize scheduled task times
- Turn on Potentially Unwanted Application (PUA) detection
- Turn on routine remediation
- Turn on spyware definitions
- Turn on threat file hash logging
- Turn on virus definitions
- System Center Endpoint Protection