Windows Defender

These settings allow you to control the behavior of Windows Defender on managed Windows devices. Windows Defender protects devices against viruses, malware, spyware and other malicious software.

These options are available for Windows 10.

To view, edit, or delete Windows Defender policies:

  • 1. To view, edit, or delete Windows Defender policies for the entire organization, navigate to the dashboard home page. To view, edit, or delete Windows Defender policies for a group or sub group, navigate to that group or sub group.
  • 2. Click Policies.
  • 3. Click Windows Defender. The following will be displayed:

Windows Defender

Tip: One example of how this helps IT is “Allowing Full Scan on Network Drives” — something you would generally not want end users to be able to do. If end users thought they were doing the “safe” thing by scanning these network files, this could have a significantly negative impact.

Configurable Windows Defender parameters:

  • Allow cloud-based protection – To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
  • Allow archive scanning – Indicates whether to scan archive files, such as .zip and .cab files, for malicious and unwanted software.
  • Allow behavior monitoring – Indicates whether to enable behavior monitoring to protect against unknown exploits.
  • Allow email scanning – Indicates whether Windows Defender parses the mailbox and mail files, according to their specific format, in order to analyze mail bodies and attachments. Windows Defender supports several formats, including .pst, .dbx, .mbx, .mime, and .binhex.
  • Allow full scan on mapped drives – Indicates whether to scan mapped network drives.
  • Allow full scan on removable drives – Indicates whether to scan for malicious and unwanted software in removable drives, such as flash drives, during a full scan.
  • Allow intrusion prevention functionality – Indicates whether to configure network protection against exploitation of known vulnerabilities.
  • Allow IOAV protection – Indicates whether Windows Defender scans all downloaded files and attachments.
  • Allow on access protection – Allows or disallows Windows Defender On Access Protection functionality.
  • Allow real-time protection – Indicates whether to use real-time protection. Recommended
  • Allow scanning network files – Indicates whether to scan for network files. It is not recommended to scan network files.
  • Allow script scanning – Specifies whether to disable the scanning of scripts during malware scans.
  • Allow user to launch defender – Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.
  • Average CPU percentage for scans – Specifies the maximum percentage CPU usage for a scan. The acceptable values for this parameter are: integers from 5 through 100, and the value 0, which disables CPU throttling. Windows Defender does not exceed the percentage of CPU usage that you specify. The default value is 50.
  • Days to retain cleaned malware – Specifies the number of days to keep items in the Quarantine folder. If you specify a value of zero or do not specify a value for this parameter, items stay in the Quarantine folder indefinitely.
  • Real-time scan direction – Specifies scanning configuration for incoming and outgoing files on NTFS volumes.
  • Scan type – Specifies the scan type to use during a scheduled scan.
  • Scheduled quick scan time – Specifies the time of day, as the number of minutes after midnight, to perform a scheduled quick scan. The time refers to the local time on the computer.
  • Scheduled scan day – Specifies the day of the week on which to perform a scheduled scan. Alternatively, specify everyday for a scheduled scan or never.
  • Scheduled scan time – Specifies the time of day, as the number of minutes after midnight, to perform a scheduled scan. The time refers to the local time on the computer.
  • Update signature interval (hours) – Specifies the interval, in hours, at which to check for definition updates. The acceptable values for this parameter are: integers from 1 through 24. If you do not specify a value for this parameter, Windows Defender checks at the default interval.
  • Sample submission – Specifies how Windows Defender checks for user consent for certain samples. If consent has previously been granted, Windows Defender submits the samples.

Remember: Click the Save button to save any changes you make.