Defender Manager Default Configuration

Updated 4 months ago by Carl Banzhof

The table below describest the various Windows Defender Configuration Options found in Defender Manager and their default values.

Category

Default Value

Description

General

Enable Windows Defender

No

The master switch for enabling Windows Defender on a device.

General Notifications and UI

Disable Security Center Notifications

Yes

Disables notifications from being displayed in Security Center

Disable Windows Defender UI

Yes

Prevents any Defender configuration UI from being displayed

Disable Windows Defender Notifications

Yes

Prevents popup notifications in the task bar or system tray

General Signatures

Update Signatures Every (hours)

1

Check for new AV/AS signatures every 1 hour

Check for Signature Update Before Running Scan

Yes

Check for new AV/AS signatures before a scheduled scan

Real-time Protection

Real-time Monitoring

On

Enable the real-time monitoring component

Behaioral Monitoring

On

Enable the behavioral monitoring component

Scan All Downloaded Files and Attachements

On

Scan all files downloaded via IE/Edge browsers

Script Scanning

On

Scan scripts for malicious content before execution

NTFS File Direction Scanning

Both

Scan files that are both being written to disk and sent over the network / internet

Cloud Protection

Block At First Sight

On

Block executable content that has not been seen before by the Microsoft Cloud.

Reporting Level

Advanced

Automatic Sample Submission

Send All Samples Automatically

Automatically send suspicous executable content files to the Microsoft Cloud for further analysis

PUA Protection

Audit

Enable reporting but not take action on potentially unwanted software

Scans

Only Scan When Idle

Yes

Only begin a scan when the system is idle

Email Scanning

On

Parses the mailbox and mail files, according to their specific format, in order to

analyze mail bodies and attachments. Windows Defender supports several formats, including .pst, .dbx, .mbx, .mime, and .binhex

Perform Catchup Quick Scans

On

Configures whether Windows Defender runs catch-up scans for scheduled quick scans.

A computer can miss a scheduled scan, usually because the computer is off at the scheduled time. 

Perform Catchup Full Scans

Off

Configures whether Windows Defender runs catch-up scans for scheduled full scans.

A computer can miss a scheduled scan, usually because the computer is off at the scheduled time. 

Scan Removable Drives

On

Configures whether to scan for malicious and unwanted software in removable drives, such as flash drives, during a full scan.

Scan Restore Points

On

Configures whether to enable scanning of restore points

Scan Mapped Network Drives for Full Scan

Off

Configures whether to scan mapped network drives during a full scan

Scan Network Files

Off

Configures whether to scan for network files

Remove Quarantine Items After (Days)

7

Specifies the number of days to keep items in the Quarantine folder. If you specify a value of zero, items stay in the Quarantine folder indefinitely

Scheduled Scan Type

Quick Scan

Specifies the scan type used for scheduled scans

Scheduled Scan Day of Week

Everyday

Specifies the day of the week on which to perform a scheduled scan. Alternatively, specify Everyday for a scheduled scan or Never.

Scheduled Scan Time of Day

0

Specifies the time of day, as the number of minutes after midnight, to perform a scheduled scan. The time refers to the local time on the computer.

Randomize Scheduled Scan Times

No

Configures whether to select a random time for the scheduled start and scheduled update for definitions.

If you specify a value of Enabled, scheduled tasks begin within 30 minutes, before or after, the scheduled time

Threat Actions

Unknown Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a Unknown level threat.

Low Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a Low level threat.

Moderate Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a Moderate level threat.

High Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a High level threat.

Severe Threat Default Action

Clean

Specifies which automatic remediation action to take for a Severe level threat.

Advanced

Block Executable Content From Email and Webmail

Enabled

Details

Block Office Applications from Creating Child Processes

Audit

Details

Block Office Applications From Creating Executable Content

Enabled

Details

Block Office Applications From Injecting Into Other Processes

Enabled

Details

Prevent JavaScript and VBScript From Launching Executables

Audit

Details

Block Execution of Potentially Obfuscated Scripts

Audit

Details

Block Win32 Imports From Macro Code in Office Applications

Enabled

Details

Block Executables From Running Unless They Meet Prevelance, Age or Trusted List Criteria

Enabled

Details

Block Credential Stealing From the Windows Local Security Authority Subsystem (lsass.exe)

Audit

Details

Block Process Creation Originating From PsExec and WMI commands

Audit

Details

Block Untrusted and Unsigned Processes That Run From USB

Enabled

Details

Use Advanced Protection Against Ransomware

Enabled

Details

Block Only Office Communications Applications From Creating Child Processes

Enabled

Details

Block Adobe Reader From Creating Child Processes

Enabled

Details

Network Protection

Audit

Details

Folder Access

Disabled

Details

Exclusions

Process Exclusions

None

Process names to exclude any files opened by the processes that you specify from scheduled and real-time scanning. 

Path Exclusions

None

File paths to exclude from scheduled and real-time scanning. You can specify a folder to exclude all the files under the folder

Extension Exclusions

None

File name extensions, such as obj or lib, to exclude from scheduled, custom, and real-time scanning.


How did we do?


Powered by HelpDocs

Powered by HelpDocs