Configuring Windows Defender Group Policy
You can configure some aspects of Windows Defender Group Policy settings. Windows Defender Group Policy settings are located in Computer Configuration\Administrative Templates \Windows Components\Windows Defender. From that node, you can configure the following settings:
- Turn On Definition Updates Through Both WSUS And Windows Update Enabled by default, this setting configures Windows Defender to check Windows Update when a WSUS server is not available locally. This can help ensure that mobile clients, who might not regularly connect to your local network, can receive all new signature updates. If you disable this setting, Windows Defender checks for updates using only the setting defined for the Automatic Updates client-either an internal WSUS server or Windows Update.
- Turn On Definition Updates Through Both WSUS And The Microsoft Malware Protection Center Provides similar functionality to the previous Group Policy setting, but clients download updates from a different site. You should set these two policies to the same value unless the computer has no access to the Internet and relies only on an internal WSUS server.
- Check For New Signatures Before Scheduled Scans Disabled by default, you can enable this setting to cause Windows Defender to always check for updates prior to a scan. This helps ensure that Windows Defender has the most up-to-date signatures. When you disable this setting, Windows Defender still downloads updates on a regular basis but will not necessarily check immediately prior to a scan.
- Turn Off Windows Defender Enable this setting to turn off Windows Defender real-time protection and to remove any scheduled scans. You should enable this setting only if you are using different anti-malware software. If Windows Defender is turned off, users can still run the tool manually to scan for potentially unwanted software.
- Turn Off Real-Time Monitoring If you enable this policy setting, Windows Defender does not prompt users to allow or block unknown activity. If you disable or do not configure this policy setting, by default Windows Defender prompts users to allow or block unknown activity on their computers.
- Turn Off Routinely Taking Action By default, Windows Defender will take action on all detected threats automatically after about ten minutes. Enable this policy to configure Windows Defender to prompt the user to choose how to respond to a threat.
- Configure Microsoft SpyNet Reporting SpyNet is the online community that helps users choose how to respond to potential spyware threats that Microsoft has not yet classified by showing users how other members have responded to an alert. When enabled and set to Basic or Advanced, Windows Defender will display information about how other users responded to a potential threat. When enabled and set to Basic, Windows Defender will also submit a small amount of information about the potentially malicious files on the user's computer. When set to Advanced, Windows Defender will send more detailed information. If you enable this setting and set it to No Membership, SpyNet will not be used, and the user will not be able to change the setting. If you leave this setting Disabled (the default), SpyNet will not be used unless the user changes the setting on his local computer. The Microsoft Malware Protection Center recommends that this setting be set to Advanced to provide their analysts with more complete information on potentially unwanted software.
Windows Defender Group Policy settings are defined in WindowsDefender.admx, which is included with Windows 7.
In this tutorial:
- Windows 7 Client Protection
- Understanding the Risk of Malware
- User Account Control in Windows 7
- UAC for Standard Users
- UAC for Administrators
- UAC User Interface
- Secure Desktop
- How Windows Determines Whether an Application Needs Administrative Privileges
- How to Control UAC Using Application Properties
- How UAC Examines the Application Manifest
- UAC Heuristics
- UAC Virtualization
- UAC and Startup Programs
- Compatibility Problems with UAC
- How to Configure UAC
- Group Policy Settings
- Control Panel
- Msconfig.exe
- How to Configure Auditing for Privilege Elevation
- Other UAC Event Logs
- Best Practices for Using UAC
- AppLocker
- AppLocker Rule Types
- Auditing AppLocker Rules
- DLL Rules
- Custom Error Messages
- Using AppLocker with Windows PowerShell
- Using Windows 7 Defender
- Understanding Windows Defender
- Automatic Scanning
- Real-Time Protection
- Windows Defender Alert Levels
- Understanding Microsoft SpyNet
- Configuring Windows Defender Group Policy
- Configuring Windows Defender on a Single Computer
- How to Determine Whether a Computer Is Infected with Spyware
- Best Practices for Using Windows Defender
- How to Troubleshoot Problems with Unwanted Software
- Network Access Protection
- Forefront