finalize cloud

windows/keep-secure/WDAV-working/configure-block-at-first-sight-windows-defender-antivirus.md

@@ -16,11 +16,11 @@ author: iaanw
 
 
 
-# Enable and validate the Block at First Sight feature
+# Enable the Block at First Sight feature
 
 **Applies to**
 
-- Windows 10, version 1607
+- Windows 10, version 1703
 
 **Audience**
 
@@ -29,39 +29,37 @@ author: iaanw
 **Manageability available with**
 
 - Group Policy
-- Windows Settings
+- Windows Defender Security Center app
 
 
-Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds. 
+Block at First Sight is a feature of Windows Defender Antivirus cloud-delivered protection that provides a way to detect and block new malware within seconds. 
 
-It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention.
+It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. You can use group policy settings to confirm the feature is enabled.
 
 You can also [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file.
 
+> [!IMPORTANT]
+> There is no specific individual setting in System Center Configuration Manager to enable or disable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. You must use Group Policy settings to enable or disable the feature.
+
 ## How it works
 
-When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works.
+When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. The following video describes how this feature works.
+
+The Block at first sight feature only uses the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file.
 
 <iframe 
 src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc62c59" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe> 
 
-> [!NOTE]
-> The Block at first sight feature only use the cloud protection backend for executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the EXE file is checked via the cloud backend to determine if this is a previously undetected file.
+If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. 
 
-If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file. 
-
-In many cases this process can reduce the response time to new malware from hours to seconds.
-
-> [!NOTE]
-> Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files.
+In many cases this process can reduce the response time for new malware from hours to seconds.
 
 
 ## Confirm and validate Block at First Sight is enabled
 
-Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender deployments in enterprise networks.
+Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
+
 
-> [!IMPORTANT]
-> There is no specific individual setting in System Center Configuration Manager to enable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. You can disable it individually, or if you disable the pre-requisite settings then it will be automatically disabled.
 
 ### Confirm Block at First Sight is enabled with Group Policy
 
@@ -95,51 +93,29 @@ Block at First Sight requires a number of Group Policy settings to be configured
 If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered.
 
 
-### Confirm Block at First Sight is enabled with Windows Settings
+### Confirm Block at First Sight is enabled with the Windows Defender Security Center app
+
+You can confirm that Block at First Sight is enabled in Windows Settings. 
+
+The feature is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
+
+**Confirm Block at First Sight is enabled on individual clients**
+
+1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+
+![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center app](images/defender/wdav-protection-settings-wdsc.png)
+    
+3.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
 
 > [!NOTE]
 > If the pre-requisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
 
-You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
-
-**Confirm Block at First Sight is enabled on individual clients**
-
-1. Open Windows Defender settings:
-
-    a. Open the Windows Defender app and click **Settings**.
-    
-    b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**.
-
-2.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
 
 ### Validate Block at First Sight is working
 
-Tthere are two scenarios that fall into the Block at First Sight feature:
-•	Scenario 1: Windows Defender AV cloud-based protection is able to determine the file is malware or clean based on data sent from the endpoint 
-•	Scenario 2: Windows Defender AV needs to process the file in the cloud-based protection back-end to reach a verdict
- 
-You can validate Scenario 1 by downloading and attempting to save a sample test file from http://aka.ms/ioavtest.
-
-If BLock at First Sight is configured correctly, you wil lreceive a notification from Windows Defender AV and, depending on your browser, a notice that says the file contained a virus and was deleted.
-
-The Windows Defender AV notification:
-malware-detected
-
-The notification in Edge:
-bafs-edge
-
-
-The notification in Internet Explorer:
-bafs-ie
-
-
-
-The notification in Chrome: 
-chrome-ie
-
-
-
- - if everything is configured correctly Windows Defender Cloud Protection will determine the file is malware (without needing a copy of the file) and block it based purely on metadata sent to the cloud. 
+You can validate that the feature is working by following the steps outlined in the [Validate connections between your network and the cloud](configure-network-connections-windows-defender-antivirus.md#validate) topic.
 
 
 ## Disable Block at First Sight
@@ -147,9 +123,6 @@ chrome-ie
 > [!WARNING]
 > Disabling the Block at First Sight feature will lower the protection state of the endpoint and your network.
 
-> [!NOTE]
-> You cannot disable Block at First Sight with System Center Configuration Manager
-
 You may choose to disable the Block at First Sight feature if you want to retain the pre-requisite settings without using Block at First Sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.
 
 **Disable Block at First Sight with Group Policy**
@@ -160,7 +133,7 @@ You may choose to disable the Block at First Sight feature if you want to retain
 
 4.  Click **Policies** then **Administrative templates**.
 
-5.  Expand the tree through **Windows components > Windows Defender > MAPS**.
+5.  Expand the tree through **Windows components > Windows Defender Antivirus > MAPS**.
 
 1.  Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Disabled**.
 

windows/keep-secure/WDAV-working/configure-cloud-block-timeout-period-windows-defender-antivirus.md

@@ -28,9 +28,14 @@ author: iaanw
 
 - Group Policy
 
+
+
+
+
+
 When Windows Defender Antivirus is suspicious of a file, it can prevent the file from running while it queries the [Windows Defender Antivirus cloud-protection service](utilize-microsoft-cloud-protection-windows-defender-antivirus.md).
 
-The default period that the file will be [blocked](configure-block-at-first-sight-windows-defender-antivirus.md) for is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defendre Antivirus cloud.
+The default period that the file will be [blocked](configure-block-at-first-sight-windows-defender-antivirus.md) for is 10 seconds. You can specify an additional period of time to wait before the file is allowed to run. This can help ensure there is enough time to receive a proper determination from the Windows Defender Antivirus cloud.
 
 
 
@@ -46,25 +51,21 @@ You can use Group Policy to specify an extended timeout for cloud checks.
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+2.  In the **Group Policy Management Editor** go to **Computer configuration**.
 
-4.  Click **Policies** then **Administrative templates**.
+3.  Click **Policies** then **Administrative templates**.
 
-5.  Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**
+4.  Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**
     
-1.  Double-click the **Configure extended cloud check** setting and ensure the option is enabled. Specify the additional amount of time to prevent the file from running while waiting for a cloud determination.  You can specify the additional time, in seconds, from 1 second to 60 seconds. 
+5.  Double-click the **Configure extended cloud check** setting and ensure the option is enabled. Specify the additional amount of time to prevent the file from running while waiting for a cloud determination.  You can specify the additional time, in seconds, from 1 second to 50 seconds. This time will be added to the default 10 seconds.
     
-1. Click **OK**.
-
-
->[!IMPORTANT]
->The [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature and its prerequisites must be enabled before you can specifiy an extended timeout period. 
+6. Click **OK**.
 
 
 ## Related topics
 
 - [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
-- [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+- [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 - [Configure the Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md)
 - [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
 

windows/keep-secure/WDAV-working/configure-network-connections-windows-defender-antivirus.md

@@ -17,12 +17,13 @@ author: iaanw
 
 **Applies to:**
 
-- Windows 10
+- Windows 10, version 1703
 
 **Audience**
 
 - Enterprise security administrators
 
+
 To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers.
 
 This topic lists the connections that must be allowed, including firewall rules, and provides instructions for validating your connection. This will help ensure you receive the best protection from our cloud-delivered protection services.
@@ -36,7 +37,7 @@ The Windows Defender Antivirus cloud provides fast, strong protection for your e
 >[!NOTE] 
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
 
-See the [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) topic for details on enabling the service with Group Policy, System Center Configuration Manager, PowerShell cmdlets, Microsoft Intune, or on individual clients through Windows Settings.
+See the [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) topic for details on enabling the service with Group Policy, System Center Configuration Manager, PowerShell cmdlets, Microsoft Intune, or on individual clients in the Windows Defender Security Center app.
 
 After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
 
@@ -131,6 +132,8 @@ This update uses SSL (TCP Port 443) to download manifests and upload telemetry t
 </tr>
 </table>
 
+<a id="validate"></a>
+
 
 ## Validate connections between your network and the cloud
 
@@ -156,13 +159,29 @@ Download the file by visiting the following link:
 >[!NOTE] 
 >This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud.
 
-If you are properly connected, you will see a warning notification:
+If you are properly connected, you will see a warning notification from Windows Defender Antivirus:
 
-![Windows Defender Antivirus notification informing the user that malware was found](images/defender/malware-detected.png)
+![Windows Defender Antivirus notification informing the user that malware was found](images/defender/wdav-malware-detected.png)
 
-You will also see a detection in the **Quarantine** section of the **History** tab in the Windows Defender Antivirus app:
+If you are using Microsoft Edge, you'll also see a notification message:
 
-![Screenshot of the quarantine section in the Windows Defender Antivirus app](images/defender/quarantine.png)
+![Microsoft Edge informing the user that malware was found](images/defender/wdav-bafs-edge.png)
+
+A similar message occurs if you are uding Internet Explorer:
+
+![Windows Defender Antivirus notification informing the user that malware was found](images/defender/wdav-bafs-ie.png)
+
+You will also see a detection under **Quarantined threats** in the **Scan history** section in the Windows Defender Security Center app:
+
+1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Scan history** label:
+
+    ![Screenshot of the Scan history label in the Windows Defender Security Center app](images/defender/wdav-history-wdsc.png)
+    
+3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware:
+
+    ![Screenshot of quarantined items in the Windows Defender Security Center app](images/defender/wdav-quarantined-history-wdsc.png)
 
 The Windows event log will also show [Windows Defender client event ID 2050](event-ids-windows-defender-antivirus.md).
 

windows/keep-secure/WDAV-working/enable-cloud-protection-windows-defender-antivirus.md

@@ -1,7 +1,7 @@
 ---
 title: Enable cloud-delivered protection in Windows Defender Antivirus
 description: Enable cloud-delivered protection to benefit from fast and advanced protection features.
-keywords: windows defender antivirus, antimalware, security, defender, cloud, block at first sight
+keywords: windows defender antivirus, antimalware, security, cloud, block at first sight
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -24,6 +24,14 @@ author: iaanw
 
 - Enterprise security administrators
 
+**Manageability available with**
+
+- Group Policy
+- System Center Configuration Manager
+- PowerShell cmdlets
+- Windows Management Instruction (WMI)
+- Microsoft Intune
+- Windows Defender Security Center app
 
 
 >[!NOTE] 
@@ -31,14 +39,14 @@ author: iaanw
 
 
 
-You can enable or disable cloud-delivered protection with Group Policy, System Center Configuration Manager, PowerShell cmdlets, Microsoft Intune, or on individual clients through Windows Settings.
+You can enable or disable cloud-delivered protection with Group Policy, System Center Configuration Manager, PowerShell cmdlets, Microsoft Intune, or on individual clients in the Windows Defender Security Center app.
 
-See  [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-based protection.
+See [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) for an overview of Windows Defender Antivirus cloud-based protection.
 
-There are specific network-connectivity requirements to ensure your endpoints can connect to the cloud-based protection service. See [Configure and validate network connections for cloud-based protection](configure-network-connections-windows-defender-antivirus.md) for more details.
+There are specific network-connectivity requirements to ensure your endpoints can connect to the cloud-delivered protection service. See [Configure and validate network connections for Windows Defender AV](configure-network-connections-windows-defender-antivirus.md) for more details.
 
 >[!NOTE]
->In Windows 10, there is no difference between the **Basic** and **Advanced** options described in this topic. This is a legacy distinction and choosing either setting will result in the same level of cloud-based protection. There is no difference in the type or amount of information that is shared. See the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=521839) for more information on what we collect.
+>In Windows 10, there is no difference between the **Basic** and **Advanced** options described in this topic. This is a legacy distinction and choosing either setting will result in the same level of cloud-delivered protection. There is no difference in the type or amount of information that is shared. See the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=521839) for more information on what we collect.
 
 
 **Use Group Policy to enable cloud-delivered protection:**
@@ -84,6 +92,18 @@ Set-MpPreference -SubmitSamplesConsent 3
 
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus)  and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
 
+**Use Windows Management Instruction (WMI) to enable cloud-delivered protection:**
+
+Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn439474(v=vs.85).aspx) class for the following properties:
+
+```WMI
+MAPSReporting 
+SubmitSamplesConsent
+```
+
+See the following for more information and allowed parameters:
+- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
+
 **Use Intune to enable cloud-delivered protection**
 
 1.  Open the [Microsoft Intune administration console](https://manage.microsoft.com/), and navigate to the associated policy you want to configure.
@@ -94,27 +114,29 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use
         > [!WARNING]
         > Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
 5. Scoll down to the **Microsoft Active Protection Service** section and set the following settings:
-    Name | Set to
-    :--|:--
-    **Join Microsoft Active Protection Service** | **Yes**
-    **Membership level** | **Advanced**
-    **Receive dynamic definitions based on Microsoft Active Protection Service reports** | **Yes**
+    
+   Setting | Set to
+    --|--
+    Join Microsoft Active Protection Service | Yes
+    Membership level | Advanced
+    Receive dynamic definitions based on Microsoft Active Protection Service reports | Yes
+  
 3.  Save and [deploy the policy as usual](https://docs.microsoft.com/en-us/intune/deploy-use/common-windows-pc-management-tasks-with-the-microsoft-intune-computer-client).
 
 See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) for more details.
 
-**Enable cloud-delivered protection on individual clients with Windows Settings**
+**Enable cloud-delivered protection on individual clients with the Windows Defender Security Center app**
 > [!NOTE]
 > If the **Configure local setting override for reporting Microsoft MAPS** GP setting is set to **Disabled**, then the **Cloud-based protection** setting in Windows Settings will be greyed-out and unavailable. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
 
-1. Open Windows Defender settings in one of these ways:
 
-    a. Open the Windows Defender Antivirus app and click **Settings**.
+1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-    b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender Antivirus**.
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
 
-2.	Switch **Cloud-based Protection** to **On**.
-3.  Switch **Automatic sample submission** to **On**.
+![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center app](images/defender/wdav-protection-settings-wdsc.png)
+    
+3.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
 
 >[!NOTE]
 >If automatic sample submission has been configured with GP then the setting will be greyed-out and unavailble.
@@ -127,5 +149,5 @@ See [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](http
 - [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus.md)
 - [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)]
 - [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx)
-- [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+- [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 - [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service)

windows/keep-secure/WDAV-working/utilize-microsoft-cloud-protection-windows-defender-antivirus.md

@@ -1,7 +1,7 @@
 ---
-title: Utilize cloud-provided protection in Windows Defender Antivirus
-description: Cloud-provided protection provides an advanced level of fast, robust antivirus detection.
-keywords: windows defender antivirus, antimalware, security, defender, cloud, cloud-based protection
+title: Utilize cloud-delivered protection in Windows Defender Antivirus
+description: Cloud-delivered protection provides an advanced level of fast, robust antivirus detection.
+keywords: windows defender antivirus, antimalware, security, defender, cloud, cloud-delivered protection
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
@@ -12,7 +12,7 @@ localizationpriority: medium
 author: iaanw
 ---
 
-# Utilize Microsoft cloud-provided protection in Windows Defender Antivirus
+# Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus
 
 **Applies to:**
 
@@ -52,6 +52,3 @@ Cloud block timeout period | No | No | Configurable | Not configurable | Configu
 [Configure and validate network connections for Windows Defender Antivirus](configure-network-connections-windows-defender-antivirus.md) | There are certain Microsoft URLs that your network and endpoints must be able to connect to for cloud-delivered protection to work effectively. This topic lists the URLs that should be allowed via firewall or network filtering rules, and instructions for confirming your network is properly enrolled in cloud-delivered protection.
 [Configure the Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) | The Block at First Sight feature can block new malware within seconds, without having to wait hours for a traditional signature. You can enable and configure it with System Center Configuration Manager and Group Policy.
 [Configure the cloud block timeout period](configure-cloud-block-timeout-period-windows-defender-antivirus.md) | Windows Defender Antivirus can block suspicious files from running while it queries our cloud-based protection service. You can configure the amount of time the file will be prevented from running with System Center Configuration Manager and Group Policy.
-
-
-