mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-20 17:27:23 +00:00
ms.custom: nextgen
This commit is contained in:
Denise Vangel-MSFT
parent
e55837386f
commit
1fb0104671
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -32,7 +33,7 @@ When the user returns to work and logs on to their PC, Windows Defender Antiviru
|
||||
|
||||
If Windows Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-windows-defender-antivirus.md).
|
||||
|
||||
**Use Configuration Manager to configure catch-up protection updates:**
|
||||
### Use Configuration Manager to configure catch-up protection updates
|
||||
|
||||
1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
|
||||
|
||||
@ -45,7 +46,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie
|
||||
|
||||
4. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
|
||||
|
||||
**Use Group Policy to enable and configure the catch-up update feature:**
|
||||
### Use Group Policy to enable and configure the catch-up update feature
|
||||
|
||||
1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
@ -59,7 +60,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie
|
||||
|
||||
6. Click **OK**.
|
||||
|
||||
**Use PowerShell cmdlets to configure catch-up protection updates:**
|
||||
### Use PowerShell cmdlets to configure catch-up protection updates
|
||||
|
||||
Use the following cmdlets:
|
||||
|
||||
@ -69,7 +70,7 @@ Set-MpPreference -SignatureUpdateCatchupInterval
|
||||
|
||||
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
|
||||
|
||||
**Use Windows Management Instruction (WMI) to configure catch-up protection updates:**
|
||||
### Use Windows Management Instruction (WMI) to configure catch-up protection updates
|
||||
|
||||
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
|
||||
|
||||
@ -81,13 +82,11 @@ See the following for more information and allowed parameters:
|
||||
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
|
||||
|
||||
|
||||
|
||||
|
||||
## Set the number of days before protection is reported as out-of-date
|
||||
|
||||
You can also specify the number of days after which Windows Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source.
|
||||
|
||||
**Use Group Policy to specify the number of days before protection is considered out-of-date:**
|
||||
### Use Group Policy to specify the number of days before protection is considered out-of-date
|
||||
|
||||
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
|
||||
|
||||
@ -106,8 +105,6 @@ You can also specify the number of days after which Windows Defender Antivirus p
|
||||
4. Click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Set up catch-up scans for endpoints that have not been scanned for a while
|
||||
|
||||
You can set the number of consecutive scheduled scans that can be missed before Windows Defender Antivirus will force a scan.
|
||||
@ -120,7 +117,7 @@ The process for enabling this feature is:
|
||||
|
||||
This feature can be enabled for both full and quick scans.
|
||||
|
||||
**Use Group Policy to enable and configure the catch-up scan feature:**
|
||||
### Use Group Policy to enable and configure the catch-up scan feature
|
||||
|
||||
1. Ensure you have set up at least one scheduled scan.
|
||||
|
||||
@ -140,7 +137,7 @@ This feature can be enabled for both full and quick scans.
|
||||
> [!NOTE]
|
||||
> The Group Policy setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run.
|
||||
|
||||
**Use PowerShell cmdlets to configure catch-up scans:**
|
||||
### Use PowerShell cmdlets to configure catch-up scans
|
||||
|
||||
Use the following cmdlets:
|
||||
|
||||
@ -152,7 +149,7 @@ Set-MpPreference -DisableCatchupQuickScan
|
||||
|
||||
See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
|
||||
|
||||
**Use Windows Management Instruction (WMI) to configure catch-up scans:**
|
||||
### Use Windows Management Instruction (WMI) to configure catch-up scans
|
||||
|
||||
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
|
||||
|
||||
@ -165,7 +162,7 @@ See the following for more information and allowed parameters:
|
||||
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
|
||||
|
||||
|
||||
**Use Configuration Manager to configure catch-up scans:**
|
||||
### Use Configuration Manager to configure catch-up scans
|
||||
|
||||
1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
|
||||
|
||||
@ -175,8 +172,7 @@ See the following for more information and allowed parameters:
|
||||
|
||||
4. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
|
||||
|
||||
|
||||
## Related topics
|
||||
## Related articles
|
||||
|
||||
- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
|
||||
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -24,6 +25,7 @@ manager: dansimp
|
||||
|
||||
There are two types of updates related to keeping Windows Defender Antivirus up to date:
|
||||
1. Protection updates
|
||||
|
||||
2. Product updates
|
||||
|
||||
You can also apply [Windows security baselines](https://technet.microsoft.com/itpro/windows/keep-secure/windows-security-baselines) to quickly bring your endpoints up to a uniform level of protection.
|
||||
@ -34,7 +36,6 @@ Windows Defender Antivirus uses both [cloud-delivered protection](utilize-micros
|
||||
|
||||
The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection.
|
||||
|
||||
|
||||
## Product updates
|
||||
|
||||
Windows Defender Antivirus requires [monthly updates](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "engine updates" and "platform updates"), and will receive major feature updates alongside Windows 10 releases.
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -28,7 +29,6 @@ You can use System Center Configuration Manager to [monitor Windows Defender Ant
|
||||
|
||||
Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender Antivirus issues, including protection updates and real-time protection settings.
|
||||
|
||||
|
||||
If you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client events](https://msdn.microsoft.com/library/windows/desktop/aa964766(v=vs.85).aspx).
|
||||
|
||||
Windows events comprise several security event sources, including Security Account Manager (SAM) events ([enhanced for Windows 10](https://technet.microsoft.com/library/mt431757.aspx), also see the [Security audting](/windows/device-security/auditing/security-auditing-overview) topic) and [Windows Defender events](troubleshoot-windows-defender-antivirus.md).
|
||||
@ -39,7 +39,7 @@ You can also [monitor malware events using the Malware Assessment solution in Lo
|
||||
|
||||
For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, management, and reporting options table)](deploy-manage-report-windows-defender-antivirus.md#ref2).
|
||||
|
||||
## Related topics
|
||||
## Related articles
|
||||
|
||||
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
|
||||
- [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 11/16/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -32,7 +33,7 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y
|
||||
> [!NOTE]
|
||||
> You can also use the dedicated command-line tool [mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) to restore quarantined files in Windows Defender AV.
|
||||
|
||||
## Related topics
|
||||
## Related articles
|
||||
|
||||
- [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)
|
||||
- [Review scan results](review-scan-results-windows-defender-antivirus.md)
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 12/10/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
---
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/11/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -46,7 +47,7 @@ You can directly view the event log, or if you have a third-party security infor
|
||||
|
||||
The table in this section lists the main Windows Defender Antivirus event IDs and, where possible, provides suggested solutions to fix or resolve the error.
|
||||
|
||||
**To view a Windows Defender Antivirus event**
|
||||
## To view a Windows Defender Antivirus event
|
||||
|
||||
1. Open **Event Viewer**.
|
||||
2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender Antivirus**.
|
||||
@ -54,9 +55,6 @@ The table in this section lists the main Windows Defender Antivirus event IDs an
|
||||
4. In the details pane, view the list of individual events to find your event.
|
||||
5. Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs.
|
||||
|
||||
|
||||
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<th colspan="2" >Event ID: 1000</th>
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -143,12 +144,7 @@ Threats | Specify threat alert levels at which default action should not be take
|
||||
Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Related topics
|
||||
## Related articles
|
||||
|
||||
- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
|
||||
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -31,7 +32,7 @@ See the [Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use
|
||||
For Microsoft Intune, consult the [Microsoft Intune library](https://docs.microsoft.com/intune/introduction-intune) and [Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
|
||||
|
||||
|
||||
## Related topics
|
||||
## Related articles
|
||||
|
||||
- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
|
||||
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -38,7 +39,7 @@ You can [configure which settings can be overridden locally with local policy ov
|
||||
PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_.
|
||||
|
||||
|
||||
**Use Windows Defender Antivirus PowerShell cmdlets:**
|
||||
## Use Windows Defender Antivirus PowerShell cmdlets
|
||||
|
||||
1. Click **Start**, type **powershell**, and press **Enter**.
|
||||
2. Click **Windows PowerShell** to open the interface.
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
|
||||
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: dansimp
|
||||
ms.author: dansimp
|
||||
author: denisebmsft
|
||||
ms.author: deniseb
|
||||
ms.custom: nextgen
|
||||
ms.date: 09/03/2018
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user