deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3063 from MicrosoftDocs/jreeds-rebrand-image

Browse Source 
Cut images showing old brand name
This commit is contained in:
Gary Moore
2020-06-12 18:24:41 -07:00
committed by GitHub
parent 983b8775e4 fc555d881c
commit 4482be1722
6 changed files with 72 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
View File

@ -68,7 +68,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t
Use the following argument with the Microsoft Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Microsoft Defender Antivirus cloud service:
```DOS
```console
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -ValidateMapsConnection
```
@ -87,9 +87,7 @@ Download the file by visiting the following link:
>[!NOTE]
>This file is not an actual piece of malware. It is a fake file that is designed to test if you are properly connected to the cloud.
If you are properly connected, you will see a warning Microsoft Defender Antivirus notification:
![Microsoft Defender Antivirus notification informing the user that malware was found](images/defender/wdav-malware-detected.png)
If you are properly connected, you will see a warning Microsoft Defender Antivirus notification.
If you are using Microsoft Edge, you'll also see a notification message:
@ -107,9 +105,7 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
![Screenshot of the Scan history label in the Windows Security app](images/defender/wdav-history-wdsc.png)
3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware:
![Screenshot of quarantined items in the Windows Security app](images/defender/wdav-quarantined-history-wdsc.png)
3. Under the **Quarantined threats** section, click the **See full history** label to see the detected fake malware.
> [!NOTE]
> Versions of Windows 10 before version 1703 have a different user interface. See [Microsoft Defender Antivirus in the Windows Security app](microsoft-defender-security-center-antivirus.md).

41
windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md
View File

@ -34,12 +34,17 @@ You can use **Local Group Policy Editor** to enable and configure Microsoft Defe
To enable and configure always-on protection:
1. Open **Local Group Policy Editor**. To do this:
1. In your Windows 10 taskbar search box, type **gpedit**.
2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**.
1. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**.
![GPEdit taskbar search result](images/gpedit-search.png)
2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus**.
![Microsoft Defender Antivirus](images/gpedit-windows-defender-antivirus.png)
3. Configure the Microsoft Defender Antivirus antimalware service policy settings. To do this:
1. In the **Microsoft Defender Antivirus** details pane on right, double-click the policy setting as specified in the following table:
| Setting | Description | Default setting |
@ -47,13 +52,15 @@ To enable and configure always-on protection:
| Allow antimalware service to startup with normal priority | You can lower the priority of the Microsoft Defender Antivirus engine, which may be useful in lightweight deployments where you want to have as lean a startup process as possible. This may impact protection on the endpoint. | Enabled
| Allow antimalware service to remain running always | If protection updates have been disabled, you can set Microsoft Defender Antivirus to still run. This lowers the protection on the endpoint. | Disabled |
2. Configure the setting as appropriate, and click **OK**.
3. Repeat the previous steps for each setting in the table.
1. Configure the setting as appropriate, and click **OK**.
1. Repeat the previous steps for each setting in the table.
4. Configure the Microsoft Defender Antivirus real-time protection policy settings. To do this:
1. In the **Microsoft Defender Antivirus** details pane, double-click **Real-time Protection**. Or, from the **Microsoft Defender Antivirus** tree on left pane, click **Real-time Protection**.
![Microsoft Defender Antivirus Real-time Protection options](images/gpedit-real-time-protection.png)
2. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table:
1. In the **Real-time Protection** details pane on right, double-click the policy setting as specified in the following table:
| Setting | Description | Default setting |
|-----------------------------|------------------------|-------------------------------|
@ -70,42 +77,54 @@ To enable and configure always-on protection:
| Configure local setting override for monitoring for incoming and outgoing file activity | Configure a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. | Enabled |
| Configure monitoring for incoming and outgoing file and program activity | Specify whether monitoring should occur on incoming, outgoing, both, or neither direction. This is relevant for Windows Server installations where you have defined specific servers or Server Roles that see large amounts of file changes in only one direction and you want to improve network performance. Fully updated endpoints (and servers) on a network will see little performance impact irrespective of the number or direction of file changes. | Enabled (both directions) |
3. Configure the setting as appropriate, and click **OK**.
4. Repeat the previous steps for each setting in the table.
1. Configure the setting as appropriate, and click **OK**.
1. Repeat the previous steps for each setting in the table.
5. Configure the Microsoft Defender Antivirus scanning policy setting. To do this:
1. From the **Microsoft Defender Antivirus** tree on left pane, click **Scan**.
![Microsoft Defender Antivirus Scan options](images/gpedit-windows-defender-antivirus-scan.png)
2. In the **Scan** details pane on right, double-click the policy setting as specified in the following table:
1. In the **Scan** details pane on right, double-click the policy setting as specified in the following table:
| Setting | Description | Default setting |
|-----------------------------|------------------------|-------------------------------|
| Turn on heuristics | Heuristic protection will disable or block suspicious activity immediately before the Microsoft Defender Antivirus engine is asked to detect the activity. | Enabled |
3. Configure the setting as appropriate, and click **OK**.
1. Configure the setting as appropriate, and click **OK**.
6. Close **Local Group Policy Editor**.
## Disable real-time protection in Group Policy
> [!WARNING]
> Disabling real-time protection drastically reduces the protection on your endpoints and is not recommended.
The main real-time protection capability is enabled by default, but you can disable it by using **Local Group Policy Editor**.
To disable real-time protection in Group policy:
1. Open **Local Group Policy Editor**.
1. In your Windows 10 taskbar search box, type **gpedit**.
2. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**.
1. Under **Best match**, click **Edit group policy** to launch **Local Group Policy Editor**.
2. In the left pane of **Local Group Policy Editor**, expand the tree to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Real-time Protection**.
3. In the **Real-time Protection** details pane on right, double-click **Turn off real-time protection**.
![Turn off real-time protection](images/gpedit-turn-off-real-time-protection.png)
4. In the **Turn off real-time protection** setting window, set the option to **Enabled**.
![Turn off real-time protection enabled](images/gpedit-turn-off-real-time-protection-enabled.png)
5. Click **OK**.
6. Close **Local Group Policy Editor**.
## Related articles

10
windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md
View File

@ -39,18 +39,12 @@ If Microsoft Defender Antivirus is enabled, the usual options will appear to con
![Windows Security app showing Microsoft Defender AV options, including scan options, settings, and update options](images/vtp-wdav.png)
If another antivirus product is installed and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options:
If another antivirus product is installed and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the **Virus & threat protection** section to show status about the AV product, and provide a link to the product's configuration options.
![Windows Security app showing ContosoAV as the installed and running antivirus provider. There is a single link to open ContosoAV settings.](images/vtp-3ps.png)
Underneath any third party AV products, a new link will appear as **Microsoft Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning.
![The limited periodic option is a toggle to enable or disable **periodic scanning**](images/vtp-3ps-lps.png)
Underneath any third party AV products, a new link will appear as **Microsoft Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. Note that the limited periodic option is a toggle to enable or disable periodic scanning.
Sliding the switch to **On** will show the standard Microsoft Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page.
![When enabled, periodic scanning shows the normal Microsoft Defender Antivirus options](images/vtp-3ps-lps-on.png)
## Related articles
- [Configure behavioral, heuristic, and real-time protection](configure-protection-features-microsoft-defender-antivirus.md)

6
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md
View File

@ -61,9 +61,7 @@ In Windows Server 2016, the **Add Roles and Features Wizard** looks like this:
![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)
In Windows Server 2019, the **Add Roles and Feature Wizard** looks like this:
![Add roles and features wizard Windows Server 2019](images/WDAV-WinSvr2019-turnfeatureson.jpg)
In Windows Server 2019, the **Add Roles and Feature Wizard** looks much the same.
### Turn on the GUI using PowerShell
@ -110,7 +108,7 @@ Get-Service -Name mpssvc
As an alternative to PowerShell, you can use Command Prompt to verify that Microsoft Defender Antivirus is running. To do that, run the following command from a command prompt:
```DOS
```console
sc query Windefend
```

8
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md
View File

@ -62,9 +62,7 @@ The prompt can occur via a notification, similar to the following:
![Windows notification showing the requirement to run Microsoft Defender Offline](images/defender/notification.png)
The user will also be notified within the Windows Defender client:
![Windows Defender showing the requirement to run Microsoft Defender Offline](images/defender/client.png)
The user will also be notified within the Windows Defender client.
In Configuration Manager, you can identify the status of endpoints by navigating to **Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status**.
@ -108,7 +106,7 @@ Use the [**MSFT_MpWDOScan**](https://msdn.microsoft.com/library/dn455323(v=vs.85
The following WMI script snippet will immediately run a Microsoft Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows.
```WMI
```console
wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start
```
@ -122,10 +120,8 @@ See the following for more information:
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Advanced scan** label:
3. Select **Microsoft Defender Offline scan** and click **Scan now**.
> [!NOTE]
> In Windows 10, version 1607, the offline scan could be run from under **Windows Settings** > **Update & security** > **Windows Defender** or from the Windows Defender client.

4
windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
View File

@ -112,10 +112,6 @@ You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-
5. Assign the profile to one or more groups.
Here's what you see in the Windows Security app:
![Turning tamper protection on in Windows 10 Enterprise](images/turnontamperprotect-enterprise.png)
### Are you using Windows OS 1709, 1803, or 1809?
If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, you can use PowerShell to determine whether tamper protection is enabled.