deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated Intune instructions.

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC)
2018-05-02 10:33:30 -07:00
parent 0241bf0e5a
commit 4743fe3434
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
View File

@ -11,13 +11,9 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 04/30/2018 ms.date: 05/02/2018
--- ---
# Enable the Block at First Sight feature # Enable the Block at First Sight feature
**Applies to** **Applies to**
@ -30,6 +26,7 @@ ms.date: 04/30/2018
**Manageability available with** **Manageability available with**
- Intune
- Group Policy - Group Policy
- Windows Defender Security Center app - Windows Defender Security Center app
@ -58,8 +55,6 @@ In Windows 10, version 1803, the Block at First Sight feature can now block non-
The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file. The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe.
In many cases this process can reduce the response time for new malware from hours to seconds. In many cases this process can reduce the response time for new malware from hours to seconds.
@ -69,6 +64,23 @@ In many cases this process can reduce the response time for new malware from hou
Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks. Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
### Confirm Block at First Sight is enabled with Intune
1. In Intune, navigate to **Device configuration - Profiles | <Profile name> | Device restrictions | Windows Defender Antivirus**.
> [!NOTE]
> The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
2. Verify these settings are configured as follows:
- **Cloud-delivered protection**: **Enable**
- **File Blocking Level**: **High**
- **Time extension for file scanning by the cloud**: **50**
- **Prompt users before sample submission**: **Send all data without prompting**
For more information about configuring Windows Defender AV device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
For a list of Windows Defender AV device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus).
### Confirm Block at First Sight is enabled with Group Policy ### Confirm Block at First Sight is enabled with Group Policy