deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

management

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire 2017-03-20 19:50:58 -07:00
parent a2c587fc8b
commit 494297b7c3
8 changed files with 347 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/keep-secure/WDAV-working/deployment-vdi-windows-defender-antivirus.md
View File

@ -168,7 +168,7 @@ The start time of the scan itself is still based on the scheduled scan policy
See [How to create and deploy antimalware policies: Advanced settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#advanced-settings) for details on configuring System Center Configuration Manager (current branch). See [How to create and deploy antimalware policies: Advanced settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#advanced-settings) for details on configuring System Center Configuration Manager (current branch).
See [Schedule scans](schedule-scans-windows-defender-antivirus.md) for other configuration options available for scheduled scans. See [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) for other configuration options available for scheduled scans.
### Use quick scans ### Use quick scans

141
windows/keep-secure/WDAV-working/manage-event-based-updates-windows-defender-antivirus.md
View File

@ -29,20 +29,151 @@ author: iaanw
- Windows Management Instruction (WMI) - Windows Management Instruction (WMI)
Windows Defender AV allows to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service. Windows Defender AV allows you to determine if updates should (or should not) occur after certain events, such as at startup or after receiving specific reports from the cloud-delivered protection service.
- Initiate definition update on startup (PS/WMI)
- Check for the latest virus and spyware definitions on startup ## Check for protection updates before running a scan
- Allow notifications to disable definitions based reports to MAPS
- Allow real-time definition updates based on reports to MAPS You can use Group Policy, Configuration Manager, PowerShell cmdlets, and WMI to force Windows Defender AV to check and download protection updates before running a scheduled scan.
**Use Group Policy to check for protection updates before running a scan:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Scan**.
6. Double-click the **Check for the latest virus and spyware definitions before running a scheduled scan** setting and set the option to **Enabled**.
7. Click **OK**.
**Use Configuration Manager to check for protection updates before running a scan:**
1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
2. Go to the **Scheduled scans** section and set **Check for the latest definition updates before running a scan** to **Yes**.
3. Click **OK**.
4. [Deploy the updated policy as usual](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
**Use PowerShell cmdlets to to check for protection updates before running a scan:**
Use the following cmdlets:
```PowerShell
Set-MpPreference -CheckForSignaturesBeforeRunningScan
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use Windows Management Instruction (WMI) to to check for protection updates before running a scan**
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties:
```WMI
CheckForSignaturesBeforeRunningScan
```
See the following for more information:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
## Check for protection updates on startup
You can use Group Policy to force Windows Defender AV to check and download protection updates when the machine is started.
**Use Group Policy to download protection updates at startup:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**.
5. Double-click the **Check for the latest virus and spyware definitions on startup** setting and set the option to **Enabled**.
6. Click **OK**.
You can also use Group Policy, PowerShell, or WMI to configure Windows Defender AV to check for updates at startup even when it is not running.
**Use Group Policy to download updates when Windows Defender AV is not present:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**.
6. Double-click the **Initiate definition update on startup** setting and set the option to **Enabled**.
7. Click **OK**.
**Use PowerShell cmdlets to download updates when Windows Defender AV is not present:**
Use the following cmdlets to enable cloud-delivered protection:
```PowerShell
Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use Windows Management Instruction (WMI) to download updates when Windows Defender AV is not present:**
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties:
```WMI
SignatureDisableUpdateOnStartupWithoutEngine
```
See the following for more information:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
<a id="cloud-report-updates"></a>
## Allow ad hoc changes to protection based on cloud-delivered protection
Windows Defender AV can make changes to its protection based on cloud-delivered protection. This can occur outside of normal or scheduled protection updates.
If you have enabled cloud-delivered protection, Windows Defender AV will send files it is suspicious about to the Windows Defender cloud. If the cloud service reports that the file is malicious, and the file is detected in a recent protection update, you can use Group Policy to configure Windows Defender AV to automatically receive that protection update. Other important protection updates can also be applied.
**Use Group Policy to automatically download recent updates based on cloud-delivered protection:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following:
1. Double-click the **Allow real-time definition updates based on reports to Microsoft MAPS** setting and set the option to **Enabled**. Click **OK**.
2. Double-click the **Allow notifications to disable definitions based reports to Microsoft MAPS** setting and set the option to **Enabled**. Click **OK**.
## Related topics ## Related topics
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
- [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) - [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) - [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)

128
windows/keep-secure/WDAV-working/manage-outdated-endpoints-windows-defender-antivirus.md
View File

@ -32,20 +32,92 @@ author: iaanw
Windows Defender AV lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. Windows Defender AV lets you define how long an endpoint can avoid an update or how many scans it can miss before it is required to update and scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis.
For example, an employee that uses a particular PC is on break for three days and does not log on to their PC during that time.
## Set up When the user returns to work and logs on to their PC, Windows Defender AV will immediately check and download the latest protection updates, and run a scan.
## Set up catch-up protection updates for endpoints that haven't updated for a while
If Windows Defender AV did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-windows-defender-antivirus.md).
**Use Group Policy to enable and configure the catch-up update feature:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**.
6. Double-click the **Define the number of days after which a catch-up definition update is required** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to check for and download the latest protection update.
7. Click **OK**.
**Use PowerShell cmdlets to configure catch-up protection updates:**
Use the following cmdlets to enable cloud-delivered protection:
```PowerShell
Set-MpPreference -SignatureUpdateCatchupInterval
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use Windows Management Instruction (WMI) to configure catch-up protection updates:**
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties:
```WMI
SignatureUpdateCatchupInterval
```
See the following for more information and allowed parameters:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
**Use Configuration Manager to configure catch-up protection updates:**
1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
2. Go to the **Definition updates** section and configure the following settings:
1. Set **Force a definition update if the client computer is offline for more than two consecutive scheduled updates** to **Yes**.
2. For the **If Configuration Manager is used as a source for definition updates...**, specify the hours before which the protection updates delivered by Configuration Manager should be considered out-of-date. This will cause the next update location to be used, based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order).
3. Click **OK**.
4. [Deploy the updated policy as usual](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
## Set the number of days before protection is reported as out-of-date
You can also specify the number of days after which Windows Defender AV protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender AV to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order).
**Use Group Policy to specify the number of days before protection is considered out-of-date:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following settings:
1. Double-click the **Define the number of days before spyware definitions are considered out of date** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to consider spyware definitions as out-of-date.
2. Click **OK**.
3. Double-click the **Define the number of days before virus definitions are considered out of date** setting and set the option to **Enabled**. Enter the number of days after which you want Windows Defender AV to consider virus and other threat definitions as out-of-date.
4. Click **OK**.
## Set up catch-up scans for endpoints that have not been scanned for a while
## Set up catch-up scans for endpoints that have not been scanned for a while (PS WMI) You can set the number of consecutive scheduled scans that can be missed before Windows Defender AV will force a scan.
You can set the number of consecutive scheduled scans that can be missed before Windows Defender AV will force a scan. This is typically encountered in mobile or shared devices that are not regularly turned on, or to account for users who have not logged on to their PC for a period of days.
For example, you have set up a scheduled quick scan to run at 1 am every day. An employee that uses a particular PC is on break for three days and does not log in to their PC.
When the user returns to work and logs in to their PC, Windows Defender AV will immediately run a quick scan.
The process for enabling this feature is: The process for enabling this feature is:
@ -65,18 +137,50 @@ This feature can be enabled for both full and quick scans.
4. Click **Policies** then **Administrative templates**. 4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivurs > Scan** and configure the following settings: 5. Expand the tree to **Windows components > Windows Defender Antivirus > Scan** and configure the following settings:
1. If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**. 1. If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**.
2. If you have set up scheduled full scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**. 2. If you have set up scheduled full scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**. Click **OK**.
3. Double-click the **Define the number of days after which a catch-up scan is forced** setting and set the option to **Enabled**. 3. Double-click the **Define the number of days after which a catch-up scan is forced** setting and set the option to **Enabled**.
4. Enter the number of scans that can be missed before a scan will be automatically run when the user next logs on to the PC. The type of scan that is run is determined by the **Specify the scan type to use for a scheduled scan** (see the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic). 4. Enter the number of scans that can be missed before a scan will be automatically run when the user next logs on to the PC. The type of scan that is run is determined by the **Specify the scan type to use for a scheduled scan** (see the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic). Click **OK**.
> [!NOTE] > [!NOTE]
> The GP setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run. > The GP setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run.
**Use PowerShell cmdlets to XX:**
Use the following cmdlets to enable cloud-delivered protection:
```PowerShell
Set-MpPreference -DisableCatchupFullScan
Set-MpPreference -DisableCatchupQuickScan
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use Windows Management Instruction (WMI) to configure catch-up scans:**
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties:
```WMI
DisableCatchupFullScan
DisableCatchupQuickScan
```
See the following for more information and allowed parameters:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
**Use Configuration Manager to configure catch-up scans:**
1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
2. Go to the **Scheduled scans** section and **Force a scan of the selected scan type if client computer is offline...** to **Yes**.
3. Click **OK**.
4. [Deploy the updated policy as usual](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
## Related topics ## Related topics

73
windows/keep-secure/WDAV-working/manage-protection-update-schedule-windows-defender-antivirus.md
View File

@ -12,7 +12,7 @@ localizationpriority: medium
author: iaanw author: iaanw
--- ---
# Manage when protection updates should be downloaded and applied # Manage the schedule for when protection updates should be downloaded and applied
**Applies to** **Applies to**
- Windows 10 - Windows 10
@ -31,14 +31,71 @@ author: iaanw
Windows Defender AV lets you determine when it should look for and download updates. Windows Defender AV lets you determine when it should look for and download updates.
You can schedule updates for your endpoints by: (WMI PS) SCCM? You can schedule updates for your endpoints by:
- Specifying the day of the week to check for definition updates (WMI PS) - Specifying the day of the week to check for protection updates
- Specifying the interval to check for definition updates - Specifying the interval to check for protection updates
- Specifying the time to check for definition updates - Specifying the time to check for protection updates
You can also randomize the times when each endpoint checks and downloads protection updates. See the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic for more information.
**Use Group Policy to schedule protection updates:**
> [!IMPORTANT]
> By default, Windows Defender AV will check for an update 15 minutes before the time of any scheduled scans. Enabling these settings will override that default.
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following settings:
1. Double-click the **Specify the interval to check for definition updates** setting and set the option to **Enabled**. Enter the nuber of hours between updates. Click **OK**.
2. Double-click the **Specify the day of the week to check for definition updates** setting and set the option to **Enabled**. Enter the day of the week to check for updates. Click **OK**.
3. Double-click the **Specify the time to check for definition updates** setting and set the option to **Enabled**. Enter the time when updates should be checked. The time is based on the local time of the endpoint. Click **OK**.
**Use Configuration Manager to schedule protection updates:**
1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
2. Go to the **Definition updates** section.
3. To check and download updates at a certain time:
1. Set **Check for Endpoint Protection definitions at a specific interval...** to **0**.
2. Set **Check for Endpoint Protection definitions daily at...** to the time when updates should be checked.
3
4. To check and download updates on a continual interval, Set **Check for Endpoint Protection definitions at a specific interval...** to the number of hours that should occur between updates.
5. [Deploy the updated policy as usual](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
**Use PowerShell cmdlets to schedule protection updates:**
Use the following cmdlets to enable cloud-delivered protection:
```PowerShell
Set-MpPreference -SignatureScheduleDay
Set-MpPreference -SignatureScheduleTime
Set-MpPreference -SignatureUpdateInterval
```
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-windows-defender-antivirus) and [Defender cmdlets](https://technet.microsoft.com/en-us/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use Windows Management Instruction (WMI) to schedule protection updates:**
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/en-us/library/dn455323(v=vs.85).aspx) class for the following properties:
```WMI
SignatureScheduleDay
SignatureScheduleTime
SignatureUpdateInterval
```
See the following for more information and allowed parameters:
- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
## Related topics ## Related topics
@ -46,3 +103,9 @@ You can schedule updates for your endpoints by: (WMI PS) SCCM?
- [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md) - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
- [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md) - [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md) - [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)

2
windows/keep-secure/WDAV-working/manage-protection-updates-windows-defender-antivirus.md
View File

@ -39,7 +39,7 @@ There are two components to managing protection updates - where the updates are
This topic describes the locations This topic describes the locations
<a id="fallback-order"></a>
## Manage the fallback order for downloading protection updates ## Manage the fallback order for downloading protection updates
There are five locations where you can specify where an endpoint should obtain updates. Typically, you would configure each endpoint to individually download the updates from a primary source and specify fallback sources in case the primary source is unavailable. There are five locations where you can specify where an endpoint should obtain updates. Typically, you would configure each endpoint to individually download the updates from a primary source and specify fallback sources in case the primary source is unavailable.

20
windows/keep-secure/WDAV-working/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
View File

@ -48,8 +48,22 @@ This means that protection updates can be delivered to devices (via Microsoft Up
You can opt-in to Microsoft Update on the mobile device in one of the following ways: You can opt-in to Microsoft Update on the mobile device in one of the following ways:
1. Use a VBScript to create a script, then run it on each computer in your network. 1. Change the setting with Group Policy
2. Manually opt-in every computer on your network through the **Settings** menu. 2. Use a VBScript to create a script, then run it on each computer in your network.
3. Manually opt-in every computer on your network through the **Settings** menu.
**Use Group Policy to opt-in to Microsoft Update:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**.
6. Double-click the **Allow definition updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**.
**Use a VBScript to opt-in to Microsoft Update** **Use a VBScript to opt-in to Microsoft Update**
@ -75,7 +89,7 @@ You can configure Windows Defender AV to only download protection updates when t
4. Click **Policies** then **Administrative templates**. 4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivurs > Signature Updates** and configure the following setting: 5. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following setting:
1. Double-click the **Allow definition updates when running on battery power** setting and set the option to **Disabled**. 1. Double-click the **Allow definition updates when running on battery power** setting and set the option to **Disabled**.
2. Click **OK**. This will prevent protection updates from downloading when the PC is on battery power. 2. Click **OK**. This will prevent protection updates from downloading when the PC is on battery power.

49
windows/keep-secure/WDAV-working/scheduled-catch-up-scans-windows-defender-antivirus.md
View File

@ -12,7 +12,7 @@ localizationpriority: medium
author: iaanw author: iaanw
--- ---
# Configure scheduled and catch-up scanning options # Schedule scans
**Applies to** **Applies to**
- Windows 10 - Windows 10
@ -30,52 +30,11 @@ author: iaanw
Windows Defender AV lets you define how many scheduled scans an endpoint can miss before it is required to scan itself. This is especially useful in environments where devices are not often connected to a corporate or external network, or devices that are not used on a daily basis. > [!IMPORTANT]
> By default, Windows Defender AV will check for an update 15 minutes before the time of any scheduled scans. You can [Manage the schedule for when protection updates should be downloaded and applied](manage-protection-update-schedule-windows-defender-antivirus.md) to override this default.
You can manage the following options with Group Policy, System Center Configuration Manager, Powershell cmdlets, and WMI classes:
- Define the number of days before an endpoint has outdated protection (PS WMI)
- Define the number of days after which a catch-up update must occur (PS WMI)
## Define the number of days before an endpoint has outdated protection (PS WMI)
You can set the number of consecutive scheduled scans that can be missed before Windows Defender AV will force a scan. This is typically encountered in mobile or shared devices that are not regularly turned on, or to account for users who have not logged on to their PC for a period of days.
For example, you have set up a scheduled quick scan to run at 1 am every day. An employee that uses a particular PC is on break for three days and does not log in to their PC.
When the user returns to work and logs in to their PC, Windows Defender AV will immediately run a quick scan.
The process for enabling this feature is:
1. Set up at least one scheduled scan
2. Enable the catch-up scan feature
3. Define the number of scans that can be skipped before a catch-up scan occurs
This feature can be enabled for both full and quick scans.
RANDOMIZE
**Use Group Policy to enable and configure the catch-up scan feature:**
1. Ensure you have set up at least one scheduled scan.
2. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivurs > Scan** and configure the following settings:
1. If you have set up scheduled quick scans, double-click the **Turn on catch-up quick scan** setting and set the option to **Enabled**.
2. If you have set up scheduled quick scans, double-click the **Turn on catch-up full scan** setting and set the option to **Enabled**.
3. Double-click the **Define the number of days after which a catch-up scan is forced** setting and set the option to **Enabled**.
4. Enter the number of scans that can be missed before a scan will be automatically run when the user next logs on to the PC. If you have set up scheduled quick scans, a quick scan will be run; if you have set up scheduled full scans, a full scan will be run.
> [!NOTE]
> The GP setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run.

5
windows/keep-secure/WDAV-working/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
View File

@ -29,7 +29,7 @@ Cloud-delivered protection for Windows Defender Antivirus, also referred to as M
>[!NOTE] >[!NOTE]
>The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates. >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional signature updates.
Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver; our cloud service can deliver updated protection in seconds. Enabling cloud-delivered protection helps detect and block new malware - even if the malware has never been seen before - without needing to wait for a traditionally delivered definition update to block it. Definition updates can take hours to prepare and deliver, while our cloud service can deliver updated protection in seconds.
Cloud-delivered protecton is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies. Cloud-delivered protecton is enabled by default, however you may need to re-enable it if it has been disabled as part of previous organizational policies.
@ -43,6 +43,9 @@ Reporting level (MAPS membership level) | Basic, Advanced | Advanced | Advanced
Block at first sight availability | No | Yes | Yes | Not configurable | Configurable | No Block at first sight availability | No | Yes | Yes | Not configurable | Configurable | No
Cloud block timeout period | No | No | Configurable | Not configurable | Configurable | No Cloud block timeout period | No | No | Configurable | Not configurable | Configurable | No
You can also [configure Windows Defender AV to automatically receive new protection updates based on reports from our cloud service](manage-event-based-updates-windows-defender-antivirus.md#cloud-report-updates).
## In this section ## In this section
Topic | Description Topic | Description