From 4dc4089511dbbfdd6260b835f2449f2a4b39ccf2 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Tue, 17 Nov 2020 16:55:19 -0800 Subject: [PATCH] Added new policies --- .../mdm/policy-csp-admx-windowsdefender.md | 1192 +++++++++++++++-- 1 file changed, 1071 insertions(+), 121 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md index 70f168574e..d935313482 100644 --- a/windows/client-management/mdm/policy-csp-admx-windowsdefender.md +++ b/windows/client-management/mdm/policy-csp-admx-windowsdefender.md @@ -116,19 +116,19 @@ manager: dansimp ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification
- ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable + ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable
- ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize + ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring + ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection + ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection
- ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection + ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection
ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring @@ -194,7 +194,7 @@ manager: dansimp ADMX_WindowsDefender/Scan_DisableCatchupFullScan
- Scan_DisableCatchupQuickScan/ProxyBypass + ADMX_WindowsDefender/Scan_DisableCatchupQuickScan
ADMX_WindowsDefender/Scan_DisableEmailScanning @@ -1290,7 +1290,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_AllowedApplications** @@ -1333,11 +1333,24 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. Add additional applications that should be considered "trusted" by controlled folder access. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +These applications are allowed to modify or delete files in controlled folder access folders. -If you disable this setting, the antimalware service will load as a low priority task. +Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add additional applications. + +Enabled: +Specify additional allowed applications in the Options section.. + +Disabled: +No additional applications will be added to the trusted list. + +Not configured: +Same as Disabled. + +You can enable controlled folder access in the Configure controlled folder access GP setting. + +Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting. > [!TIP] @@ -1349,8 +1362,634 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Configure allowed applications* +- GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable controlled folder access for untrusted applications. You can choose to block, audit, or allow attempts by untrusted apps to: + +- Modify or delete files in protected folders, such as the Documents folder +- Write to disk sectors + +You can also choose to only block or audit writes to disk sectors while still allowing the modification or deletion of files in protected folders. + +Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting. +Default system folders are automatically protected, but you can add folders in the Configure protected folders GP setting. + +Block: +The following will be blocked: + +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors + +The Windows event log will record these blocks under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. + +Disabled: +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors + +These attempts will not be recorded in the Windows event log. + +Audit Mode: +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to modify or delete files in protected folders +- Attempts by untrusted apps to write to disk sectors + +The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124. + +Block disk modification only: +The following will be blocked: + +- Attempts by untrusted apps to write to disk sectors + +The Windows event log will record these attempts under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1123. + +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to modify or delete files in protected folders +These attempts will not be recorded in the Windows event log. + +Audit disk modification only: +The following will not be blocked and will be allowed to run: + +- Attempts by untrusted apps to write to disk sectors +- Attempts by untrusted apps to modify or delete files in protected folders +Only attempts to write to protected disk sectors will be recorded in the Windows event log (under Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational > ID 1124). +Attempts to modify or delete files in protected folders will not be recorded. + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure Controlled folder access* +- GP name: *ExploitGuard_ControlledFolderAccess_EnableControlledFolderAccess* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_ControlledFolderAccess_ProtectedFolders** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Specify additional folders that should be guarded by the Controlled folder access feature. + +Files in these folders cannot be modified or deleted by untrusted applications. + +Default system folders are automatically protected. You can configure this setting to add additional folders. +The list of default system folders that are protected is shown in Windows Security. + +Enabled: +Specify additional folders that should be protected in the Options section. + +Disabled: +No additional folders will be protected. + +Not configured: +Same as Disabled. + +You can enable controlled folder access in the Configure controlled folder access GP setting. + +Microsoft Defender Antivirus automatically determines which applications can be trusted. You can add additional trusted applications in the Configure allowed applications GP setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure protected folders* +- GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ExploitGuard_EnableNetworkProtection** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. + +Enabled: +Specify the mode in the Options section: + +- Block: Users and applications will not be able to access dangerous domains +- Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs. + +Disabled: +Users and applications will not be blocked from connecting to dangerous domains. + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Prevent users and apps from accessing dangerous websites* +- GP name: *ExploitGuard_EnableNetworkProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/MpEngine_EnableFileHashComputation** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. Enable or disable file hash computation feature. + +Enabled: +When this feature is enabled Microsoft Defender will compute hash value for files it scans. + +Disabled: +File hash value is not computed + +Not configured: +Same as Disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Enable file hash computation feature* +- GP name: *MpEngine_EnableFileHashComputation* +- GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Nis_Consumers_IPS_DisableSignatureRetirement** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. + +If you enable or do not configure this setting, definition retirement will be enabled. + +If you disable this setting, definition retirement will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on definition retirement* +- GP name: *Nis_Consumers_IPS_DisableSignatureRetirement* +- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a definition set GUID. As an example, the definition set GUID to enable test security intelligence is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is recommended that this be set to 0. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify additional definition sets for network traffic inspection* +- GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid* +- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Nis_DisableProtocolRecognition** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities. + +If you enable or do not configure this setting, protocol recognition will be enabled. + +If you disable this setting, protocol recognition will be disabled. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Turn on protocol recognition* +- GP name: *Nis_DisableProtocolRecognition* +- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/ProxyBypass** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified IP addresses. The address value should be entered as a valid URL. + +If you enable this setting, the proxy server will be bypassed for the specified addresses. + +If you disable or do not configure this setting, the proxy server will not be bypassed for the specified addresses. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Define addresses to bypass proxy server* +- GP name: *ProxyBypass* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1359,7 +1998,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/ProxyPacUrl** @@ -1402,11 +2041,17 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for security intelligence updates and MAPS reporting. If the proxy auto-config fails or if there is no proxy auto-config specified, the client will fall back to the alternative options (in order): -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +1. Proxy server (if specified) +2. Proxy .pac URL (if specified) +3. None +4. Internet Explorer proxy settings +5. Autodetect -If you disable this setting, the antimalware service will load as a low priority task. +If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above. + +If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above. > [!TIP] @@ -1418,8 +2063,8 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Define proxy auto-config (.pac) for connecting to the network* +- GP name: *ProxyPacUrl* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1428,7 +2073,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/ProxyServer**
@@ -1471,11 +2116,17 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the network for security intelligence updates and MAPS reporting. If the named proxy fails or if there is no proxy specified, the client will fall back to the alternative options (in order): -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +1. Proxy server (if specified) +2. Proxy .pac URL (if specified) +3. None +4. Internet Explorer proxy settings +5. Autodetect -If you disable this setting, the antimalware service will load as a low priority task. +If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded with either http:// or https://. + +If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order specified above. > [!TIP] @@ -1487,8 +2138,8 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Define proxy server for connecting to the network* +- GP name: *ProxyServer* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1497,7 +2148,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
@@ -1540,11 +2191,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantine folder before being removed. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -1556,8 +2207,146 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* +- GP English name: *Configure local setting override for the removal of items from Quarantine folder* +- GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Quarantine_PurgeItemsAfterDelay** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the number of days items should be kept in the Quarantine folder before being removed. + +If you enable this setting, items will be removed from the Quarantine folder after the number of days specified. + +If you disable or do not configure this setting, items will be kept in the quarantine folder indefinitely and will not be automatically removed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure removal of items from Quarantine folder* +- GP name: *Quarantine_PurgeItemsAfterDelay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/RandomizeScheduleTaskTimes** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled security intelligence update start time. This setting is used to distribute the resource impact of scanning. For example, it could be used in guest virtual machines sharing a host, to prevent multiple guest virtual machines from undertaking a disk-intensive operation at the same time. + +If you enable or do not configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start time. + +If you disable this setting, scheduled tasks will begin at the specified start time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Randomize scheduled task times* +- GP name: *RandomizeScheduleTaskTimes* - GP path: *Windows Components\Microsoft Defender Antivirus* - GP ADMX file name: *WindowsDefender.admx* @@ -1566,7 +2355,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableBehaviorMonitoring** @@ -1609,11 +2398,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure behavior monitoring. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, behavior monitoring will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, behavior monitoring will be disabled. > [!TIP] @@ -1625,9 +2414,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Turn on behavior monitoring* +- GP name: *RealtimeProtection_DisableBehaviorMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1635,7 +2424,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableIOAVProtection**
@@ -1678,11 +2467,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure scanning for all downloaded files and attachments. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, scanning for all downloaded files and attachments will be disabled. > [!TIP] @@ -1694,9 +2483,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Scan all downloaded files and attachments* +- GP name: *RealtimeProtection_DisableIOAVProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1704,7 +2493,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableOnAccessProtection**
@@ -1747,11 +2536,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for file and program activity. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, monitoring for file and program activity will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, monitoring for file and program activity will be disabled. > [!TIP] @@ -1763,9 +2552,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Monitor file and program activity on your computer* +- GP name: *RealtimeProtection_DisableOnAccessProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1773,7 +2562,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableRawWriteNotification**
@@ -1816,11 +2605,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether raw volume write notifications are sent to behavior monitoring. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, raw write notifications will be enabled. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, raw write notifications be disabled. > [!TIP] @@ -1832,9 +2621,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Turn on raw volume write notifications* +- GP name: *RealtimeProtection_DisableRawWriteNotification* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1842,7 +2631,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_DisableScanOnRealtimeEnable**
@@ -1885,11 +2674,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malware which could start when real-time protection is turned off. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable or do not configure this setting, a process scan will be initiated when real-time protection is turned on. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable this setting, a process scan will not be initiated when real-time protection is turned on. > [!TIP] @@ -1901,9 +2690,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Turn on process scanning whenever real-time protection is enabled* +- GP name: *RealtimeProtection_DisableScanOnRealtimeEnable* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1911,7 +2700,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_IOAVMaxSize**
@@ -1954,11 +2743,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, a default size will be applied. > [!TIP] @@ -1970,9 +2759,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Define the maximum size of downloaded files and attachments to be scanned* +- GP name: *RealtimeProtection_IOAVMaxSize* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -1980,7 +2769,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
@@ -2023,11 +2812,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2039,9 +2828,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for turn on behavior monitoring* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2049,7 +2838,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
@@ -2092,11 +2881,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2108,9 +2897,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for scanning all downloaded files and attachments* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2118,7 +2907,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
@@ -2161,11 +2950,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2177,9 +2966,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for monitoring file and program activity on your computer* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2187,7 +2976,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
@@ -2230,11 +3019,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2246,9 +3035,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override to turn on real-time protection* +- GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2256,7 +3045,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
@@ -2299,11 +3088,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2315,9 +3104,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for monitoring for incoming and outgoing file activity* +- GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2325,7 +3114,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/RealtimeProtection_RealtimeScanDirection**
@@ -2368,11 +3157,21 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring entirely. It is recommended for use on servers where there is a lot of incoming and outgoing file activity but for performance reasons need to have scanning disabled for a particular scan direction. The appropriate configuration should be evaluated based on the server role. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +Note that this configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present on those volumes. -If you disable this setting, the antimalware service will load as a low priority task. +The options for this setting are mutually exclusive: + +- 0 = Scan incoming and outgoing files (default) +- 1 = Scan incoming files only +- 2 = Scan outgoing files only + +Any other value, or if the value does not exist, resolves to the default (0). + +If you enable this setting, the specified type of monitoring will be enabled. + +If you disable or do not configure this setting, monitoring for incoming and outgoing files will be enabled. > [!TIP] @@ -2384,9 +3183,9 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure monitoring for incoming and outgoing file and program activity* +- GP name: *RealtimeProtection_RealtimeScanDirection* +- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection* - GP ADMX file name: *WindowsDefender.admx* @@ -2394,7 +3193,7 @@ ADMX Info:
-**ADMX_WindowsDefender/AllowFastServiceStartup** +**ADMX_WindowsDefender/Remediation_LocalSettingOverrideScan_ScheduleTime**
@@ -2437,11 +3236,11 @@ ADMX Info: -Available in the latest Windows 10 Insider Preview Build. This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service startup, but may impact performance. +Available in the latest Windows 10 Insider Preview Build. This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remediation. This setting can only be set by Group Policy. -If you enable or do not configure this setting, the antimalware service will load as a normal priority task. +If you enable this setting, the local preference setting will take priority over Group Policy. -If you disable this setting, the antimalware service will load as a low priority task. +If you disable or do not configure this setting, Group Policy will take priority over the local preference setting. > [!TIP] @@ -2453,14 +3252,165 @@ If you disable this setting, the antimalware service will load as a low priority ADMX Info: -- GP English name: *Allow antimalware service to startup with normal priority* -- GP name: *AllowFastServiceStartup* -- GP path: *Windows Components\Microsoft Defender Antivirus* +- GP English name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation* +- GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* - GP ADMX file name: *WindowsDefender.admx*
+ + +**ADMX_WindowsDefender/Remediation_Scan_ScheduleDay** + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete remediation. The scan can also be configured to run every day or to never run at all. + +This setting can be configured with the following ordinal number values: + +- (0x0) Every Day +- (0x1) Sunday +- (0x2) Monday +- (0x3) Tuesday +- (0x4) Wednesday +- (0x5) Thursday +- (0x6) Friday +- (0x7) Saturday +- (0x8) Never (default) + +If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified. + +If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default frequency. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the day of the week to run a scheduled full scan to complete remediation* +- GP name: *Remediation_Scan_ScheduleDay* +- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ + +**ADMX_WindowsDefender/Remediation_Scan_ScheduleTime** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time on the computer where the scan is executing. + +If you enable this setting, a scheduled full scan to complete remediation will run at the time of day specified. + +If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default time. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Specify the time of day to run a scheduled full scan to complete remediation* +- GP name: *Remediation_Scan_ScheduleTime* +- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation* +- GP ADMX file name: *WindowsDefender.admx* + + + +
+ Footnotes: - 1 - Available in Windows 10, version 1607.