deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 05:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updates for content reorg.

Browse Source
This commit is contained in:
Andrea Bichsel 2018-08-09 10:55:36 -07:00
parent 2ba0c202a6
commit 58533be489
4 changed files with 59 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
View File

@ -1,5 +1,5 @@
---
title: Collect diagnostic data for Update Compliance and Windows Defender AV
title: Collect diagnostic data for Update Compliance and antivirus
description: Use a tool to collect data to troubleshoot Update Compliance issues when using the Windows Defender AV Assessment add in
keywords: troubleshoot, error, fix, update compliance, oms, monitor, report, windows defender av
search.product: eADQiWindows 10XVcnh
@ -16,18 +16,9 @@ ms.date: 09/12/2017
# Collect Update Compliance diagnostic data for Windows Defender AV Assessment
**Applies to:**
- Windows 10
**Audience**
- IT administrators
This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
Before attempting this process, ensure you have read the [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md) topic, met all require pre-requisites, and taken any other suggested troubleshooting steps.
Before attempting this process, ensure you have read [Troubleshoot antivirus reporting](troubleshoot-reporting.md), met all require pre-requisites, and taken any other suggested troubleshooting steps.
1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
@ -57,20 +48,16 @@ Before attempting this process, ensure you have read the [Troubleshoot Windows D
3. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
```
I am encountering the following issue when using Windows Defender AV in Update Compliance:
I am encountering the following issue when using antivirus in Update Compliance:
I have provided at least 2 support .cab files at the following location: <accessible share, including access details such as password>
My OMS workspace ID is:
My OMS workspace ID is:
Please contact me at:
Please contact me at:
```
## Related topics
- [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md)

30
windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
View File

@ -1,6 +1,6 @@
---
title: Use the command line to manage Windows Defender AV
description: Windows Defender AV has a dedicated command-line utility that can run scans and configure protection.
title: Use the command line to manage antivirus
description: Run antivirus scans and configure next gen protection with a dedicated command-line utility.
keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
@ -11,31 +11,20 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 08/26/2017
ms.date: 09/01/2018
---
# Configure and manage antivirus with the mpcmdrun.exe command-line tool
# Use the mpcmdrun.exe command-line tool to configure and manage Windows Defender Antivirus
You can perform various antivirus functions with the dedicated command-line tool mpcmdrun.exe.
**Applies to:**
This utility can be useful when you want to automate antivirus use.
- Windows 10
**Audience**
- Enterprise security administrators
You can use a dedicated command-line tool to perform various functions in Windows Defender Antivirus.
This utility can be useful when you want to automate the use of Windows Defender Antivirus.
The utility is available in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_ and must be run from a command prompt.
You can find the utility in _%ProgramFiles%\Windows Defender\MpCmdRun.exe_. You must run it from a command prompt.
> [!NOTE]
> You may need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
The utility has the following commands:
```DOS
@ -55,12 +44,7 @@ Command | Description
\-ValidateMapsConnection | Used to validate connection to the [cloud-delivered protection service](configure-network-connections-windows-defender-antivirus.md)
\-SignatureUpdate [-UNC [-Path <path>]] | Checks for new definition updates
## Related topics
- [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)

30
windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
View File

@ -14,33 +14,25 @@ ms.author: v-anbic
ms.date: 03/01/2018
---
# Manage Windows Defender AV in your business
# Manage antivirus in your business
**Applies to:**
- Windows 10
**Audience**
- Enterprise security administrators
You can manage and configure Windows Defender Antivirus with the following tools:
You can manage and configure antivirus with the following tools:
- Microsoft Intune
- System Center Configuration Manager
- Group Policy
- System Center Configuration Manager and Microsoft Intune
- PowerShell cmdlets
- Windows Management Instruction (WMI)
- The mpcmdrun.exe utility
The topics in this section provide further information, links, and resources for using these tools in conjunction with Windows Defender AV.
The topics in this section provide further information, links, and resources for using these tools to manage and configure antivirus.
## In this section
Topic | Description
Topic | Description
---|---
[Use Group Policy settings to configure and manage Windows Defender AV](use-group-policy-windows-defender-antivirus.md)|List of all Group Policy settings located in the Windows 10, version 1703 ADMX templates
[Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](use-intune-config-manager-windows-defender-antivirus.md)|Information on using System Center Configuration Manager and Microsoft Intune to deploy, manage, report, and configure Windows Defender AV
[Use PowerShell cmdlets to configure and manage Windows Defender AV](use-powershell-cmdlets-windows-defender-antivirus.md)|Instructions on using PowerShell cmdlets in the Defender Module and links to documentation for all cmdlets and allowed parameters
[Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](use-wmi-windows-defender-antivirus.md)| Instructions on using WMI to manage Windows Defender AV and links to documentation for the Windows Defender WMIv2 APIs (including all classes, methods, and properties)
[Use the mpcmdrun.exe command-line tool to configure and manage Windows Defender Antivirus](command-line-arguments-windows-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use Windows Defender AV
[Manage antivirus with Microsoft Intune and System Center Configuration Manager](use-intune-config-manager-windows-defender-antivirus.md)|Information about using Intune and System Center Configuration Manager to deploy, manage, report, and configure antivirus
[Manage antivirus with Group Policy settings](use-group-policy-windows-defender-antivirus.md)|List of all Group Policy settings located in ADMX templates
[Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md)|Instructions for using PowerShell cmdlets to manage antivirus, plus links to documentation for all cmdlets and allowed parameters
[Manage antivirus with Windows Management Instrumentation (WMI)](use-wmi-windows-defender-antivirus.md)| Instructions for using WMI to manage antivirus, plus links to documentation for the WMIv2 APIs (including all classes, methods, and properties)
[Manage antivirus with the mpcmdrun.exe command-line tool](command-line-arguments-windows-defender-antivirus.md)|Instructions on using the dedicated command-line tool to manage and use antivirus

73
windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
View File

@ -15,38 +15,37 @@ ms.date: 07/10/2018
---
# Configure scanning options in Windows Defender AV
**Applies to**
- Windows 10
**Audience**
- Enterprise security administrators
# Configure antivirus scanning options
**Manageability available with**
- Microsoft Intune
- System Center Configuration Manager
- Group Policy
- PowerShell
- Windows Management Instrumentation (WMI)
- System Center Configuration Manager
- Microsoft Intune
**Use Microsoft Intune to configure scanning options**
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
<a id="ref1"></a>
**Use Configuration Manager to configure scanning options:**
See [How to create and deploy antimalware policies: Scan settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch).
**Use Group Policy to configure scanning options**
To configure the Group Policy settings described in the following table:
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
3. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
6. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings.
See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx).
4. Double-click the policy **Setting** as specified in the table below, and set the option to your desired configuration. Click **OK**, and repeat for any other settings.
Description | Location and setting | Default setting (if not configured) | PowerShell `Set-MpPreference` parameter or WMI property for `MSFT_MpPreference` class
---|---|---|---
@ -61,42 +60,42 @@ Specify the level of subfolders within an archive folder to scan | Scan > Specif
Specify the maximum CPU load (as a percentage) during a scan. Note: This is not a hard limit but rather a guidance for the scanning engine to not exceed this maximum on average. | Scan > Specify the maximum percentage of CPU utilization during a scan | 50 | `-ScanAvgCPULoadFactor`
Specify the maximum size (in kilobytes) of archive files that should be scanned. The default, **0**, applies no limit | Scan > Specify the maximum size of archive files to be scanned | No limit | Not available
**Use Configuration Manager to configure scanning options:**
**Use PowerShell to configure scanning options**
See [How to create and deploy antimalware policies: Scan settings]( https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#scan-settings) for details on configuring System Center Configuration Manager (current branch).
See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
**Use WMI to configure scanning options**
**Use Microsoft Intune to configure scanning options**
For using WMI classes, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx).
See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
<a id="ref1"></a>
### Email scanning limitations
We recommend using [always-on real-time protection](configure-real-time-protection-windows-defender-antivirus.md) to protect against email-based malware.
Always-on protection scans emails as they arrive and as they are manipulated, just like normal files in the operating system. This provides the strongest form of protection and is the recommended setting for scanning emails.
You can use this Group Policy to also enable scanning of older email files used by Outlook 2003 and older during on-demand and scheduled scans. Embedded objects within an email file (such as attachments and archived files) are also scanned. The following file format types can be scanned and remediated:
You can also use this Group Policy to enable scanning of older email files used by Outlook 2003 and older during on-demand and scheduled scans. Embedded objects within an email file (such as attachments and archived files) are also scanned. The following file format types can be scanned and remediated:
- DBX
- MBX
- MIME
PST files used by Outlook 2003 or older (where the archive type is set to non-unicode) can also be scanned, but Windows Defender cannot remediate threats detected inside PST files. This is another reason why we recommend using [always-on real-time protection](configure-real-time-protection-windows-defender-antivirus.md) to protect against email-based malware.
If Windows Defender Antivirus detects a threat inside an email, it will show you the following information to assist you in identifying the compromised email, so you can remediate the threat:
- Email subject
- Attachment name
If antivirus detects a threat inside an email, it will show you the following information to assist you in identifying the compromised email, so you can remediate the threat:
- Email subject
- Attachment name
>[!WARNING]
>There are some risks associated with scanning some Microsoft Outlook files and email messages. You can read about tips and risks associated with scanning Outlook files and email messages in the following articles:
- [Scanning Outlook files in Outlook 2013](https://technet.microsoft.com/library/dn769141.aspx#bkmk-1)
- [Scanning email messages in Outlook 2013](https://technet.microsoft.com/library/dn769141.aspx#bkmk-2)
>
> - [Scanning Outlook files in Outlook 2013](https://technet.microsoft.com/library/dn769141.aspx#bkmk-1)
> - [Scanning email messages in Outlook 2013](https://technet.microsoft.com/library/dn769141.aspx#bkmk-2)
## Related topics
- [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
- [Configure and run on-demand Windows Defender AV scans](run-scan-windows-defender-antivirus.md)
- [Configure scheduled scans for Windows Defender AV](scheduled-catch-up-scans-windows-defender-antivirus.md)
- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Customize, initiate, and review the results of antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
- [Configure and run on-demand antivirus scans](run-scan-windows-defender-antivirus.md)
- [Configure scheduled antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md)
- [Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)