deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

BAFS - edit for review of GP and regkey; EN - edit for review of GP enable vs disable

Browse Source
This commit is contained in:
Iaan 2016-08-08 13:00:31 -07:00
parent 7714f78acb
commit ba254945bc
2 changed files with 43 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
windows/keep-secure/windows-defender-block-at-first-sight.md
View File

@ -20,9 +20,9 @@ author: iaanw
Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds.
You can enable Block at First Sight with Group Policy or individually on endpoints.
It is enabled by default when certain pre-requisite settings are also enabled.
## Backend processing and near-instant determinations
## How it works
When a Windows Defender client encounters a suspicious but previously undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
@ -79,6 +79,10 @@ Block at First Sight requires a number of Group Policy settings to be configured
**Enable Block at First Sight with Group Policy**
The Block at First Sight feature is automatically enabled when the pre-requisite settings have been applied.
You can manually disable the feature. You might want to do this so you can turn off the feature but still retain the pre-requisite settings.
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
@ -87,16 +91,16 @@ Block at First Sight requires a number of Group Policy settings to be configured
5. Expand the tree through **Windows components > Windows Defender > MAPS**.
1. Double-click the **Configure the Block at First Sight feature** setting and set the option to **Enabled**.
1. Double-click the **Configure the Block at First Sight feature** setting and set the option to **Disabled**.
> [!NOTE]
> The Block at First Sight feature will not function if the pre-requisite group policies have not been correctly set.
> Disabling the Block at First Sight feature will not disable or alter the pre-requisite group policies.
### Manually enable Block at First Sight on individual clients
To configure un-managed clients that are running Windows 10, Block at First Sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
Block at First Sight is automatically enabled on un-managed clients that are running Windows 10, as long as **Cloud-based protection** and **Automatic sample submission** are both turned on. You can manually disable the feature on individual endpoints.
**Enable Block at First Sight on individual clients**
**Disable Block at First Sight on individual clients**
1. Open Windows Defender settings:
@ -104,7 +108,7 @@ To configure un-managed clients that are running Windows 10, Block at First Sigh
b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**.
2. Switch **Cloud-based Protection** and **Automatic sample submission** to **On**.
2. Switch **Cloud-based Protection** and **Automatic sample submission** to **Off**.
> [!NOTE]
> These settings will be overridden if the network administrator has configured their associated Group Policies. The settings will appear grayed out and you will not be able to modify them if they are being managed by Group Policy.

34
windows/keep-secure/windows-defender-enhanced-notifications.md
View File

@ -22,9 +22,9 @@ In Windows 10, application notifications about malware detection and remediation
Notifications will appear on endpoints when manually triggered and scheduled scans are completed and threats are detected. These notifications will also be seen in the **Notification Center**, and a summary of scans and threat detections will also appear at regular time intervals.
You can enable and disable enhanced notifications with the registry or in Windows Settings.
You can enable and disable enhanced notifications with the registry or in Windows Settings.
## Configure enhanced notifications
## Disable notifications
You can disable enhanced notifications on individual endpoints in Windows Settings.
@ -39,6 +39,36 @@ You can disable enhanced notifications on individual endpoints in Windows Settin
![Windows Defender enhanced notifications](images/defender/enhanced-notifications.png)
**Use Group Policy to disable Windows Defender notifications:**
1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
3. In the **Group Policy Management Editor** go to **Computer configuration**.
4. Click **Policies** then **Administrative templates**.
5. Expand the tree to **Windows components > Windows Defender > Client Interface** and configure the following settings:
1. Double-click the **Suppress all notifications** setting and set the option to **Enabled**. Click **OK**. This will disable all notifications shown by the Windows Defender client.
1. Double-click the **Suppresses reboot notifications** setting and set the option to **Enabled**. Click **Ok**. This will disable notifications that ask the endpoint user to reboot the machine to perform additional cleaning.
>[!NOTE]
>Usually, users are asked to reboot the endpoint to perform a scan with Windows Defender Offline. For details on performing offline scans, see the [Windows Defender Offline](windows-defender-offline.md#manage-notifications) topic.
**Use the registry to disable Windows Defender enhanced notifications:**
1. Click **Start**, type `Run`, and press **Enter**.
2. From the **Run** dialog box, type `regedit` and press **Enter**.
3. In the Registry Editor navigate to the following key:
```
HKLM\Software\Policies\Microsoft\Windows Defender
```
4. Right-click the Windows Defender key and add a new key. Name it `Features`.
5. Right-click the **Features** key you created and select **New** then **DWORD (32-bit) Value**. Name the value `DisableEnhancedNotifications`.
6. Double-click the **DisableEnhancedNotifications** value and set it to `1`.
## Related topics
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)