deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update preferences

Browse Source
This commit is contained in:
Tudor Dobrila
2020-02-18 22:51:59 -08:00
parent c9c874eb7e
commit bf5a4ff234
1 changed files with 45 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
View File

@ -75,6 +75,17 @@ Whether the antivirus engine runs in passive mode or not. In passive mode:
| **Possible values** | false (default) <br/> true | | **Possible values** | false (default) <br/> true |
| **Comments** | Available in Microsoft Defender ATP version 100.67.60 or higher. | | **Comments** | Available in Microsoft Defender ATP version 100.67.60 or higher. |
#### Exclusion merge policy
Specify the merge policy for exclusions. This can be a combination of administrator-defined and user-defined exclusions (`merge`) or only administrator-defined exclusions (`admin_only`). This setting can be used to restrict local users from defining their own exclusions.
|||
|:---|:---|
| **Key** | exclusionsMergePolicy |
| **Data type** | String |
| **Possible values** | merge (default) <br/> admin_only |
| **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
#### Scan exclusions #### Scan exclusions
Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names. Entities that have been excluded from the scan. Exclusions can be specified by full paths, extensions, or file names.
@ -128,9 +139,9 @@ Used to exclude content from the scan by file extension.
| **Possible values** | valid file extensions | | **Possible values** | valid file extensions |
| **Comments** | Applicable only if *$type* is *excludedFileExtension* | | **Comments** | Applicable only if *$type* is *excludedFileExtension* |
**Name of excluded content** **Process excluded from the scan**
Used to exclude content from the scan by file name. Specify a process for which all file activity is excluded from scanning. The process can be specified either by its name (e.g. `cat`) or full path (e.g. `/bin/cat`).
||| |||
|:---|:---| |:---|:---|
@ -148,6 +159,17 @@ List of threats (identified by their name) that are not blocked by the product a
| **Key** | allowedThreats | | **Key** | allowedThreats |
| **Data type** | Array of strings | | **Data type** | Array of strings |
#### Disallowed threat actions
Restricts the actions that the local user of a device can take when threats are detected. The actions included in this list are not displayed in the user interface.
|||
|:---|:---|
| **Key** | disallowedThreatActions |
| **Data type** | Array of strings |
| **Possible values** | allow (restricts users from allowing threats) <br/> restore (restricts users from restoring threats from the quarantine) |
| **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
#### Threat type settings #### Threat type settings
The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product. The *threatTypeSettings* preference in the antivirus engine is used to control how certain threat types are handled by the product.
@ -182,6 +204,17 @@ Action to take when coming across a threat of the type specified in the precedin
| **Data type** | String | | **Data type** | String |
| **Possible values** | audit (default) <br/> block <br/> off | | **Possible values** | audit (default) <br/> block <br/> off |
#### Threat type settings merge policy
Specify the merge policy for threat type settings. This can be a combination of administrator-defined and user-defined settings (`merge`) or only administrator-defined settings (`admin_only`). This setting can be used to restrict local users from defining their own settings for different threat types.
|||
|:---|:---|
| **Key** | threatTypeSettingsMergePolicy |
| **Data type** | String |
| **Possible values** | merge (default) <br/> admin_only |
| **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
### Cloud delivered protection preferences ### Cloud delivered protection preferences
The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product. The *cloudService* entry in the configuration profile is used to configure the cloud driven protection feature of the product.
@ -270,6 +303,7 @@ The following configuration profile contains entries for all settings described
"antivirusEngine":{ "antivirusEngine":{
"enableRealTimeProtection":true, "enableRealTimeProtection":true,
"passiveMode":false, "passiveMode":false,
"exclusionsMergePolicy":"merge",
"exclusions":[ "exclusions":[
{ {
"$type":"excludedPath", "$type":"excludedPath",
@ -284,11 +318,20 @@ The following configuration profile contains entries for all settings described
{ {
"$type":"excludedFileExtension", "$type":"excludedFileExtension",
"extension":"pdf" "extension":"pdf"
},
{
"$type":"excludedFileName",
"name":"cat"
} }
], ],
"allowedThreats":[ "allowedThreats":[
"EICAR-Test-File (not a virus)" "EICAR-Test-File (not a virus)"
], ],
"disallowedThreatActions":[
"allow",
"restore"
],
"threatTypeSettingsMergePolicy":"merge",
"threatTypeSettings":[ "threatTypeSettings":[
{ {
"key":"potentially_unwanted_application", "key":"potentially_unwanted_application",