mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 05:47:23 +00:00
Merged PR 7735: Added Intune procedure, fixed link
This commit is contained in:
Andrea Bichsel (Aquent LLC)
commit
f4858b5d1f
@ -11,13 +11,9 @@ ms.pagetype: security
|
|||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
author: andreabichsel
|
author: andreabichsel
|
||||||
ms.author: v-anbic
|
ms.author: v-anbic
|
||||||
ms.date: 04/30/2018
|
ms.date: 05/02/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Enable the Block at First Sight feature
|
# Enable the Block at First Sight feature
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
@ -30,6 +26,7 @@ ms.date: 04/30/2018
|
|||||||
|
|
||||||
**Manageability available with**
|
**Manageability available with**
|
||||||
|
|
||||||
|
- Intune
|
||||||
- Group Policy
|
- Group Policy
|
||||||
- Windows Defender Security Center app
|
- Windows Defender Security Center app
|
||||||
|
|
||||||
@ -58,8 +55,6 @@ In Windows 10, version 1803, the Block at First Sight feature can now block non-
|
|||||||
|
|
||||||
The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
|
The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe.
|
If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe.
|
||||||
|
|
||||||
In many cases this process can reduce the response time for new malware from hours to seconds.
|
In many cases this process can reduce the response time for new malware from hours to seconds.
|
||||||
@ -69,6 +64,23 @@ In many cases this process can reduce the response time for new malware from hou
|
|||||||
|
|
||||||
Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
|
Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
|
||||||
|
|
||||||
|
### Confirm Block at First Sight is enabled with Intune
|
||||||
|
|
||||||
|
1. In Intune, navigate to **Device configuration - Profiles > *Profile name* > Device restrictions > Windows Defender Antivirus**.
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
|
||||||
|
|
||||||
|
2. Verify these settings are configured as follows:
|
||||||
|
|
||||||
|
- **Cloud-delivered protection**: **Enable**
|
||||||
|
- **File Blocking Level**: **High**
|
||||||
|
- **Time extension for file scanning by the cloud**: **50**
|
||||||
|
- **Prompt users before sample submission**: **Send all data without prompting**
|
||||||
|
|
||||||
|
For more information about configuring Windows Defender AV device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
|
||||||
|
|
||||||
|
For a list of Windows Defender AV device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus).
|
||||||
|
|
||||||
|
|
||||||
### Confirm Block at First Sight is enabled with Group Policy
|
### Confirm Block at First Sight is enabled with Group Policy
|
||||||
@ -113,7 +125,7 @@ The feature is automatically enabled as long as **Cloud-based protection** and *
|
|||||||
|
|
||||||
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
|
2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
3. Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
|
3. Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
|
||||||
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ The Windows Defender Security Center interface is a little different in Windows
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
For more information about Windows 10 in S mode, including how to switch out of S mode, see Windows 10 Pro in S mode.
|
For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode).
|
||||||
|
|
||||||
##Managing Windows Defender Security Center settings with Intune
|
##Managing Windows Defender Security Center settings with Intune
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user