deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 7735: Added Intune procedure, fixed link

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-05-02 19:27:21 +00:00
commit f4858b5d1f
2 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
View File

@ -11,13 +11,9 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 04/30/2018
ms.date: 05/02/2018
---
# Enable the Block at First Sight feature
**Applies to**
@ -30,6 +26,7 @@ ms.date: 04/30/2018
**Manageability available with**
- Intune
- Group Policy
- Windows Defender Security Center app
@ -58,8 +55,6 @@ In Windows 10, version 1803, the Block at First Sight feature can now block non-
The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe.
In many cases this process can reduce the response time for new malware from hours to seconds.
@ -69,6 +64,23 @@ In many cases this process can reduce the response time for new malware from hou
Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
### Confirm Block at First Sight is enabled with Intune
1. In Intune, navigate to **Device configuration - Profiles > *Profile name* > Device restrictions > Windows Defender Antivirus**.
> [!NOTE]
> The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
2. Verify these settings are configured as follows:
- **Cloud-delivered protection**: **Enable**
- **File Blocking Level**: **High**
- **Time extension for file scanning by the cloud**: **50**
- **Prompt users before sample submission**: **Send all data without prompting**
For more information about configuring Windows Defender AV device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
For a list of Windows Defender AV device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus).
### Confirm Block at First Sight is enabled with Group Policy

2
windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
View File

@ -34,7 +34,7 @@ The Windows Defender Security Center interface is a little different in Windows
![Screen shot of the Windows Defender Security Center app Virus & threat protection area in Windows 10 in S mode](images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png)
For more information about Windows 10 in S mode, including how to switch out of S mode, see Windows 10 Pro in S mode.
For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode).
##Managing Windows Defender Security Center settings with Intune