From 6b1b552219097ddfd8597bba867902b7f5e4d680 Mon Sep 17 00:00:00 2001 From: dbyrdaquent Date: Mon, 15 Jun 2020 13:23:02 -0600 Subject: [PATCH 1/4] Update configure-extension-file-exclusions-microsoft-defender-antivirus.md Added system environmental variables table. --- ...exclusions-microsoft-defender-antivirus.md | 273 ++++++++++++++++++ 1 file changed, 273 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index 213731cfa6..3dcee41875 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -199,6 +199,279 @@ The following table describes how the wildcards can be used and provides some ex +### System environmental variables + +The following table lists and describes the system account environmental variables. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
System environment variablesWill redirect to:
%APPDATA%C:\Users\UserName.DomainName\AppData\Roaming
%APPDATA%\Microsoft\Internet Explorer\Quick LaunchC:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
%APPDATA%\Microsoft\Windows\Start MenuC:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
%APPDATA%\Microsoft\Windows\Start Menu\ProgramsC:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
%LOCALAPPDATA% C:\Windows\System32\config\systemprofile\AppData\Local
%ProgramData%C:\ProgramData
%ProgramFiles%C:\Program Files
%ProgramFiles%\Common Files C:\Program Files\Common Files
%ProgramFiles%\Windows Sidebar\Gadgets C:\Program Files\Windows Sidebar\Gadgets
%ProgramFiles%\Common FilesC:\Program Files\Common Files
%ProgramFiles(x86)% C:\Program Files (x86)
%ProgramFiles(x86)%\Common Files C:\Program Files (x86)\Common Files
%SystemDrive%C:
%SystemDrive%\Program FilesC:\Program Files
%SystemDrive%\Program Files (x86) C:\Program Files (x86)
%SystemDrive%\Users C:\Users
%SystemDrive%\Users\PublicC:\Users\Public
%SystemRoot% C:\Windows
%windir%C:\Windows
%windir%\FontsC:\Windows\Fonts
%windir%\Resources C:\Windows\Resources
%windir%\resources\0409C:\Windows\resources\0409
%windir%\system32C:\Windows\System32
%ALLUSERSPROFILE%C:\ProgramData
%ALLUSERSPROFILE%\Application DataC:\ProgramData\Application Data
%ALLUSERSPROFILE%\DocumentsC:\ProgramData\Documents
%ALLUSERSPROFILE%\Documents\My Music\Sample Music +

C:\ProgramData\Documents\My Music\Sample Music

+

.

+
%ALLUSERSPROFILE%\Documents\My Music C:\ProgramData\Documents\My Music
%ALLUSERSPROFILE%\Documents\My Pictures +

C:\ProgramData\Documents\My Pictures +

+
%ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures C:\ProgramData\Documents\My Pictures\Sample Pictures
%ALLUSERSPROFILE%\Documents\My Videos C:\ProgramData\Documents\My Videos
%ALLUSERSPROFILE%\Microsoft\Windows\DeviceMetadataStore C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
%ALLUSERSPROFILE%\Microsoft\Windows\GameExplorer C:\ProgramData\Microsoft\Windows\GameExplorer
%ALLUSERSPROFILE%\Microsoft\Windows\Ringtones C:\ProgramData\Microsoft\Windows\Ringtones
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative ToolsC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
%ALLUSERSPROFILE%\Microsoft\Windows\Templates C:\ProgramData\Microsoft\Windows\Templates
%ALLUSERSPROFILE%\Start Menu C:\ProgramData\Start Menu
%ALLUSERSPROFILE%\Start Menu\Programs C:\ProgramData\Start Menu\Programs
%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools C:\ProgramData\Start Menu\Programs\Administrative Tools
%ALLUSERSPROFILE%\Templates C:\ProgramData\Templates
%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates
%LOCALAPPDATA%\Microsoft\Windows\History C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
+

+%PUBLIC%

+		C:\Users\Public
%PUBLIC%\AccountPictures C:\Users\Public\AccountPictures
%PUBLIC%\Desktop C:\Users\Public\Desktop
%PUBLIC%\Documents C:\Users\Public\Documents
%PUBLIC%\Downloads C:\Users\Public\Downloads
%PUBLIC%\Music\Sample Music +

C:\Users\Public\Music\Sample Music

+

.

+
%PUBLIC%\Music\Sample Playlists +

C:\Users\Public\Music\Sample Playlists

+

.

+
%PUBLIC%\Pictures\Sample Pictures C:\Users\Public\Pictures\Sample Pictures
%PUBLIC%\RecordedTV.library-msC:\Users\Public\RecordedTV.library-ms
%PUBLIC%\VideosC:\Users\Public\Videos
%PUBLIC%\Videos\Sample Videos +

C:\Users\Public\Videos\Sample Videos

+

.

+
%USERPROFILE% C:\Windows\System32\config\systemprofile
%USERPROFILE%\AppData\Local C:\Windows\System32\config\systemprofile\AppData\Local
%USERPROFILE%\AppData\LocalLow C:\Windows\System32\config\systemprofile\AppData\LocalLow
%USERPROFILE%\AppData\Roaming C:\Windows\System32\config\systemprofile\AppData\Roaming
+ + ## Review the list of exclusions You can retrieve the items in the exclusion list using one of the following methods: From 6b66720ba7af22549278dbc7ef43930b64cf56fd Mon Sep 17 00:00:00 2001 From: dbyrdaquent Date: Mon, 15 Jun 2020 14:07:10 -0600 Subject: [PATCH 2/4] Update configure-extension-file-exclusions-microsoft-defender-antivirus.md Updated MpCmdRun coding. --- ...e-extension-file-exclusions-microsoft-defender-antivirus.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index 3dcee41875..17b4284fa0 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -496,6 +496,9 @@ If you use PowerShell, you can retrieve the list in two ways: To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command: ```DOS +Start, CMD (Run as admin) +cd "%programdata%\microsoft\windows defender\platform" +cd 4.18.1812.3 (Where 4.18.1812.3 is this month's MDAV "Platform Update".) MpCmdRun.exe -CheckExclusion -path ``` From f19964ece2ad72272360d093aa0fe3388bbb4341 Mon Sep 17 00:00:00 2001 From: dbyrdaquent Date: Tue, 16 Jun 2020 15:39:40 -0600 Subject: [PATCH 3/4] Update manage-protection-updates-microsoft-defender-antivirus.md Add UNC file share section at end of doc. --- ...on-updates-microsoft-defender-antivirus.md | 109 +++++++++++++++++- 1 file changed, 106 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index fb6976a1fa..f110270402 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -52,7 +52,7 @@ There are five locations where you can specify where an endpoint should obtain u - [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq) - [Windows Server Update Service](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) - [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -- [Network file share](https://docs.microsoft.com/windows-server/storage/nfs/nfs-overview) +- [Network file share](#unc-share) - [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.) To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. @@ -144,13 +144,116 @@ See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft. ## What if we're using a third-party vendor? -This article describes how to configure and manage updates for Microsoft Defender Antivirus. However, third-party vendors can be used to perform these tasks. +This article describes how to configure and manage updates for Microsoft Defender Antivirus. However, third-party vendors can be used to perform these tasks. -For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Microsoft Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. +For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Microsoft Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. > [!NOTE] > Microsoft does not test third-party solutions for managing Microsoft Defender Antivirus. + +## Create a UNC share for security intelligence updates + +Set up a network file share (UNC/mapped drive) to download security intelligence updates from the MMPC site by using a scheduled task. + +1. On the system on which you want to provision the share and download the updates, create a folder to which you will save the script. + ```DOS + Start, CMD (Run as admin) + MD C:\Tool\PS-Scripts\ + ``` + +2. Create the folder to which you will save the signature updates. + ```DOS + MD C:\Temp\TempSigs\x64 + MD C:\Temp\TempSigs\x86 + ``` + +3. Download the Powershell script from [www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4). + +4. Click **Manual Download**. + +5. Click **Download the raw nupkg file**. + +6. Extract the file. + +7. Copy the file SignatureDownloadCustomTask.ps1 to the folder you previously created, C:\Tool\PS-Scripts\ . + +8. Use the command line to set up the scheduled task. + > [!NOTE] + > There are two types of updates: full and delta. + + - For x64 delta: + + ```DOS + Powershell (Run as admin) + + C:\Tool\PS-Scripts\ + + “.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $true -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” + ``` + + - For x64 full: + + ```DOS + Powershell (Run as admin) + + C:\Tool\PS-Scripts\ + + “.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $false -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” + ``` + + - For x86 delta: + + ```DOS + Powershell (Run as admin) + + C:\Tool\PS-Scripts\ + + “.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $true -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” + ``` + + - For x86 full: + + ```DOS + Powershell (Run as admin) + + C:\Tool\PS-Scripts\ + + “.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $false -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” + ``` + + > [!NOTE] + > When the scheduled tasks are created, you can find these in the Task Scheduler under Microsoft\Windows\Windows Defender + +9. Run each task manually and verify that you have data (mpam-d.exe, mpam-fe.exe, and nis_full.exe) in the following folders (you might have chosen different locations): + + - C:\Temp\TempSigs\x86 + - C:\Temp\TempSigs\x64 + + If the scheduled task fails, run the following commands: + + ```DOS + C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $False -destDir C:\Temp\TempSigs\x64″ + + C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $True -destDir C:\Temp\TempSigs\x64″ + + C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $False -destDir C:\Temp\TempSigs\x86″ + + C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $True -destDir C:\Temp\TempSigs\x86″ + ``` + > [!NOTE] + > Issues could also be due to execution policy. + +10. Create a share pointing to C:\Temp\TempSigs (e.g. \\server\updates). + + > [!NOTE] + > At a minimum, authenticated users must have “Read” access. + +11. Set the share location in the policy to the share. + + > [!NOTE] + > Do not add the x64 (or x86) folder in the path. The mpcmdrun.exe process adds it automatically. + ## Related articles - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) From ad7e9da73e7c1cd9f9411ea0c77deb8c230be5f9 Mon Sep 17 00:00:00 2001 From: dbyrdaquent Date: Wed, 17 Jun 2020 11:58:37 -0600 Subject: [PATCH 4/4] Revert "Update manage-protection-updates-microsoft-defender-antivirus.md" This reverts commit f19964ece2ad72272360d093aa0fe3388bbb4341. --- ...on-updates-microsoft-defender-antivirus.md | 109 +----------------- 1 file changed, 3 insertions(+), 106 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md index f110270402..fb6976a1fa 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md @@ -52,7 +52,7 @@ There are five locations where you can specify where an endpoint should obtain u - [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq) - [Windows Server Update Service](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) - [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/core/servers/manage/updates) -- [Network file share](#unc-share) +- [Network file share](https://docs.microsoft.com/windows-server/storage/nfs/nfs-overview) - [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.) To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. @@ -144,116 +144,13 @@ See [Policy CSP - Defender/SignatureUpdateFallbackOrder](https://docs.microsoft. ## What if we're using a third-party vendor? -This article describes how to configure and manage updates for Microsoft Defender Antivirus. However, third-party vendors can be used to perform these tasks. +This article describes how to configure and manage updates for Microsoft Defender Antivirus. However, third-party vendors can be used to perform these tasks. -For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Microsoft Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. +For example, suppose that Contoso has hired Fabrikam to manage their security solution, which includes Microsoft Defender Antivirus. Fabrikam typically uses [Windows Management Instrumentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus), [PowerShell cmdlets](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus), or [Windows command-line](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus) to deploy patches and updates. > [!NOTE] > Microsoft does not test third-party solutions for managing Microsoft Defender Antivirus. - -## Create a UNC share for security intelligence updates - -Set up a network file share (UNC/mapped drive) to download security intelligence updates from the MMPC site by using a scheduled task. - -1. On the system on which you want to provision the share and download the updates, create a folder to which you will save the script. - ```DOS - Start, CMD (Run as admin) - MD C:\Tool\PS-Scripts\ - ``` - -2. Create the folder to which you will save the signature updates. - ```DOS - MD C:\Temp\TempSigs\x64 - MD C:\Temp\TempSigs\x86 - ``` - -3. Download the Powershell script from [www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4). - -4. Click **Manual Download**. - -5. Click **Download the raw nupkg file**. - -6. Extract the file. - -7. Copy the file SignatureDownloadCustomTask.ps1 to the folder you previously created, C:\Tool\PS-Scripts\ . - -8. Use the command line to set up the scheduled task. - > [!NOTE] - > There are two types of updates: full and delta. - - - For x64 delta: - - ```DOS - Powershell (Run as admin) - - C:\Tool\PS-Scripts\ - - “.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $true -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” - ``` - - - For x64 full: - - ```DOS - Powershell (Run as admin) - - C:\Tool\PS-Scripts\ - - “.\SignatureDownloadCustomTask.ps1 -action create -arch x64 -isDelta $false -destDir C:\Temp\TempSigs\x64 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” - ``` - - - For x86 delta: - - ```DOS - Powershell (Run as admin) - - C:\Tool\PS-Scripts\ - - “.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $true -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” - ``` - - - For x86 full: - - ```DOS - Powershell (Run as admin) - - C:\Tool\PS-Scripts\ - - “.\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $false -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1” - ``` - - > [!NOTE] - > When the scheduled tasks are created, you can find these in the Task Scheduler under Microsoft\Windows\Windows Defender - -9. Run each task manually and verify that you have data (mpam-d.exe, mpam-fe.exe, and nis_full.exe) in the following folders (you might have chosen different locations): - - - C:\Temp\TempSigs\x86 - - C:\Temp\TempSigs\x64 - - If the scheduled task fails, run the following commands: - - ```DOS - C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $False -destDir C:\Temp\TempSigs\x64″ - - C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x64 -isDelta $True -destDir C:\Temp\TempSigs\x64″ - - C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $False -destDir C:\Temp\TempSigs\x86″ - - C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command “&\”C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\” -action run -arch x86 -isDelta $True -destDir C:\Temp\TempSigs\x86″ - ``` - > [!NOTE] - > Issues could also be due to execution policy. - -10. Create a share pointing to C:\Temp\TempSigs (e.g. \\server\updates). - - > [!NOTE] - > At a minimum, authenticated users must have “Read” access. - -11. Set the share location in the policy to the share. - - > [!NOTE] - > Do not add the x64 (or x86) folder in the path. The mpcmdrun.exe process adds it automatically. - ## Related articles - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)