added images and sccm steps

2025-05-14 14:27:22 +00:00 · 2019-04-25 11:15:34 -07:00 · 2019-04-25 11:15:34 -07:00 · fe060b8d65
commit fe060b8d65
parent cd05923491
4 changed files with 18 additions and 1 deletions
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 09/03/2018
+ms.date: 04/26/2019
 ---

 # Enable block at first sight
@ -68,6 +68,23 @@ For more information about configuring Windows Defender Antivirus device restric

 For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus).

+### Enable block at first sight with SCCM
+
+1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**.
+1. Click **Home** > **Create Antimalware Policy**.
+1. Enter a name and a description, and add these settings:
+   - **Real time protection**
+   - **Advanced**
+   - **Cloud Protection Service**
+1. In the left column, click **Real time protection**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
+   ![Enable real-time protection](images/defender/wdav-protection-settings-wdsc.png)
+1. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
+   ![Enable Advanced settings](images/defender/sccm-advanced-settings.png)
+1. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
+   ![Enable Cloud Protection Service](images/defender/sccm-cloud-protection-service.png)
+1. Click **OK** to create the policy.
+
+
 ### Confirm block at first sight is enabled with Group Policy

 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
--- a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png
+++ b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png
--- a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png
+++ b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png
--- a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png
+++ b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png