Configure Defender Profile (Windows)
Defender Profile allows admins configuring Windows Defender policies on the enrolled devices.
Note: This profile is supported on Windows 10 or above devices.
To configure Windows Defender policies on the enrolled devices, follow these steps:
1. On the SureMDM Web Console, navigate to Profiles > Windows > Add > Windows Defender Profile > Configure.
2. Enter a Profile Name.
3. Configure Windows Defender Profile settings and click Save.
Settings |
Description |
Scan |
|
Allow Archive Scanning |
Allow or deny scanning of archives. |
Allow Email Scanning |
Allow or deny scanning of emails. |
Allow Scanning Network Files |
Allow or deny scanning of network files |
Allow Full Scan OnMapped Network Drives |
Allow or deny full scanning of mapped network drives |
Allow Full Scan Removable Drive Scanning |
Allow or deny full scanning of removable network drive |
Scan Parameter |
Select to perform Quick Scan or Full Scan. |
Check For Signatures Before Running Scan |
Allow or deny a check for new definitions that will occur before scanning. |
Disable Catchup Full Scan |
Disables catch-up scans for scheduled full scans. |
Disable Catchup Quick Scan |
Disables catch-up scans for scheduled quick scans. |
Enable Low CPU Priority |
Allows low CPU priority for scheduled scans. |
Avg CPU Load Factor |
Enter the average CPU load factor (in percent) for Windows Defender scan. |
Schedule Quick Scan Time |
Enter the time of the day at which Windows Defender scan should start running. For example value of 0=12.00AM. |
Schedule Scan Day |
Select the day on which Windows Defender scan should start running. |
Schedule Scan Time |
Enter the time of the day at which Windows Defender scan should start running. |
Real-Time Protection |
|
Allow Realtime Monitoring |
Allow or deny Windows Defender Realtime monitoring functionality. |
Allow Behavior Monitoring |
Allow or deny Windows Defender Behavior monitoring functionality. |
Allow IOAV Protection |
Allow or deny Windows Defender IOAV Protection functionality. |
Allow Intrusion Prevention System |
Allow or deny Windows Defender Intrusion Prevention functionality. |
Allow On Access Protection |
Allow or deny Windows Defender Access Prevention functionality. |
PUA Protection |
Select an option (PUA Protection Off / PUA Protection On / Audit Mode) that specifies the level of detection for potentially unwanted applications. |
Real Time Scan Direction |
Select an option (Monitor all files (bi-directional) / Monitor incoming files / Monitor Outgoing files) to scan only the specified files. |
Exclusions |
|
Excluded Extensions |
Enter a list of file type extensions to be ignored during the scan. Each file type in the list must be separated by a |. For example : lib|obj |
Excluded Paths |
Enter a list of directory paths to be ignored during the scan. Each path in the list must be separated by a |. For example : C:\Example|C:\Example1 |
Excluded Processes |
Enter a list of files opened by processes to be ignored during a scan. Each path in the list must be separated by a |. For example : C:\Example|C:\Example1 |
Signature Updates |
|
Signature Update Interval |
Enter the interval (in hours) that will check for signatures for every specified interval. A value of 0 means no check for new signatures. Note: The interval value ranges between 0 to 24. 24 means to check for new signatures every day. The default value is 8. |
Signature Update File Shares Sources |
Enter the UNC file share sources for downloading definition updates. The value of this settings should be entered by|. |
Signature Update Fallback Order |
Select the definition update sources (InternalDefinitionUpdateServer / MicrosoftUpdateServer / MMPC / FileShares) in the order in which different definition update sources should be contacted. |
Windows Defender Exploit Guard |
|
Attack Surface Reduction |
|
Attack Surface Reduction Rules |
Enter the values as ASR rule ID - status ID pair separated by a |. This setting enables the state (Block / Audit / Off) of each Attack Surface Reduction Rule (ASR). |
Attack Surface Reduction Only Exclusions |
Enter a list of paths separated by a |. This setting allows to prevent Attack Surface Reduction Rules (ASR) from matching on files under the paths specified or for fully qualified resources specified. |
Controlled Folder Access |
|
Enable Controlled Folder Access |
Select the Controlled Folder Access (Enabled / Disabled / Audit Mode) that enables the setting state as On / Off / Audit. |
Controlled Folder Access Protected Folders |
Enter the user specified folder locations for the Controlled Folder Access setting. Use | as the separator. |
Controlled Folder Access Allowed Applications |
Enter the user specified applications for the Controlled Folder Access setting. Use | as the separator. |
Network Protection |
|
Enable Network Protection |
Select an option (Disabled / Enabled (block mode) / Enabled (audit mode) for the Network Protection. |
Advanced |
|
Allow Cloud Protection |
Turn ON this option to allow Windows Defender to send information to Microsoft in case of any problems it finds. |
Submit Samples Consent |
Select an option from the following to check for the user content level in Windows Defender to send data.
|
Cloud Block Level |
Select an option from the following to determine how aggressive Windows Defender Antivirus will be blocking and scanning suspicious files. Note: This feature will work only when Allow Cloud Protection setting is enabled. |
Cloud Extended Timeout |
Enter the value (0 to 50) to block the suspicious file up to 50secs. Note: This feature will work only when Allow Cloud Protection or Submit Samples Consent settings are enabled. |
Allow Script Scanning |
Allow or deny Windows Defender script scanning functionality. |
Allow User UI Access |
Allow or deny user access to the Windows Defender UI. If denied, all Windows Defender notifications will be suppressed. |
Threat Severity Default Action |
Enter the threat severity level in the format threat_level= action|threat_level=action. Allow admins to specify any valid threat severity levels and corresponding default action ID to take. |
Days to Retain Cleaned Malware |
Enter the time period (in days) that quarantine items will be stored in the system. Note: The default value is 0, which keeps items in quarantine and does not automatically remove them. |
4. Go back to Home tab and select the Windows device(s) or group(s).
5. Click Apply to launch the Apply Job/Profile To Device prompt.
6. In the Apply Job/Profile To Device prompt, select the created profile and click Apply.