Skip to main content

Defender Profile

The Defender Profile allows administrators to effectively configure Windows Defender policies on enrolled devices. This profile allows administrators to establish and enforce security protocols that are aligned with the organization's requirements and best practices, creating a robust defense against various digital threats.

note

This profile is supported on Windows 10 or above devices.

To configure Windows Defender policies on the enrolled devices, follow these steps:

  1. On the SureMDM Web Console, navigate to Profiles > Windows > Add > Windows Defender Profile > Configure.

  2. Enter a Profile Name.

  3. Configure Windows Defender Profile settings and click Save.

SettingsDescription
Schedule Scan
Enable Schedule ScanSelect this option to enable the scheduled scan.
Scan ParameterSelect to perform Quick Scan or Full Scan.
Schedule Scan DaySelect the day on which Windows Defender scan should start running.
Schedule Quick Scan TimeEnter the time of the day at which Windows Defender scan should start running. For example value of 0=12.00AM.
Schedule Scan TimeEnter the time of the day at which Windows Defender scan should start running.
Threat Severity Default Action

Follow the below steps to add the action:

- Click Add.

- Select the Severity Type from the following:

- Low Severity Threats

- Moderate Severity Threats

- High Severity Threats

- Severe Threats

- Select the Action from the following and click Add.

- Clean

- Qurantine

- Remove

- Allow

- User Defined

- Block

Scan
Allow Archive ScanningAllow or deny scanning of archives.
Allow Email ScanningAllow or deny scanning of emails.
Allow Scanning Network FilesAllow or deny scanning of network files
Allow Full Scan OnMapped Network DrivesAllow or deny full scanning of mapped network drives
Allow Full Scan Removable Drive ScanningAllow or deny full scanning of removable network drive
Scan ParameterSelect to perform Quick Scan or Full Scan.
Check For Signatures Before Running ScanAllow or deny a check for new definitions that will occur before scanning.
Disable Catchup Full ScanDisables catch-up scans for scheduled full scans.
Disable Catchup Quick ScanDisables catch-up scans for scheduled quick scans.
Enable Low CPU PriorityAllows low CPU priority for scheduled scans.
Avg CPU Load FactorEnter the average CPU load factor (in percent) for Windows Defender scan.
Schedule Quick Scan TimeEnter the time of the day at which Windows Defender scan should start running. For example value of 0=12.00AM.
Schedule Scan DaySelect the day on which Windows Defender scan should start running.
Schedule Scan TimeEnter the time of the day at which Windows Defender scan should start running.
Real-Time Protection
Allow Realtime MonitoringAllow or deny Windows Defender Realtime monitoring functionality.
Allow Behavior MonitoringAllow or deny Windows Defender Behavior monitoring functionality.
Allow IOAV ProtectionAllow or deny Windows Defender IOAV Protection functionality.
Allow Intrusion Prevention SystemAllow or deny Windows Defender Intrusion Prevention functionality.
Allow On Access ProtectionAllow or deny Windows Defender Access Prevention functionality.
PUA ProtectionSelect an option (PUA Protection Off / PUA Protection On / Audit Mode) that specifies the level of detection for potentially unwanted applications.
Real Time Scan DirectionSelect an option (Monitor all files (bi-directional) / Monitor incoming files / Monitor Outgoing files) to scan only the specified files.
Exclusions
Excluded ExtensionsEnter a list of file type extensions to be ignored during the scan. Each file type in the list must be separated by a **
Excluded PathsEnter a list of directory paths to be ignored during the scan. Each path in the list must be separated by a **
Excluded ProcessesEnter a list of files opened by processes to be ignored during a scan. Each path in the list must be separated by a **
Signature Updates
Signature Update Interval

Enter the interval (in hours) that will check for signatures for every specified interval. A value of 0 means no check for new signatures.

*Note: The interval value ranges between 0 to 24. 24 means to check for new signatures every day. The default value is 8.*

Signature Update File Shares SourcesEnter the UNC file share sources for downloading definition updates. The value of this settings should be entered by**
Signature Update Fallback OrderSelect the definition update sources (InternalDefinitionUpdateServer / MicrosoftUpdateServer / MMPC / FileShares) in the order in which different definition update sources should be contacted.
Windows Defender Exploit Guard
Attack Surface Reduction
Attack Surface Reduction RulesEnter the values as ASR rule ID - status ID pair separated by a **
Attack Surface Reduction Only ExclusionsEnter a list of paths separated by a **
Controlled Folder Access
Enable Controlled Folder AccessSelect the Controlled Folder Access (Enabled / Disabled / Audit Mode) that enables the setting state as** On / Off / Audit.
Controlled Folder Access Protected FoldersEnter the user specified folder locations for the Controlled Folder Access setting. Use **
Controlled Folder Access Allowed ApplicationsEnter the user specified applications for the Controlled Folder Access setting. Use **
Network Protection
Enable Network ProtectionSelect an option Disabled / Enabled (block mode) / Enabled (audit mode) for the Network Protection.
Advanced
Allow Cloud ProtectionTurn ON this option to allow Windows Defender to send information to Microsoft in case of any problems it finds.
Submit Samples Consent

Select an option from the following to check for the user content level in Windows Defender to send data.

- Always prompt

- Send safe samples automatically

- Never Send

- Send all samples automatically

Cloud Block Level

Select an option from the following to determine how aggressive Windows Defender Antivirus will be blocking and scanning suspicious files.

![ref1]*Note: This feature will work only when Allow Cloud Protection setting is enabled.*

Cloud Extended Timeout

Enter the value (0 to 50) to block the suspicious file up to 50secs.

*Note: This feature will work only when Allow Cloud Protection or Submit Samples Consent settings are enabled.*

Allow Script ScanningAllow or deny Windows Defender script scanning functionality.
Allow User UI AccessAllow or deny user access to the Windows Defender UI. If denied, all Windows Defender notifications will be suppressed.
Threat Severity Default ActionEnter the threat severity level in the format **threat_level= action
Days to Retain Cleaned Malware

Enter the time period (in days) that quarantine items will be stored in the system.

Note: The default value is 0, which keeps items in quarantine and does not automatically remove them.*

  1. Go back to the Home tab and select the Windows device(s) or group(s).

  2. Click Apply to launch the Apply Job/Profile To Device prompt.

  3. Select the profile under All Jobs/Profiles.

  4. Click Apply in the Apply/Profile To Device prompt.