Defender Profile
The Defender Profile allows administrators to effectively configure Windows Defender policies on enrolled devices. This profile allows administrators to establish and enforce security protocols that are aligned with the organization's requirements and best practices, creating a robust defense against various digital threats.
This profile is supported on Windows 10 or above devices.
To configure Windows Defender policies on the enrolled devices, follow these steps:
On the SureMDM Web Console, navigate to Profiles > Windows > Add > Windows Defender Profile > Configure.
Enter a Profile Name.
Configure Windows Defender Profile settings and click Save.
| Settings | Description |
|---|---|
| Schedule Scan | |
| Enable Schedule Scan | Select this option to enable the scheduled scan. |
| Scan Parameter | Select to perform Quick Scan or Full Scan. |
| Schedule Scan Day | Select the day on which Windows Defender scan should start running. |
| Schedule Quick Scan Time | Enter the time of the day at which Windows Defender scan should start running. For example value of 0=12.00AM. |
| Schedule Scan Time | Enter the time of the day at which Windows Defender scan should start running. |
| Threat Severity Default Action | Follow the below steps to add the action: - Click Add. - Select the Severity Type from the following: - Low Severity Threats - Moderate Severity Threats - High Severity Threats - Severe Threats - Select the Action from the following and click Add. - Clean - Qurantine - Remove - Allow - User Defined - Block |
| Scan | |
| Allow Archive Scanning | Allow or deny scanning of archives. |
| Allow Email Scanning | Allow or deny scanning of emails. |
| Allow Scanning Network Files | Allow or deny scanning of network files |
| Allow Full Scan OnMapped Network Drives | Allow or deny full scanning of mapped network drives |
| Allow Full Scan Removable Drive Scanning | Allow or deny full scanning of removable network drive |
| Scan Parameter | Select to perform Quick Scan or Full Scan. |
| Check For Signatures Before Running Scan | Allow or deny a check for new definitions that will occur before scanning. |
| Disable Catchup Full Scan | Disables catch-up scans for scheduled full scans. |
| Disable Catchup Quick Scan | Disables catch-up scans for scheduled quick scans. |
| Enable Low CPU Priority | Allows low CPU priority for scheduled scans. |
| Avg CPU Load Factor | Enter the average CPU load factor (in percent) for Windows Defender scan. |
| Schedule Quick Scan Time | Enter the time of the day at which Windows Defender scan should start running. For example value of 0=12.00AM. |
| Schedule Scan Day | Select the day on which Windows Defender scan should start running. |
| Schedule Scan Time | Enter the time of the day at which Windows Defender scan should start running. |
| Real-Time Protection | |
| Allow Realtime Monitoring | Allow or deny Windows Defender Realtime monitoring functionality. |
| Allow Behavior Monitoring | Allow or deny Windows Defender Behavior monitoring functionality. |
| Allow IOAV Protection | Allow or deny Windows Defender IOAV Protection functionality. |
| Allow Intrusion Prevention System | Allow or deny Windows Defender Intrusion Prevention functionality. |
| Allow On Access Protection | Allow or deny Windows Defender Access Prevention functionality. |
| PUA Protection | Select an option (PUA Protection Off / PUA Protection On / Audit Mode) that specifies the level of detection for potentially unwanted applications. |
| Real Time Scan Direction | Select an option (Monitor all files (bi-directional) / Monitor incoming files / Monitor Outgoing files) to scan only the specified files. |
| Exclusions | |
| Excluded Extensions | Enter a list of file type extensions to be ignored during the scan. Each file type in the list must be separated by a ** |
| Excluded Paths | Enter a list of directory paths to be ignored during the scan. Each path in the list must be separated by a ** |
| Excluded Processes | Enter a list of files opened by processes to be ignored during a scan. Each path in the list must be separated by a ** |
| Signature Updates | |
| Signature Update Interval | Enter the interval (in hours) that will check for signatures for every specified interval. A value of 0 means no check for new signatures. *Note: The interval value ranges between 0 to 24. 24 means to check for new signatures every day. The default value is 8.* |
| Signature Update File Shares Sources | Enter the UNC file share sources for downloading definition updates. The value of this settings should be entered by** |
| Signature Update Fallback Order | Select the definition update sources (InternalDefinitionUpdateServer / MicrosoftUpdateServer / MMPC / FileShares) in the order in which different definition update sources should be contacted. |
| Windows Defender Exploit Guard | |
| Attack Surface Reduction | |
| Attack Surface Reduction Rules | Enter the values as ASR rule ID - status ID pair separated by a ** |
| Attack Surface Reduction Only Exclusions | Enter a list of paths separated by a ** |
| Controlled Folder Access | |
| Enable Controlled Folder Access | Select the Controlled Folder Access (Enabled / Disabled / Audit Mode) that enables the setting state as** On / Off / Audit. |
| Controlled Folder Access Protected Folders | Enter the user specified folder locations for the Controlled Folder Access setting. Use ** |
| Controlled Folder Access Allowed Applications | Enter the user specified applications for the Controlled Folder Access setting. Use ** |
| Network Protection | |
| Enable Network Protection | Select an option Disabled / Enabled (block mode) / Enabled (audit mode) for the Network Protection. |
| Advanced | |
| Allow Cloud Protection | Turn ON this option to allow Windows Defender to send information to Microsoft in case of any problems it finds. |
| Submit Samples Consent | Select an option from the following to check for the user content level in Windows Defender to send data. - Always prompt - Send safe samples automatically - Never Send - Send all samples automatically |
| Cloud Block Level | Select an option from the following to determine how aggressive Windows Defender Antivirus will be blocking and scanning suspicious files. ![ref1]*Note: This feature will work only when Allow Cloud Protection setting is enabled.* |
| Cloud Extended Timeout | Enter the value (0 to 50) to block the suspicious file up to 50secs. *Note: This feature will work only when Allow Cloud Protection or Submit Samples Consent settings are enabled.* |
| Allow Script Scanning | Allow or deny Windows Defender script scanning functionality. |
| Allow User UI Access | Allow or deny user access to the Windows Defender UI. If denied, all Windows Defender notifications will be suppressed. |
| Threat Severity Default Action | Enter the threat severity level in the format **threat_level= action |
| Days to Retain Cleaned Malware | Enter the time period (in days) that quarantine items will be stored in the system. Note: The default value is 0, which keeps items in quarantine and does not automatically remove them.* |
Go back to the Home tab and select the Windows device(s) or group(s).
Click Apply to launch the Apply Job/Profile To Device prompt.
Select the profile under All Jobs/Profiles.
Click Apply in the Apply/Profile To Device prompt.