Help CenterNote: This policy requires ThreatLocker Version 9.0 and above.
The 'Configuring Defender Virus & Protection Settings using Configuration Manager' policy manages Microsoft Defender Virus & Threat Protection settings, encompassing real-time protection, cloud-delivered protection, automatic sample submission, tamper protection, and exclusions. Below are detailed descriptions of each option:
Real-time protection: Prevents malware from installing or running on your device. When enabled, Windows Defender is enabled and monitored by the ThreatLocker agent. This setting can be turned off for a short period of time before Windows automatically turns it back on.
Cloud-delivered protection: Provides increased & faster protection with access to the latest protection data in the cloud. This works best with Automatic Sample Submission turned on.
Automatic Sample Submission: Automatically submits suspicious files and samples to Microsoft for analysis, enhancing threat detection capabilities. Users will receive notifications regarding files that may contain personal information. They will be given the option to skip sending this information to Microsoft.
Tamper protection: Prevents malicious apps from changing important Microsoft Defender Antivirus settings, including real-time protection and cloud-delivered protection.
Exclusions: Microsoft Defender Antivirus will not scan items that have been excluded. Excluded items could contain threats that make your device vulnerable.
When enabling the 'Configuring Defender Virus & Protection Settings using Configuration Manager' policy, it will set and monitor the specified options. Disabling the policy will maintain the current state of options without monitoring. Setting the policy to Not Configured will enable the options (Windows default behavior) without monitoring them.