Configure antivirus scans using Group Policy
- On your Group Policy management machine, in the Group Policy Editor, go to Computer configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Scan.
- Right-click the Group Policy Object you want to configure, and then select Edit.
- Specify settings for the Group Policy Object, and then select OK.
- Repeat steps 1-4 for each setting you want to configure.
- Deploy your Group Policy Object as you normally do. If you need help with Group Policy Objects, see Create a Group Policy Object.
Note
When configuring scheduled scans, the setting Start the scheduled scan only when computer is on but not in use, which is enabled by default, can impact the expected scheduled time by requiring the machine to be idle first.
For weekly scans, default behavior on Windows Server is to scan outside of automatic maintenance when the machine is idle. The default on Windows 10 and later is to scan during automatic maintenance when the machine is idle. To change this behavior, modify the settings by disabling ScanOnlyIfIdle, and then define a schedule.
For more information, see the Manage when protection updates should be downloaded and applied and Prevent or allow users to locally modify policy settings topics.
Group Policy settings for scheduling scans
Location | Setting | Description | Default setting (if not configured) |
---|---|---|---|
Scan | Specify the scan type to use for a scheduled scan | Quick scan | |
Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never |
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter 60 for 1 a.m.). | 2 a.m. |
Root | Randomize scheduled task times | In Microsoft Defender Antivirus, randomize the start time of the scan to any interval from 0 to 23 hours.In SCEP, randomize scans to any interval plus or minus 30 minutes. This can be useful in virtual machines or VDI deployments. | Enabled |
Group Policy settings for scheduling scans for when an endpoint is not in use
Location | Setting | Description | Default setting (if not configured) |
---|---|---|---|
Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled |
Note
When you schedule scans for times when endpoints are not in use, scans do not honor the CPU throttling configuration and will take full advantage of the resources available to complete the scan as fast as possible.
Group Policy settings for scheduling remediation-required scans
Location | Setting | Description | Default setting (if not configured) |
---|---|---|---|
Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | Specify the day (or never) to run a scan. | Never |
Remediation | Specify the time of day to run a scheduled full scan to complete remediation | Specify the number of minutes after midnight (for example, enter 60 for 1 a.m.) | 2 a.m. |
Group Policy settings for scheduling daily scans
Location | Setting | Description | Default setting (if not configured) |
---|---|---|---|
Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter 2, for once a day, enter 24. Enter 0 to never run a daily quick scan. | Never |
Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter 60 for 1 a.m.) | 2 a.m. |
Group Policy settings for scheduling scans after protection updates
Location | Setting | Description | Default setting (if not configured) |
---|---|---|---|
Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled |