0
()

 Important

Microsoft Defender for Business is now in preview, and will roll out gradually to customers and IT Partners who sign-up here to request it. We will onboard an initial set of customers and partners in the coming weeks and will expand the preview leading up to general availability. Note that preview will launch with an initial set of scenarios, and we will be adding capabilities regularly.

Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.

Next-generation protection in Defender for Business (preview) includes robust antivirus and antimalware protection. Your default policies are designed to protect your devices and users without hindering productivity; however, you can also customize your policies to suit your business needs. And, if you’re using Microsoft Endpoint Manager, you can use that to manage your security policies and settings.

This article describes:

Next-generation protection settings and options

The following table lists your settings and options:

NEXT-GENERATION PROTECTION SETTINGS AND OPTIONS
Setting Description
Real-time protection
Turn on real-time protection Enabled by default, real-time protection locates and stops malware from running on devices. We recommend keeping real-time protection turned on.

When real-time protection is turned on, it configures the following settings:
– Behavior monitoring is turned on (AllowBehaviorMonitoring)
– All downloaded files and attachments are scanned (AllowIOAVProtection)
– Scripts that are used in Microsoft browsers are scanned (AllowScriptScanning)

Block at first sight Enabled by default, block at first sight blocks malware within seconds of detection, increases the time (in seconds) allowed to submit sample files for analysis, and sets your detection level to High. We recommend keeping block at first sight turned on.

When block at first sight is turned on, it configures the following settings for Microsoft Defender Antivirus:
– Blocking and scanning of suspicious files is set to the High blocking level (CloudBlockLevel)
– The number of seconds for a file to be blocked and checked is set to 50 seconds (CloudExtendedTimeout)

IMPORTANT: If block at first sight is turned off, it affects CloudBlockLevel and CloudExtendedTimeout for Microsoft Defender Antivirus.

Turn on network protection When turned on, network protection helps protect against phishing scams, exploit-hosting sites, and malicious content on the Internet. It also prevents users from turning network protection off.

Network protection can be set to one of the following modes:
– Block mode (this setting is the default), which prevents users from visiting sites that are considered unsafe. We recommend keeping network protection set to Block mode.
– Audit mode, which allows users to visit sites that might be unsafe and tracks network activity to/from such sites
– Disabled mode, which nether blocks users from visiting sites that might be unsafe nor tracks network activity to/from such sites

Remediation
Action to take on potentially unwanted apps (PUA) PUA can include advertising software, bundling software that offers to install other, unsigned software, and evasion software that attempts to evade security features. Although PUA is not necessarily a virus, malware, or other type of threats, PUA can affect device performance.

PUA protection blocks items that are detected as PUA. You can set PUA protection to one of the following settings:
– Enabled (this setting is the default), which blocks items detected as PUA on devices. We recommend keeping PUA protection enabled.
– Audit mode, which takes no action on items detected as PUA
– Disabled, which does not detect or take action on items that might be PUA

Scan
Scheduled scan type Consider running a weekly antivirus scan on your devices. You can choose from the following scan type options:
– Quickscan checks locations, such as registry keys and startup folders, where malware could be registered to start with a device. We recommend using the quickscan option.
– Fullscan checks all files and folders on a device
– Disabled means no scheduled scans will take place. Users can still run scans on their own devices. (In general, we do not recommend disabling your scheduled scans.)

Learn more about scan types.

Day of week to run a scheduled scan Select a day for your regular, weekly antivirus scans to run.
Time of day to run a scheduled scan Select a time to run your regularly scheduled antivirus scans to run.
Use low performance This setting is turned off by default. We recommend keeping this setting turned off. However, you can turn this setting on to limit the device memory and resources that are used during scheduled scans.

IMPORTANT If you turn Use low performance on, it configures the following settings for Microsoft Defender Antivirus:
– Archive files are not scanned (AllowArchiveScanning)
– Scans are assigned a low CPU priority (EnableLowCPUPriority)
– If a full antivirus scan is missed, no catch-up scan will run (DisableCatchupFullScan)
– If a quick antivirus scan is missed, no catch-up scan will run (DisableCatchupQuickScan)
– Reduces the average CPU load factor during an antivirus scan from 50% to 20% (AvgCPULoadFactor)

User experience
Allow users to access the Windows Security app Turn this setting on to enable users to open the Windows Security app on their devices. Users won’t be able to override settings that you configure in Microsoft Defender for Business (preview), but they will be able to run a quick scan if need be, or view any detected threats.
Antivirus exclusions Exclusions are processes, files, or folders that are skipped by Microsoft Defender Antivirus scans. In general, you should not need to define exclusions. Microsoft Defender Antivirus includes many automatic exclusions that are based on known operating system behaviors and typical management files.

Learn more about exclusions

Process exclusions Process exclusions prevent files that are opened by specific processes from being scanned by Microsoft Defender Antivirus.

Learn more about process exclusions

File extension exclusions File extension exclusions prevent files with specific extensions from being scanned by Microsoft Defender Antivirus.

Learn more about file extension exclusions

File and folder exclusions File and folder exclusions prevent files that are in specific folders from being scanned by Microsoft Defender Antivirus.

Learn more about file and folder exclusions

Other preconfigured settings in Defender for Business

The following security settings are preconfigured in Defender for Business (preview):

Defender for Business default settings and Microsoft Endpoint Manager

The following table describes settings that are preconfigured for Defender for Business (preview) and how those settings correspond to what you might see in Microsoft Endpoint Manager (or Microsoft Intune). If you’re using the simplified configuration process in Defender for Business (preview), you do not need to edit these settings.

DEFENDER FOR BUSINESS DEFAULT SETTINGS AND MICROSOFT ENDPOINT MANAGER
Setting Description
Cloud protection Sometimes referred to as cloud-delivered protection or Microsoft Advanced Protection Service (MAPS), cloud protection works with Microsoft Defender Antivirus and the Microsoft cloud to identify new threats, sometimes even before a single device is affected. By default, AllowCloudProtection is turned on.

Learn more about cloud protection.

Monitoring for incoming and outgoing files To monitor incoming and outgoing files, RealTimeScanDirection is set to monitor all files.
Scan network files By default, AllowScanningNetworkFiles is not enabled, and network files are not scanned.
Scan email messages By default, AllowEmailScanning is not enabled, and email messages are not scanned.
Number of days (0-90) to keep quarantined malware By default, DaysToRetainCleanedMalware this setting is set to zero (0) days. Artifacts that in quarantine are not removed automatically.
Submit samples consent By default, SubmitSamplesConsent is et to send safe samples automatically. Examples of safe samples include .bat.scr.dll, and .exe files that do not contain personally identifiable information (PII). If a file does contain PII, the user receives a request to allow the sample submission to proceed.

Learn more about cloud protection and sample submission

Scan removable drives By default, AllowFullScanRemovableDriveScanning is configured to scanning removable drives, such as USB thumb drives on devices.

Learn more about antimalware policy settings

Run daily quick scan time By default, ScheduleQuickScanTime is set to 2:00 AM.

Learn more about scan settings.

Check for signature updates before running scan By default, CheckForSignaturesBeforeRunningScan is configured to check for security intelligence updates prior to running antivirus/antimalware scans.

Learn more about scan settings and Security intelligence updates.

How often (0-24 hours) to check for security intelligence updates By default, SignatureUpdateInterval is configured to check for security intelligence updates every four hours.

Learn more about scan settings and Security intelligence updates.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

(Visited 1 times, 1 visits today)
Discover More help  Device health and compliance report in Microsoft Defender for Endpoint