Skip to content

Commit 27f5406

Browse files
tayasutatayasuta
authored
Revise network connection solutions for Defender Antivirus
Updated the description for the preferred solution and provided additional details on the alternative workaround solution regarding CRL checks. I believe DisableRootAutoUpdate=1 won't allow Defender to disable the revocation check.
1 parent f7156ce commit 27f5406

File tree

1 file changed

+0
-1
lines changed

1 file changed

+0
-1
lines changed

defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,6 @@ The following table lists solutions:
109109
|Solution|Description|
110110
|:---|:---|
111111
| Solution (Preferred) | Configure the system-wide WinHttp proxy that allows the CRL check.|
112-
| Solution (Preferred 2) | 1. Go to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies** > **Certificate Path Validation Settings**.<br/>2. Select the **Network Retrieval** tab, and then select **Define these policy settings**.<br/>3. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box.<br/><br/> Here are some useful resources: <br/> - [Configure Trusted Roots and Disallowed Certificates](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn265983(v=ws.11))<br/>- [Improving application Start up time: GeneratePublisherEvidence setting in Machine.config](/archive/blogs/amolravande/improving-application-start-up-time-generatepublisherevidence-setting-in-machine-config)|
113112
| Work-around solution (Alternative) <br/> *This is not a best practice since you're no longer checking for revoked certificates or certificate pinning.*| Disable CRL check only for SPYNET. <br/> Configuring this registry SSLOption disables CRL check only for SPYNET reporting. It won't impact other services.<br/><br/> Go to **HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet**, and then set `SSLOptions (dword)` to `2` (hex). <br/>For reference, here are possible values for the DWORD: <br/> - `0 – disable pinning and revocation checks` <br/> - `1 – disable pinning` <br/> - `2 – disable revocation checks only` <br/> - `3 – enable revocation checks and pinning (default)` |
114113

115114
## Attempt to download a fake malware file from Microsoft

0 commit comments

Comments
 (0)