You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Windows 10 or newer and Windows Server 2016 or newer you can use next-generation protection features offered by Microsoft Defender Antivirus(MDAV) and Microsoft Defender Exploit Guard (Microsoft Defender EG).
32
32
33
-
This topic explains how to enable and test the key protection features in Microsoft Defender AV and Microsoft Defender EG, and provides you with guidance and links to more information.
33
+
This article explains how to enable and test the key protection features in Microsoft Defender AV and Microsoft Defender EG, and provides you with guidance and links to more information.
34
34
35
35
We recommend you use [this evaluation PowerShell script](https://aka.ms/wdeppscript) to configure these features, but you can individually enable each feature with the cmdlets described in the rest of this document.
36
36
@@ -72,7 +72,7 @@ More details are available in [Use next-gen technologies in Microsoft Defender A
72
72
|Always Use the cloud to block new malware within seconds|Set-MpPreference -DisableBlockAtFirstSeen 0|
73
73
|Scan all downloaded files and attachments|Set-MpPreference -DisableIOAVProtection 0|
74
74
|Set cloud block level to 'High'|Set-MpPreference -CloudBlockLevel High|
75
-
|High Set cloud block timeout to 1 minute|Set-MpPreference -CloudExtendedTimeout 50|
75
+
|High Set cloud block time-out to 1 minute|Set-MpPreference -CloudExtendedTimeout 50|
76
76
77
77
## Always-on protection (real-time scanning)
78
78
@@ -84,20 +84,20 @@ See [Configure behavioral, heuristic, and real-time protection](configure-protec
84
84
|---|---|
85
85
|Constantly monitor files and processes for known malware modifications | Set-MpPreference -DisableRealtimeMonitoring 0 |
86
86
|Constantly monitor for known malware behaviors – even in 'clean' files and running programs | Set-MpPreference -DisableBehaviorMonitoring 0 |
87
-
|Scan scripts as soon as they are seen or run | Set-MpPreference -DisableScriptScanning 0 |
88
-
|Scan removable drives as soon as they are inserted or mounted | Set-MpPreference -DisableRemovableDriveScanning 0 |
87
+
|Scan scripts as soon as they're seen or run | Set-MpPreference -DisableScriptScanning 0 |
88
+
|Scan removable drives as soon as they're inserted or mounted | Set-MpPreference -DisableRemovableDriveScanning 0 |
89
89
90
90
## Potentially Unwanted Application protection
91
91
92
-
[Potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) are files and apps that are not traditionally classified as malicious. These include third-party installers for common software, ad-injection, and certain types of toolbars in your browser.
92
+
[Potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) are files and apps that aren't traditionally classified as malicious. These include non-Microsoft installers for common software, ad-injection, and certain types of toolbars in your browser.
93
93
94
94
| Description | PowerShell Command |
95
95
|---|---|
96
96
|Prevent grayware, adware, and other potentially unwanted apps from installing|Set-MpPreference -PUAProtection Enabled|
97
97
98
98
## Email and archive scanning
99
99
100
-
You can set Microsoft Defender Antivirus to automatically scan certain types of email files and archive files (such as .zip files) when they are seen by Windows. More information about this feature can be found under the [Manage email scans in Microsoft Defender](configure-advanced-scan-types-microsoft-defender-antivirus.md) article.
100
+
You can set Microsoft Defender Antivirus to automatically scan certain types of email files and archive files (such as .zip files) when they're seen by Windows. More information about this feature can be found under the [Managed email scans in Microsoft Defender](configure-advanced-scan-types-microsoft-defender-antivirus.md) article.
101
101
102
102
103
103
| Description | PowerShell Command |
@@ -124,7 +124,7 @@ Microsoft Defender Exploit Guard provides features that help protect devices fro
124
124
|Apply a standard set of mitigations with [Exploit protection](exploit-protection.md)|Invoke-WebRequest </br> https://demo.wd.microsoft.com/Content/ProcessMitigation.xml -OutFile ProcessMitigation.xml </br >Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml|
Some rules may block behavior you find acceptable in your organization. In these cases, change the rule from Enabled to Audit to prevent unwanted blocks.
127
+
Some rules might block behavior you find acceptable in your organization. In these cases, change the rule from Enabled to Audit to prevent unwanted blocks.
128
128
129
129
#### Enable Tamper Protection
130
130
@@ -134,7 +134,7 @@ For more information [How do I configure or manage tamper protection](/defender-
134
134
135
135
#### Check the Cloud Protection network connectivity
136
136
137
-
It is important to check that the Cloud Protection network connectivity is working during your pen testing.
137
+
It's important to check that the Cloud Protection network connectivity is working during your pen testing.
For more information [Use the cmdline tool to validate cloud-delivered protection ](/defender-endpoint/configure-network-connections-microsoft-defender-antivirus)
148
148
149
-
## One-click Microsoft Defender Offline Scan
149
+
## One-select Microsoft Defender Offline Scan
150
150
151
151
Microsoft Defender Offline Scan is a specialized tool that comes with Windows 10 or newer, and allows you to boot a machine into a dedicated environment outside of the normal operating system. It's especially useful for potent malware, such as rootkits.
0 commit comments