Merge branch 'main' into docs-editor/configure-exclusions-microsoft-1739568940

padmagit77 · web-flow · commit 869534ac221d · 2025-02-18T20:26:02.000+05:30
diff --git a/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md b/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: deniseb
 ms.subservice: ngp
-ms.date: 12/26/2024
+ms.date: 02/18/2025
 ms.collection: 
 - m365-security
 - tier2
@@ -34,46 +34,49 @@ For more information, see [Configure device restriction settings in Microsoft In
 
 ## Use Microsoft Configuration Manager to configure scanning options
 
-For details on configuring Microsoft Configuration Manager (current branch), see [How to create and deploy antimalware policies: Scan settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings).
+For details on configuring Microsoft Configuration Manager (current branch), see [How to create and deploy anti-malware policies: Scan settings](/configmgr/protect/deploy-use/endpoint-antimalware-policies#scan-settings).
 
 ## Use Group Policy to configure scanning options
 
 > [!TIP]
-> Download the Group Policy Reference Spreadsheet, which lists the policy settings for computer and user configurations that are included in the Administrative template files delivered with for Windows. You can configure refer to the spreadsheet when you edit Group Policy Objects. Here are the most recent versions:
+> Download the Group Policy Reference Spreadsheet, which lists the policy settings for computer and user configurations that are included in the Administrative template files delivered for Windows. Refer to the spreadsheet when you edit Group Policy Objects. Here are the most recent versions:
 > - [Group Policy Settings Reference Spreadsheet for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/details.aspx?id=101451)
 > - [Group Policy Settings Reference Spreadsheet for Windows 11 October 2021 Update (21H2)](https://www.microsoft.com/download/details.aspx?id=103506)
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)).
 
 2. Right-click the Group Policy Object you want to configure, and then select **Edit**.
 
-3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
+3. In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
 
 4. Expand the tree to **Windows components** \> **Microsoft Defender Antivirus**, and then select a location (refer to [Settings and locations](#settings-and-locations) in this article).
 
 5. Edit the policy object.
 
-6. Click **OK**, and repeat for any other settings.
+6. Select **OK**, and repeat for any other settings.
 
 ### Settings and locations
 
 |Policy item and location|Default setting <br/>(if not configured)|PowerShell `Set-MpPreference` parameter <br/>or WMI property for `MSFT_MpPreference` class|
 |---|---|---|
-|Email scanning <br/> **Scan** \> **Turn on e-mail scanning**<br/>See [Email scanning limitations](#email-scanning-limitations) (in this article)|Disabled|`-DisableEmailScanning`|
-| Script scanning | Enabled  | This policy setting allows you to configure script scanning. If you enable or do not configure this setting, script scanning is enabled. <br/><br/>See [Defender/AllowScriptScanning](/windows/client-management/mdm/policy-csp-defender)  | 
-|Scan [reparse points](/windows/win32/fileio/reparse-points) <br/> **Scan** \> **Turn on reparse point scanning**|Disabled|Not available <br/>See [Reparse points](/windows/win32/fileio/reparse-points)|
-|Scan mapped network drives<br/>**Scan** \> **Run full scan on mapped network drives**|Disabled|`-DisableScanningMappedNetworkDrivesForFullScan`|
-|Scan archive files (such as .zip or .rar files). <br/>**Scan** \> **Scan archive files**|Enabled|`-DisableArchiveScanning` <br/><br/>The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) will take precedence over this setting.|
-|Scan files on the network <br/>**Scan** \> **Scan network files**|Disabled|`-DisableScanningNetworkFiles`|
-|Scan packed executables<br/>**Scan** \> **Scan packed executables**|Enabled|Not available <br/><br/>Scan packed executables were removed from the following templates:<br/>- Administrative Templates (.admx) for Windows 11 2023 Update (23H2)<br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2) - v3.0 <br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2)<br/>- Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2)|
-|Scan removable drives during full scans only<br/>**Scan** \> **Scan removable drives**|Disabled|`-DisableRemovableDriveScanning`|
-|Specify the level of subfolders within an archive folder to scan <p>**Scan** \> **Specify the maximum depth to scan archive files**|0|Not available|
-|Specify the maximum CPU load (as a percentage) during a scan. <p> **Scan** \> **Specify the maximum percentage of CPU utilization during a scan**|50|`-ScanAvgCPULoadFactor`<br/><br/> The maximum CPU load is not a hard limit, but is guidance for the scanning engine to not exceed the maximum on average. Manual scans ignore this setting and run without any CPU limits.|
-|Specify the maximum size (in kilobytes) of archive files that should be scanned.<br/>**Scan** \> **Specify the maximum size of archive files to be scanned**|No limit|Not available <br/><br/>The default value of 0 applies no limit|
-|Configure low CPU priority for scheduled scans<br/>**Scan** \> **Configure low CPU priority for scheduled scans**|Disabled|Not available|
+|Email scanning <br/> **Scan** > **Turn on e-mail scanning**<br/>See [Email scanning limitations](#email-scanning-limitations) (in this article)|Disabled|`-DisableEmailScanning`|
+| Script scanning | Enabled  | This policy setting allows you to configure script scanning. If you enable or don't configure this setting, script scanning is enabled. <br/><br/>See [Defender/AllowScriptScanning](/windows/client-management/mdm/policy-csp-defender)  |
+|Scan [reparse points](/windows/win32/fileio/reparse-points) <br/> **Scan** > **Turn on reparse point scanning**|Disabled|Not available <br/>See [Reparse points](/windows/win32/fileio/reparse-points)|
+|Scan mapped network drives<br/>**Scan** > **Run full scan on mapped network drives**|Disabled|`-DisableScanningMappedNetworkDrivesForFullScan`|
+|Scan archive files (such as .zip or .rar files). <br/>**Scan** > **Scan archive files**|Enabled|`-DisableArchiveScanning` <br/><br/>The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) takes precedence over this setting.|
+|Scan files on the network <br/>**Scan** > **Scan network files**|Disabled|`-DisableScanningNetworkFiles`|
+|Scan packed executables<br/>**Scan** > **Scan packed executables**|Enabled|Not available <br/><br/>Scan packed executables were removed from the following templates:<br/>- Administrative Templates (.admx) for Windows 11 2023 Update (23H2)<br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2) - v3.0 <br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2)<br/>- Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2)|
+|Scan removable drives during full scans only<br/>**Scan** > **Scan removable drives**|Disabled|`-DisableRemovableDriveScanning`|
+|Specify the level of subfolders within an archive folder to scan <p>**Scan** > **Specify the maximum depth to scan archive files**|0|Not available|
+|Specify the maximum CPU load (as a percentage) during a scan. <p> **Scan** > **Specify the maximum percentage of CPU utilization during a scan**|50|`-ScanAvgCPULoadFactor`<br/><br/> The maximum CPU load isn't a hard limit, but is guidance for the scanning engine to not exceed the maximum on average. Manual scans ignore this setting and run without any CPU limits.|
+|Specify the maximum size (in kilobytes) of archive files that should be scanned.<br/>**Scan** > **Specify the maximum size of archive files to be scanned**|No limit|Not available <br/><br/>The default value of 0 applies no limit|
+|Configure low CPU priority for scheduled scans<br/>**Scan** > **Configure low CPU priority for scheduled scans**|Disabled|Not available|
+|Configure scanning of network files <br/>**Scan** > **Configure scanning of network files**|Enabled|-DisableScanningNetworkFiles|
+|CPU throttling type <br/>**Scan** > **CPU throttling type**|Disabled|-ThrottleForScheduledScanOnly |
+|Scan excluded files and directories during quick scan <br/>**Scan** > **Scan excluded files and directories during quick scan**|Disabled|Not available|
 
 > [!NOTE]
-> If real-time protection is turned on, files are scanned before they are accessed and executed. The scanning scope includes all files, including files on mounted removable media, such as USB drives. If the device performing the scan has real-time protection or on-access protection turned on, the scan also includes network shares.
+> If real-time protection is turned on, files are scanned before they're accessed and executed. The scanning scope includes all files, such as files on mounted removable media, like USB drives. If the device performing the scan has real-time protection or on-access protection turned on, the scan also includes network shares.
 
 > [!TIP]
 > If you have a Network-Attached Storage (NAS) or Storage Area Network (SAN), you can use Internet Content Adaption Protocol (ICAP) scanning with the Microsoft Defender Antivirus engine. For more information, see **[Tech Community Blog: MetaDefender ICAP with Windows Defender Antivirus: World-class security for hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/metadefender-icap-with-windows-defender-antivirus-world-class/ba-p/800234)**.
@@ -97,7 +100,7 @@ Email scanning enables scanning of email files used by Outlook and other mail cl
 - `MBX`
 - `MIME`
 
-`PST` files used by Outlook 2003 or older (where the archive type is set to non-unicode) are also scanned, but Microsoft Defender Antivirus cannot remediate threats that are detected inside `PST` files.
+`PST` files used by Outlook 2003 or older (where the archive type is set to nonunicode) are also scanned, but Microsoft Defender Antivirus can't remediate threats that are detected inside `PST` files.
 
 If Microsoft Defender Antivirus detects a threat inside an email message, the following information is displayed to assist you in identifying the compromised email so you can remediate the threat manually:
 
diff --git a/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md b/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md
@@ -1,6 +1,6 @@
 ---
 title: Apply Microsoft Defender Antivirus protection updates to out of date endpoints
-description: Define when and how updates should be applied for endpoints that haven't updated in a while.
+description: Define when and how updates should be applied for out of date endpoints in Microsoft Defender Antivirus.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
 ms.topic: conceptual
@@ -14,7 +14,7 @@ ms.collection:
 - m365-security
 - tier3
 search.appverid: met150
-ms.date: 04/08/2021
+ms.date: 02/18/2025
 ---
 
 # Manage Microsoft Defender Antivirus updates and scans for endpoints that are out of date
@@ -45,7 +45,7 @@ You can use one of several methods to set up catch-up protection updates:
 
 ### Use Configuration Manager to configure catch-up protection updates
 
-1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
+1. On your Microsoft Configuration Manager console, open the anti-malware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
 
 2. Go to the **Security intelligence updates** section and configure the following settings:
 
@@ -58,7 +58,7 @@ You can use one of several methods to set up catch-up protection updates:
 
 ### Use Group Policy to enable and configure the catch-up update feature
 
-1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and then select **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). Right-click the Group Policy Object you want to configure and then select **Edit**.
 
 2. In the **Group Policy Management Editor** go to **Computer configuration**.
 
@@ -119,9 +119,9 @@ You can use Group Policy to specify the number of days after which endpoint prot
 
     4. Select **OK**.
 
-## Set up catch-up scans for endpoints that have not been scanned for a while
+## Set up catch-up scans for endpoints that haven't been scanned for a while
 
-You can set the number of consecutive scheduled scans that can be missed before Microsoft Defender Antivirus will force a scan.
+You can set the number of consecutive scheduled scans that can be missed before Microsoft Defender Antivirus forces a scan.
 
 The process for enabling this feature is:
 
@@ -145,7 +145,7 @@ You can use one of several methods to set up catch-up scans:
 
 ### Use Group Policy to enable and configure the catch-up scan feature
 
-1. Ensure you have set up at least one scheduled scan.
+1. Ensure you set up at least one scheduled scan.
 
 2. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
 
@@ -193,14 +193,31 @@ See the following article for more information and allowed parameters:
 
 ### Use Configuration Manager to configure catch-up scans
 
-1. On your Microsoft Configuration Manager console, open the antimalware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
+1. On your Microsoft Configuration Manager console, open the anti-malware policy you want to change (select **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** \> **Endpoint Protection** \> **Antimalware Policies**)
 
 2. Go to the **Scheduled scans** section and **Force a scan of the selected scan type if client computer is offline...** to **Yes**.
 
 3. Select **OK**.
 
 4. [Deploy the updated policy as usual](/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
 
+### Use Group Policy to configure security intelligence updates over a metered connection
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+
+1. In the **Group Policy Management Editor**, go to **Computer configuration**.
+
+1. Select **Policies** and then select **Administrative templates**.
+
+1. Expand the tree to **Windows components > Microsoft Defender Antivirus > Security Intelligence Update** and configure the following settings:
+
+- If you have set up scheduled quick scans, double-click the Allow Microsoft Defender Antivirus to update and communicate over a metered connection setting and set the option to **Enabled**.
+  - Select **OK**.
+    
+  |Settings| Description| Default | 
+  | -------- | -------- | -------- |
+  |Allow Microsoft Defender Antivirus to update and communicate over a metered connection.|Enabling this policy will automatically download updates, even over metered data connections (charges may apply)| Disabled |
+
 > [!TIP]
 > If you're looking for Antivirus related information for other platforms, see:
 > - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
diff --git a/defender-endpoint/schedule-antivirus-scans-group-policy.md b/defender-endpoint/schedule-antivirus-scans-group-policy.md
