You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/microsoft-defender-antivirus-using-powershell.md
+19-19Lines changed: 19 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,12 +65,12 @@ More details are available in [Use next-gen technologies in Microsoft Defender A
65
65
66
66
| Description | PowerShell Command |
67
67
|---|---|
68
-
|Enable the Microsoft Defender Cloud for near-instant protection and increased protection|Set-MpPreference -MAPSReporting Advanced|
69
-
|Automatically submit samples to increase group protection|Set-MpPreference -SubmitSamplesConsent Always|
70
-
|Always Use the cloud to block new malware within seconds|Set-MpPreference -DisableBlockAtFirstSeen 0|
71
-
|Scan all downloaded files and attachments|Set-MpPreference -DisableIOAVProtection 0|
72
-
|Set cloud block level to 'High'|Set-MpPreference -CloudBlockLevel High|
73
-
|High Set cloud block time-out to 1 minute|Set-MpPreference -CloudExtendedTimeout 50|
68
+
|Enable the Microsoft Defender Cloud for near-instant protection and increased protection|`Set-MpPreference -MAPSReporting Advanced`|
69
+
|Automatically submit samples to increase group protection|`Set-MpPreference -SubmitSamplesConsent Always`|
70
+
|Always Use the cloud to block new malware within seconds|`Set-MpPreference -DisableBlockAtFirstSeen 0`|
71
+
|Scan all downloaded files and attachments|`Set-MpPreference -DisableIOAVProtection 0`|
72
+
|Set cloud block level to 'High'|`Set-MpPreference -CloudBlockLevel High`|
73
+
|High Set cloud block time-out to 1 minute|`Set-MpPreference -CloudExtendedTimeout 50`|
74
74
75
75
## Always-on protection (real-time scanning)
76
76
@@ -80,18 +80,18 @@ For more details on these options, see [Configure behavioral, heuristic, and rea
80
80
81
81
| Description | PowerShell Command |
82
82
|---|---|
83
-
|Constantly monitor files and processes for known malware modifications | Set-MpPreference -DisableRealtimeMonitoring 0 |
84
-
|Constantly monitor for known malware behaviors – even in 'clean' files and running programs | Set-MpPreference -DisableBehaviorMonitoring 0 |
85
-
|Scan scripts as soon as they're seen or run | Set-MpPreference -DisableScriptScanning 0 |
86
-
|Scan removable drives as soon as they're inserted or mounted | Set-MpPreference -DisableRemovableDriveScanning 0 |
83
+
|Constantly monitor files and processes for known malware modifications |`Set-MpPreference -DisableRealtimeMonitoring 0`|
84
+
|Constantly monitor for known malware behaviors – even in 'clean' files and running programs |`Set-MpPreference -DisableBehaviorMonitoring 0`|
85
+
|Scan scripts as soon as they're seen or run |`Set-MpPreference -DisableScriptScanning 0`|
86
+
|Scan removable drives as soon as they're inserted or mounted |`Set-MpPreference -DisableRemovableDriveScanning 0`|
87
87
88
88
## Potentially Unwanted Application protection
89
89
90
90
[Potentially unwanted applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) are files and apps that aren't traditionally classified as malicious. These include non-Microsoft installers for common software, ad-injection, and certain types of toolbars in your browser.
91
91
92
92
| Description | PowerShell Command |
93
93
|---|---|
94
-
|Prevent grayware, adware, and other potentially unwanted apps from installing|Set-MpPreference -PUAProtection Enabled|
94
+
|Prevent grayware, adware, and other potentially unwanted apps from installing|`Set-MpPreference -PUAProtection Enabled`|
95
95
96
96
## Email and archive scanning
97
97
@@ -100,29 +100,29 @@ You can set Microsoft Defender Antivirus to automatically scan certain types of
Typically, you receive Microsoft Defender Antivirus updates from Windows update once per day. However, you can increase the frequency of those updates by setting the following options, and [ensuring that your updates are managed either in System Center Configuration Manager, with Group Policy, or in Intune](deploy-manage-report-microsoft-defender-antivirus.md).
108
108
109
109
| Description | PowerShell Command |
110
110
|---|---|
111
-
|Update signatures every day|Set-MpPreference -SignatureUpdateInterval|
112
-
|Check to update signatures before running a scheduled scan|Set-MpPreference -CheckForSignaturesBeforeRunningScan 1|
111
+
|Update signatures every day|`Set-MpPreference -SignatureUpdateInterval`|
112
+
|Check to update signatures before running a scheduled scan|`Set-MpPreference -CheckForSignaturesBeforeRunningScan 1`|
113
113
114
114
## Advanced threat and exploit mitigation and prevention Controlled folder access
115
115
116
116
Microsoft Defender exploit protection provides features that help protect devices from known malicious behaviors and attacks on vulnerable technologies.
117
117
118
118
| Description | PowerShell Command |
119
119
|---|---|
120
-
|Prevent malicious and suspicious apps (such as ransomware) from making changes to protected folders with Controlled folder access|Set-MpPreference -EnableControlledFolderAccess Enabled|
121
-
|Block connections to known bad IP addresses and other network connections with [Network protection](network-protection.md)|Set-MpPreference -EnableNetworkProtection Enabled|
122
-
|Apply a standard set of mitigations with [Exploit protection](exploit-protection.md)|Invoke-WebRequest </br> https://demo.wd.microsoft.com/Content/ProcessMitigation.xml -OutFile ProcessMitigation.xml </br >Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml|
|Prevent malicious and suspicious apps (such as ransomware) from making changes to protected folders with Controlled folder access|`Set-MpPreference -EnableControlledFolderAccess Enabled`|
121
+
|Block connections to known bad IP addresses and other network connections with [Network protection](network-protection.md)|`Set-MpPreference -EnableNetworkProtection Enabled`|
122
+
|Apply a standard set of mitigations with [Exploit protection](exploit-protection.md)|`Invoke-WebRequest` <br/> `https://demo.wd.microsoft.com/Content/ProcessMitigation.xml -OutFile ProcessMitigation.xml` <br/>`Set-ProcessMitigation -PolicyFilePath ProcessMitigation.xml`|
Some rules might block behavior you find acceptable in your organization. In these cases, change the rule from Enabled to Audit to prevent unwanted blocks.
125
+
Some rules might block behavior you find acceptable in your organization. In these cases, change the rule from `Enabled` to `Audit` to prevent unwanted blocks.
0 commit comments