API for setting up Defender?

[Guest]

We have a distributed system, and need to apply Defender "Allow" settings and
"ignore directory" settings across many nodes. Is there an API to accomplish
this? - or is it scriptable using Powershell or something?

thanks,
Paul.

 

[Bill Sanderson MVP]

Windows Defender has very limited group policy settings which are defined in
a .adm file installed as part of the product distribution.

For your use, Microsoft Forefront Client Protection--which has been
released, but won't be available until July, as I recall--except in the form
of a public beta--would be a far better fit.

 

[Simon Zerafa]

Hi,

If you export the relevent registry settings and save them to a .REG file,
these can be imported *BEFORE* you install WD

They will "stick" once the package has been installed.

If you attempt this once WD is installed the registry setting are protected
and cannot be altered.

My settings are as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"AutomaticallyCleanAfterScan"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000000
"ScheduleTime"=dword:000004b0
"ScheduleDay"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX Configuration]
"AlwaysShowTaskTrayIcon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000002

I have often wondered if this is in fact bad design or a bug, but it's
useful.

Kind Regards

Simon

 

[Bill Sanderson MVP]

I think setting the permissions on the registry keys so that they are not
easily changed is likely by design. Your workaround is a good one,
though--thanks!

 

[Shiroy Choksey]

It is possible to script changing permissions on registry keys
[http://support.microsoft.com/kb/245031]

[Please make a note of the original permissions and take a back up of your
registry before you make any changes to it.]

After changing the permissions you should be able to modify the registry.

You can then reset the permissions to their original values, to ensure that
they can't be changed by an unauthorized program.

This is possible for a remote machine as well.

~Shiroy

I think setting the permissions on the registry keys so that they are not
easily changed is likely by design. Your workaround is a good one,
though--thanks!

--

Hi,

If you export the relevent registry settings and save them to a .REG
file, these can be imported *BEFORE* you install WD

They will "stick" once the package has been installed.

If you attempt this once WD is installed the registry setting are
protected and cannot be altered.

My settings are as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"AutomaticallyCleanAfterScan"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000000
"ScheduleTime"=dword:000004b0
"ScheduleDay"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX Configuration]
"AlwaysShowTaskTrayIcon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000002

I have often wondered if this is in fact bad design or a bug, but it's
useful.

Kind Regards

Simon

 

[Bill Sanderson MVP]

Excellent! I've definitely reset those permissions and made changes myself
by hand, but I haven't needed to script such changes.

Thanks.
--

It is possible to script changing permissions on registry keys
[http://support.microsoft.com/kb/245031]

[Please make a note of the original permissions and take a back up of your
registry before you make any changes to it.]

After changing the permissions you should be able to modify the registry.

You can then reset the permissions to their original values, to ensure
that they can't be changed by an unauthorized program.

This is possible for a remote machine as well.

~Shiroy

I think setting the permissions on the registry keys so that they are not
easily changed is likely by design. Your workaround is a good one,
though--thanks!

--

Hi,

If you export the relevent registry settings and save them to a .REG
file, these can be imported *BEFORE* you install WD

They will "stick" once the package has been installed.

If you attempt this once WD is installed the registry setting are
protected and cannot be altered.

My settings are as follows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"AutomaticallyCleanAfterScan"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000000
"ScheduleTime"=dword:000004b0
"ScheduleDay"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX
Configuration]
"AlwaysShowTaskTrayIcon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000002

I have often wondered if this is in fact bad design or a bug, but it's
useful.

Kind Regards

Simon