Remotely configuring Defender

[Guest]

Does anyone know where Defender stores it's configuartion settings. It rools
out fine via the MSI and will automatically connect to WSUS, but we would
like to change the default scan times and other settings to allow VNC to run
without a"OMG this is spyware" warning. Registry settings?

 

[Guest]

Nevermind I worked it out.
Those interested this is my reg file which gets Defender to update daily and
run a scan at 2:00pm, making sure that highly dangerous and medium level
threats are automatically removed. Haven't tested VNC yet to see if I can add
it to the exceptions list though.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
"AutomaticallyCleanAfterScan"=dword:00000001
"CheckForSignaturesBeforeRunningScan"=dword:00000001
"ScheduleTime"=dword:00000348
"ScanParameters"=dword:00000002


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Defender\Threats\ThreatSeverityDefaultAction]
"4"=dword:00000003
"2"=dword:00000003

 

[Bill Sanderson]

FWIW, all the VNC detections I've seen with the new build allow an "always
ignore" choice.

Thanks very much for posting this.

 

[Guest]

Did you push those Reg Settings out using GP? Do you have the setting to
'always ignore' for VNC?

Kelli