Window Defender block the Group Policy Setting

[Guest]

Hi All,

Our company is using Group Policy to standardize the IE default home page
and screen saver setting for the users' workstation. However, we found that
WD will consider it is spyware behaviour and our users could block the
configuration from AD.

How we can configure WD to allow any configuration from Group Policy by
default?

Thanks

 

[Bill Sanderson MVP]

Windows Defender cannot be configured to prevent this, and thus, for this
reason among others, is not suitable for use in your environment.

Microsoft Forefront Client Security is the appropriate anti-malware product
for this environment.

http://www.microsoft.com/forefront/clientsecurity/default.mspx

 

[Guest]

How can I force to disable WD running in our environment even our user
install by themselves?

 

[Bill Sanderson MVP]

That you can do--with the released version at least. The released version
installs a .ADM file in the INF folder which exposes the following settings:

Setting State
Turn off Windows Defender Not configured
Turn off Real-Time Protection Prompts for Unknown Detection Not configured
Check for New Signatures Before Scheduled Scans Not configured
Download Entire Signature Set Not configured
Enable Logging Known Good Detections Not configured
Enable Logging Unknown Detections Not configured
Configure Microsoft SpyNet Reporting Not configured
Turn on definition updates through both WSUS and Windows Update Not
configured

So--you can turn it off via group policy--but I believe you should also be
able to prevent installation, but my knowledge of group policy is less than
elementary, I'm afraid.


--

 

[Diana Smith]

Unknowns are turned off by default, so you could deploy it with defaults.
Set whatever you want, and then at a another time turn unknowns on. That
would prevent the prompting.

Diana

 

[Guest]

Bill -

Thanks for the heads-up. I didn't even realize that Forefront existed.
Since that is still in beta, I am sure this group wouldn't be proper in which
to go into an extended discussion regarding it. However, I would like to
point out that Forefront is not just an anti-spyware solution; it is
integrated anti-spyware and anti-virus. While we've been using Defender in
beta and in full releases to handle our anti-spyware due to its ease of use
and realtime protections, that decision was made because we didn't have
something which addressed this vulnerability specifically. We do have
corporate anti-virus, however, and it seems to me that it's going to be a
hard sell to get businesses with corporate subscriptions to the big 2 AV
providers (and even a couple of the smaller, up-and-comings such as TM) to
switch to a new, unproven AV solution.

The anti-spyware was a no-brainer given the lack of generally accepted
corporate standards, but the anti-virus will be harder to swallow.

Just some thoughts. Don't flame me.

- Eric McWhorter