4
I would like to change some Windows Defender settings via the registry, after a clean install of Windows 8, now I know of the DisableAntiSpyware registry value, but I would appreciate if someone could point me to a complete listing of all settings related to Windows Defender.
The settings I am particularly keen on changing are:
Scanning of removable drives
Time of daily scan
Real-time protection
Thanks
5
By using RegShot I found the Registry keys that will change some Windows Defender settings.
To enable scanning removable drives navigate to
HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\DisableRemovableDriveScanning
To enable set the value to 0 - to disable set to 1
1
For James and others who want to automate deployement processes, PowerShell has a nice tool specifically for that scenario, starting with Windows Server 2012 R2 and Windows 8.1.
The Set-MpPreference cmdlet configures preferences for Windows Defender scans and updates. See the TechNet article Set-MpPreference for the complete set of options and other technical and platform-specific details.
For James' particulars...
Scanning of removable drives
-DisableRemovableDriveScanning
<Boolean>Indicates whether to scan for malicious and unwanted software in removable drives, such as flash drives, during a full scan. If you specify a value of $True, Windows Defender scans removable drives during any type of scan. If you specify a value of $False or do not specify a value, Windows Defender does not scan removable drives during a full scan. Windows Defender can still scan removable drives during quick scans or custom scans.
Time of daily scan
-RemediationScheduleTime
<DateTime>Specifies the time of day, as the number of minutes after midnight, to perform a scheduled scan. The time refers to the local time on the computer. If you do not specify a value for this parameter, a scheduled scan runs at the default time of two hours after midnight.
Real-time protection
-DisableRealtimeMonitoring
<Boolean>Indicates whether to use real-time protection. If you specify a value of $True or do not specify a value, Windows Defender uses real-time protection. We recommend that you enable Windows Defender to use real-time protection.
For those unfamiliar with PowerShell, two external help pages that one might find helpful include MSDN and digitalcitizen.life. And of course your favorite search engine.
Bob
Posted 2013-03-20T23:38:59.577
Reputation: 13
0
You can edit your settings through the GUI: ....But that may be too simple..... Administrators can use group policy to perform most of the same actions. See this KB Article
][1] http://support.microsoft.com/kb/927367
Unlike Microsoft Security Essentials, Windows Defender has no configuration options for scheduled scanning in its GUI (Graphical User Interface), but you still might want to automate quick or full scans.
To do that, open Settings Search using keyboard shortcut Windows Key+W, type "schedule" into Search box and click Schedule tasks.
Touch screen owners should first swipe in from the right edge of screen - this opens Charms bar where you can click the Search icon.
Windows 8, Start screen, Settings search. To schedule Windows Defender tasks, type "schedule" into Search box. Then click "Schedule tasks".
Right-click Task Scheduler (Local) on the left side and select Create Basic Task.
Create Basic Task Wizard opens. Type a descriptive name for the scanning task and click Next.
If you want to run quick weekly scans, set the frequency to Weekly. As full scans take long to complete, you should use Monthly for these instead.
Set a weekday and time for quick scans, or all months, a day and time for full scans.
Because you cannot limit CPU usage, choose a time when your PC is most probably turned on, but not in very active use - during scanning, your computer slows down.
In action selection, the default Start a program is fine.
Click Browse.
Navigate to C:\Program Files\Windows Defender folder and double-click MpCmdRun.exe. This is the executable file that allows performing common tasks in Windows Defender.
To schedule a weekly quick scan, type "-Scan -ScanType 1" into Add arguments (optional) field. To perform a full scan, type "-Scan -ScanType 2" instead.
We're almost finished here. Enable the Open the Properties dialog for this task when I click Finish option before clicking Finish.
In the General tab of the Task you just created, tick the Run with highest privileges check box. This allows Windows Defender to run with elevated rights and ensures all malware really is removed.
Open Settings tab and turn on the Run task as soon as possible after a scheduled start is missed option. If your computer is turned off or you are not signed in at scheduled time, the scanning will start after you log in to Windows the next time.
Click OK to close the Task Properties window.
At scheduled times, a black Command Prompt window appears. It will close automatically after the scanning is complete.
G Koe
Posted 2013-03-20T23:38:59.577
Reputation: 4 333
1Nice tutorial, but you haven't answered my question change some Windows Defender settings via the registry – None – 2013-03-21T01:07:06.943
So sorry, I'm not sure why you would want to directly modify the registry, except to develop a method to circumvent windows defender on multiple systems, which would be OFF TOPIC. As an administrator, you may choose to modify defender settings via group policy under Local Computer Policy -> Administrative Templates -> Windows Components -> Windows Defender – G Koe – 2013-03-22T04:28:56.587
I want to use it when deploying multiple computers and simply running a script that will enable the "scan removable drives". Thank You – None – 2013-03-22T13:57:51.200
1External links can break or be unavailable, in which case your answer would .be just a hint. Please include the essential information within your answer and use the link for attribution and further reading. Thanks. – fixer1234 – 2016-06-18T19:46:13.360
@fixer1234, sorry, I thought the name of the script was the essential part. I'll try to improve it. Thanks for the feedback. – Bob – 2016-06-21T15:21:42.240