Questions tagged [windows-defender]
The windows-defender tag has no usage guidance.
33
questions
6
votes
1
answer
586
views
Managing Windows Defender in small business domain (is a nightmare)
I've spent a few months rolling out Group Policy for Windows Defender on a small business domain (about 25 workstations), and gathering the results with Event Viewer. (We are not running SCCM)
I have ...
2
votes
2
answers
4k
views
Defender ATP public IP addresses
Does anybody know the IP addresses Microsoft uses for their Defender ATP Service?
I can find the associated domain names but not a reliable source of the IP addresses being used.
- 191
1
vote
1
answer
1k
views
Using Set-MpPreference to schedule Windows full and quick scans doesn't work
On a Windows 10 machine, I have been trying to set the time of virus scans using the following PowerShell commands.
Set-MpPreference -ScanParameters FullScan
Set-MpPreference -ScanScheduleDay Monday
...
- 73
1
vote
0
answers
157
views
PowerShell - Failure to load built-in modules due to software restrictions
Yesterday, I was working with PowerShellEditorServices to develop a tool. Internally, it uses named pipes to communicate between the client and server. They are both running locally.
At some point, ...
- 131
1
vote
0
answers
849
views
Windows Defender won't install on Server 2016
I'm trying to install Windows Defender on one of our WIN Server 2016s but am getting a failure message with error code 0x800f0831. I tried the install through Server Manager > Add Roles and Feature....
- 39
1
vote
0
answers
122
views
Onboarding Server 2016 to Defender ATP Package Fails to Install
I am having issues onboarding multiple Windows Server 2016 to Defender ATP.
The initial installation of the Onboarding Package fails and rolls back.
The server I am focusing on currently is fully ...
- 123
1
vote
0
answers
56
views
How to set alerts for an installed application not in exception list?
We are often getting incidents from Microsoft Defender about malicious activity detected on user devices, For example, lately we had an incident that said there was a defense evasion, however, at the ...
- 117
1
vote
0
answers
195
views
Why isnt the remediation improving the exposure score in Microsoft defender?
I am trying to improve our exposure score on Microsoft Defender and noted that "Block persistence through WMI event subscription" has a remediation which Ive already applied since almost a ...
- 117
1
vote
0
answers
446
views
MMC crash during remote firewall management
Using MMC, I'm attempting to remotely manage the Windows Defender Firewall on our Hyper-V Server 2019 instance (no GUI, CLI only). The NetBIOS name is SERVER1.
The Windows Defender Firewall Remote ...
- 755
1
vote
0
answers
1k
views
Windows Firewall - Protected network connections?
In Windows Defender Firewall, under Advanced Settings, there is a "Protected network connections" setting for each profile (Domain, Public, Private). An image of this setting:
Protected network ...
- 11
1
vote
2
answers
11k
views
Is it safe to delete Windows Defender Scans History Files?
OS: Windows 10 Pro (used as production server to host websites, and mail functions.)
I've noticed that de-fragmenting my hard drive (using MyDefrag v4.3.1) it's taking for ever to work itself through ...
- 274
0
votes
1
answer
147
views
Virus scanner in Azure App Service
Is there any virus scanner installed on Azure App Service machines? When my web application is receiving a file, is it scanned on the wire? Or could I save it to disk, wait 2 seconds and if it ...
- 205
0
votes
1
answer
98
views
My scheduled task to run MpCmdRun.exe works with one set of flags but not another (fails with 0x2 "File not found")
I have a GPO that gives my Win10 workstations two scheduled tasks.
Task one runs C:\Program Files\Windows Defender\MpCmdRun.exe -removedefinitions -dynamicsignatures
Task two runs C:\Program Files\...
- 341
0
votes
0
answers
31
views
Windows Defender Anti-Malware / Anti-Virus Does Not Reliably Update
Problem: Windows Domain environment with Windows 10 workstations that will not reliably update Windows Defender.
I use ACAS to scan my environment weekly, and every week at least a few of these ...
- 341
0
votes
0
answers
1k
views
Windows Defender suddenly using all CPU -- Windows Server 2019
I have a Windows Server 2019 virtual machine hosted on Azure. For the last two or three days, web applications hosted there have been very slow.
Yesterday I started digging into it, and found that ...
0
votes
2
answers
224
views
Where is Defender CSP in Windows configuration designer?
I'm trying to create a provisioning package for test PCs and I'm having hard time finding Defender CSP in Windows Configuration Designer.
at first I downloaded Windows Configuration designer from ...
user995120
0
votes
0
answers
315
views
No domain profile in Windows Defender Firewall
We've moved from an on site server to online at our company, and we've had our user profiles rebuilt on our PC's so that we use Azure based profiles instead of domain profiles. I'm having issues ...
- 188
0
votes
0
answers
77
views
How to disable Tamper Protection (Windows 10 IoT Enterprise 21H2) during deployment?
Is there a way to disable Tamper Protection of Windows Defender on Windows 10 IoT Enterprise 21H2 during image deployment ?
I use unattend.xml file to deploy Windows 10 IoT and I would need to disable ...
0
votes
1
answer
232
views
Device not reporting to Windows Defender ATP
I ran a script to offboard the PC and onboard the PC after deleting the reg key and everything in the cyber folder using the sysInternals tools. Now that I have onboarded the PC. I have waited for ...
- 11
0
votes
1
answer
345
views
Windows defender ransomware protection and SQL Server
Our small company has organized several levels of virus protection for Windows servers, but there are always fears that this is not enough.
Is it correct to configure Windows Defender Ransomware ...
- 101
0
votes
1
answer
843
views
Exchange Online - Reporting on blocked users
There is a feature in Exchange Online which blocks users from being able to send email when they send too many emails in a time period. It usually triggers either when a user sends a load of emails ...
- 165
0
votes
1
answer
2k
views
Whitelist mailboxes from being blocked from sending emails due to the "User restricted from sending email" alert policy in microsoft365 security?
I have a couple of mailboxes that are periodically being blocked from sending emails due to the "User restricted from sending email" alert policy within the security and compliance center in ...
- 1
0
votes
1
answer
67
views
How can you connect Azure Cloud Services (Classic) Defender to Azure Security Centre?
Given Azure Cloud Services (Classic, not Extended Support) using Family 6 (Windows 2019). Windows Defender is enabled and scanning files.
How can the logs and scan results be surfaced to the Azure ...
- 101
0
votes
1
answer
51
views
What flavor of Defender do I get on my computer
I see many terminologies when it comes to Windows Defender. For example, this document has references to Microsoft Defender Antivirus and also Microsoft Defender for Endpoint. Also, I read a few ...
- 101
0
votes
0
answers
1k
views
MDATP installation in Docker on Linux Image
Was anyone able to install MDATP on a Linux Docker image?
We tried CentOS, Debian, and Ubuntu and all have the same issue. I installed MDATP successful when the Linux box is a full host but not in ...
0
votes
0
answers
245
views
Windows Defenders - Antimalware - Exclude Directory from Scan
I looked at this article: https://www.windowscentral.com/how-exclude-files-and-folders-windows-defender-antivirus-scans, but my Windows 2019 Datacenter server server doesn't look anything like there ...
- 1,333
0
votes
0
answers
1k
views
BSOD Critical_Process_Died after enabling Windows Defender Firewall
Server 2019 1809 17763.914 running Remote Desktop Services and all updates are applied.
On reboot, the Windows Defender Firewall is stopped (even though it is set to automatically start) and when I ...
0
votes
0
answers
335
views
How to make Windows Defener trust my applications at company level
In my company, I made some Windows form applications for internal use.
They're some client-server applications, client is C# windows form (.NET4.6), server is ASP.NET REST API, publish using ...
- 103
0
votes
0
answers
84
views
Windows Defender Real Time Scan
Windows Defender would not detect in real time a new Malware hidden in a .zip file.
If I scan the .zip file after it was downloaded from the website it does detect it and deletes it.
Zip file is not ...
- 11
0
votes
1
answer
472
views
Clear Windows Defender History in in Windows 11 22H2 22621.2215 and later is not possible
I want to delete the Windows Defender History in Windows 11 22H2 22621.2215. In particular, accessing the folder C:\ProgramData\Microsoft\Windows Defender\Scans is not possible. It seems that ...
0
votes
1
answer
421
views
Windows defender real-time protection "disabled"
Initially windows defender was disabled for some reason in Windows server 2016. I enabled it from gpedit.msc by disabling "Turn off windows defender".
When opening Windows defender, it shows real-...
- 1
-1
votes
2
answers
3k
views
Why Windows 10 Blocks some LAN IPs (192.168..)?
- Summarize the problem:
Windows 10 does not allow visiting my local LAN IPs (192.168.1.0/24), and some domains (that are defined in my hosts file). Error shows in all browsers (e.g. form chrome: ...
- 11
-1
votes
1
answer
1k
views
Strange Virus/Spyware blocked notification on frequently used vendor site
See screen shot above.
This Virus warning appears when a user attempts to download an .exe from a frequently used Vendor website. This just started a few days ago. As far as I'm aware we don't have ...
- 218