Select any old version/release of this SCAP to view the previous requirements
Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> "Configure Detection for Potentially Unwanted Applications" to "Enabled" and "Block".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> "Turn off routine remediation" to "Disabled" or "Not Configured".
For Windows 10: Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus set "Turn off Windows Defender Antivirus" to "Not Configured". For Windows 2016/Windows 2019: Use the following PowerShell cmdlet to uninstall Windows Defender AV on Windows 2016/Windows 2019: Uninstall-WindowsFeature -Name Windows-Defender
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Path Exclusions" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Process Exclusions" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions -> "Turn off Auto Exclusions" to "Disabled".
This is applicable to unclassified systems, for other systems this is NA. Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> MAPS -> "Configure local setting override for reporting to Microsoft MAPS" to "Disabled" or "Not Configured".
This is applicable to unclassified systems, for other systems this is NA. Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> MAPS -> "Configure the 'Block at First Sight' feature" to "Enabled".
This is applicable to unclassified systems, for other systems this is NA. Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender Antivirus >> MAPS >> "Join Microsoft MAPS" to "Enabled" and select "Advanced MAPS" from the drop down box.
This is applicable to unclassified systems, for other systems this is NA. Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> MAPS -> "Send file samples when further analysis is required" to "Enabled" and select "Send safe samples" from the drop down box.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Network Inspection System -> "Turn on protocol recognition" to "Enabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Configure local setting override for monitoring file and program activity on your computer" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Configure local setting override for monitoring for incoming and outgoing file activity" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Configure local setting override for scanning all downloaded files and attachments" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Configure local setting override for turn on behavior monitoring" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Configure local setting override to turn on real-time protection" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Configure monitoring for incoming and outgoing file and program activity" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Monitor file and program activity on your computer" to "Enabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Scan all downloaded files and attachments" to "Enabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Turn off real-time protection" to "Disabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> "Turn on behavior monitoring" to "Enabled " or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Real-time Protection -> Turn on process scanning whenever real-time protection is enabled to "Enabled" or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Scan archive files" to "Enabled " or "Not Configured".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Scan removable drives" to "Enabled".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Specify the day of the week to run a scheduled scan" to "Enabled " and select anything other than "Never" in the drop down box.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Scan -> "Turn on e-mail scanning" to "Enabled".
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Signature Updates -> "Define the number of days before spyware definitions are considered out of date" to "Enabled" and select "7" or less in the drop down box. Do not select a value of 0. This disables the option.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Signature Updates -> "Define the number of days before virus definitions are considered out of date" to "Enabled" and select "7" or less in the drop down box. Do not select a value of 0. This disables the option.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Signature Updates -> "Specify the day of the week to check for definition updates" to "Enabled" and select "Every Day" in the drop down box.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" to "Enabled". Select the “Show…” option box and enter "5” in the ‘Value name’ field and enter “2" in the ‘Value’ field.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “D4F940AB-401B-4EFC-AADC-AD5F3C50688A” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “3B576869-A4EC-4529-8536-B80A7769E899” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “D3E037E1-3EB8-44C8-A917-57927947596D” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “5BEB7EFE-FD9A-4556-801D-275E5FFC04CC” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Attack Surface Reduction -> "Configure Attack Surface Reduction rules" to "Enabled”. Click ‘Show...’. Set the Value name to “92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B” and the Value to “1”.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Windows Defender Exploit Guard -> Network Protection -> "Prevent users and apps from accessing dangerous websites" to "Enabled” and select “Block" in the drop down box.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" to "Enabled". Select the “Show…” option box and enter "4” in the ‘Value name’ field and enter “2" in the ‘Value’ field.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" to "Enabled". Select the “Show…” option box and enter "2” in the ‘Value name’ field and enter “2" in the ‘Value’ field.
Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Threats -> "Specify threat alert levels at which default action should not be taken when detected" to "Enabled". Select the “Show…” option box and enter "1” in the ‘Value name’ field and enter “2" in the ‘Value’ field.