Applying default settings with Defender Manager

Category	Default Value	Description
General
Enable Windows Defender	No	The master switch for enabling Windows Defender on a device. The default value is set to No which will allow you to switch Defender on when you are ready.
General Notifications and UI
Disable Security Center Notifications	Yes	Disables notifications from being displayed in Security Center
Disable Windows Defender UI	Yes	Prevents any Defender configuration UI from being displayed
Disable Windows Defender Notifications	Yes	Prevents popup notifications in the task bar or system tray
General Signatures
Update Signatures Every (hours)	1	Check for new AV/AS signatures every 1 hour
Check for Signature Update Before Running Scan	Yes	Check for new AV/AS signatures before a scheduled scan
Real-time Protection
Real-time Monitoring	On	Enable the real-time monitoring component
Behavioral Monitoring	On	Enable the behavioral monitoring component
Scan All Downloaded Files and Attachments	On	Scan all files downloaded via IE/Edge browsers
Script Scanning	On	Scan scripts for malicious content before execution
NTFS File Direction Scanning	Both	Scan files that are both being written to disk and sent over the network / internet
Cloud Protection
Block At First Sight	On	Block executable content that has not been seen before by the Microsoft Cloud.
Reporting Level	Advanced
Automatic Sample Submission	Send All Samples Automatically	Automatically send suspicous executable content files to the Microsoft Cloud for further analysis
PUA Protection	Audit	Enable reporting but not take action on potentially unwanted software
Scans
Only Scan When Idle	Yes	Only begin a scan when the system is idle
Email Scanning	On	Parses the mailbox and mail files, according to their specific format, in order to analyze mail bodies and attachments. Windows Defender supports several formats, including .pst, .dbx, .mbx, .mime, and .binhex
Perform Catchup Quick Scans	On	Configures whether Windows Defender runs catch-up scans for scheduled quick scans. A computer can miss a scheduled scan, usually because the computer is off at the scheduled time.
Perform Catchup Full Scans	Off	Configures whether Windows Defender runs catch-up scans for scheduled full scans. A computer can miss a scheduled scan, usually because the computer is off at the scheduled time.
Scan Removable Drives	On	Configures whether to scan for malicious and unwanted software in removable drives, such as flash drives, during a full scan.
Scan Restore Points	On	Configures whether to enable scanning of restore points
Scan Mapped Network Drives for Full Scan	Off	Configures whether to scan mapped network drives during a full scan
Scan Network Files	Off	Configures whether to scan for network files
Remove Quarantine Items After (Days)	7	Specifies the number of days to keep items in the Quarantine folder. If you specify a value of zero, items stay in the Quarantine folder indefinitely
Scheduled Scan Type	Quick Scan	Specifies the scan type used for scheduled scans
Scheduled Scan Day of Week	Everyday	Specifies the day of the week on which to perform a scheduled scan. Alternatively, specify Everyday for a scheduled scan or Never.
Scheduled Scan Time of Day	0	Specifies the time of day, as the number of minutes after midnight, to perform a scheduled scan. The time refers to the local time on the computer.
Randomize Scheduled Scan Times	No	Configures whether to select a random time for the scheduled start and scheduled update for definitions. If you specify a value of Enabled, scheduled tasks begin within 30 minutes, before or after, the scheduled time
Threat Actions
Unknown Threat Default Action	Quarantine	Specifies which automatic remediation action to take for a Unknown level threat.
Low Threat Default Action	Quarantine	Specifies which automatic remediation action to take for a Low level threat.
Moderate Threat Default Action	Quarantine	Specifies which automatic remediation action to take for a Moderate level threat.
High Threat Default Action	Quarantine	Specifies which automatic remediation action to take for a High level threat.
Severe Threat Default Action	Clean	Specifies which automatic remediation action to take for a Severe level threat.
Advanced
Block Executable Content From Email and Webmail	Disabled
Block Office Applications from Creating Child Processes	Disabled
Block Office Applications From Creating Executable Content	Audit
Block Office Applications From Injecting Into Other Processes	Disabled
Prevent JavaScript and VBScript From Launching Executables	Disabled
Block Execution of Potentially Obfuscated Scripts	Audit
Block Win32 Imports From Macro Code in Office Applications	Audit
Block Executables From Running Unless They Meet Prevelance, Age or Trusted List Criteria	Disabled
Block Credential Stealing From the Windows Local Security Authority Subsystem (lsass.exe)	Disabled
Block Process Creation Originating From PsExec and WMI commands	Audit
Block Untrusted and Unsigned Processes That Run From USB	Enabled
Use Advanced Protection Against Ransomware	Audit
Block Only Office Communications Applications From Creating Child Processes	Disabled
Block Adobe Reader From Creating Child Processes	Disabled
Network Protection	Audit
Folder Access	Disabled
Exclusions
Process Exclusions	None	Process names to exclude any files opened by the processes that you specify from scheduled and real-time scanning.
Path Exclusions	None	File paths to exclude from scheduled and real-time scanning. You can specify a folder to exclude all the files under the folder
Extension Exclusions	None	File name extensions, such as obj or lib, to exclude from scheduled, custom, and real-time scanning.

Enable Windows Defender

No

The master switch for enabling Windows Defender on a device.

The default value is set to No which will allow you to switch Defender on when you are ready.

Disable Security Center Notifications

Yes

Disables notifications from being displayed in Security Center

Disable Windows Defender UI

Yes

Prevents any Defender configuration UI from being displayed

Disable Windows Defender Notifications

Yes

Prevents popup notifications in the task bar or system tray

Update Signatures Every (hours)

1

Check for new AV/AS signatures every 1 hour

Check for Signature Update Before Running Scan

Yes

Check for new AV/AS signatures before a scheduled scan

Real-time Monitoring

On

Enable the real-time monitoring component

Behavioral Monitoring

On

Enable the behavioral monitoring component

Scan All Downloaded Files and Attachments

On

Scan all files downloaded via IE/Edge browsers

Script Scanning

On

Scan scripts for malicious content before execution

NTFS File Direction Scanning

Both

Scan files that are both being written to disk and sent over the network / internet

Block At First Sight

On

Block executable content that has not been seen before by the Microsoft Cloud.

Reporting Level

Advanced

Automatic Sample Submission

Send All Samples Automatically

Automatically send suspicous executable content files to the Microsoft Cloud for further analysis

PUA Protection

Audit

Enable reporting but not take action on potentially unwanted software

Only Scan When Idle

Yes

Only begin a scan when the system is idle

Email Scanning

On

Parses the mailbox and mail files, according to their specific format, in order to

analyze mail bodies and attachments. Windows Defender supports several formats, including .pst, .dbx, .mbx, .mime, and .binhex

Perform Catchup Quick Scans

On

Configures whether Windows Defender runs catch-up scans for scheduled quick scans.

A computer can miss a scheduled scan, usually because the computer is off at the scheduled time.

Perform Catchup Full Scans

Off

Configures whether Windows Defender runs catch-up scans for scheduled full scans.

A computer can miss a scheduled scan, usually because the computer is off at the scheduled time.

Scan Removable Drives

On

Configures whether to scan for malicious and unwanted software in removable drives, such as flash drives, during a full scan.

Scan Restore Points

On

Configures whether to enable scanning of restore points

Scan Mapped Network Drives for Full Scan

Off

Configures whether to scan mapped network drives during a full scan

Scan Network Files

Off

Configures whether to scan for network files

Remove Quarantine Items After (Days)

7

Specifies the number of days to keep items in the Quarantine folder. If you specify a value of zero, items stay in the Quarantine folder indefinitely

Scheduled Scan Type

Quick Scan

Specifies the scan type used for scheduled scans

Scheduled Scan Day of Week

Everyday

Specifies the day of the week on which to perform a scheduled scan. Alternatively, specify Everyday for a scheduled scan or Never.

Scheduled Scan Time of Day

0

Specifies the time of day, as the number of minutes after midnight, to perform a scheduled scan. The time refers to the local time on the computer.

Randomize Scheduled Scan Times

No

Configures whether to select a random time for the scheduled start and scheduled update for definitions.

If you specify a value of Enabled, scheduled tasks begin within 30 minutes, before or after, the scheduled time

Unknown Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a Unknown level threat.

Low Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a Low level threat.

Moderate Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a Moderate level threat.

High Threat Default Action

Quarantine

Specifies which automatic remediation action to take for a High level threat.

Severe Threat Default Action

Clean

Specifies which automatic remediation action to take for a Severe level threat.

Block Executable Content From Email and Webmail

Disabled

Block Office Applications from Creating Child Processes

Disabled

Block Office Applications From Creating Executable Content

Audit

Block Office Applications From Injecting Into Other Processes

Disabled

Prevent JavaScript and VBScript From Launching Executables

Disabled

Block Execution of Potentially Obfuscated Scripts

Audit

Block Win32 Imports From Macro Code in Office Applications

Audit

Block Executables From Running Unless They Meet Prevelance, Age or Trusted List Criteria

Disabled

Block Credential Stealing From the Windows Local Security Authority Subsystem (lsass.exe)

Disabled

Block Process Creation Originating From PsExec and WMI commands

Audit

Block Untrusted and Unsigned Processes That Run From USB

Enabled

Use Advanced Protection Against Ransomware

Audit

Block Only Office Communications Applications From Creating Child Processes

Disabled

Block Adobe Reader From Creating Child Processes

Disabled

Network Protection

Audit

Folder Access

Disabled

Process Exclusions

None

Process names to exclude any files opened by the processes that you specify from scheduled and real-time scanning.

Path Exclusions

None

File paths to exclude from scheduled and real-time scanning. You can specify a folder to exclude all the files under the folder

Extension Exclusions

None

File name extensions, such as obj or lib, to exclude from scheduled, custom, and real-time scanning.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.

Applying default settings with Defender Manager

Describes Windows Defender configuration options and recommended defaults