Analysis of Potentially Unwanted Software
Sterling Reasor, program Manager
Keeping up to date with the current malware definitions can help protect your computer from harmful or potentially unwanted software. Microsoft has taken several steps to create definition updates, including gathering new samples of suspicious files, observing and testing the samples, and performing a deep analysis. If we determine that the sample does not follow our criteria, its alert level is determined and the software is added to the software definitions and released to customers.
For more information, visit http://www.microsoft.com/athome/security/spyware /software/msft/analysis. mspx.
■ Turn On Definition Updates Through Both WSUS And The Microsoft Malware Protection Center Provides similar functionality to the previous Group Policy setting, but clients download updates from a different site . You should set these two policies to the same value unless the computer has no access to the Internet and relies only on an internal WSUS server.
■ Check For New Signatures Before Scheduled Scans Disabled by default, you can enable this setting to cause Windows Defender to always check for updates prior to a scan. This helps ensure that Windows Defender has the most up-to-date signatures . When you disable this setting, Windows Defender still downloads updates on a regular basis but will not necessarily check immediately prior to a scan .
■ Turn Off Windows Defender Enable this setting to turn off Windows Defender real-time protection and to remove any scheduled scans . You should enable this setting only if you are using different anti-malware software. If Windows Defender is turned off, users can still run the tool manually to scan for potentially unwanted software.
■ Turn Off Real-Time Monitoring If you enable this policy setting, Windows Defender does not prompt users to allow or block unknown activity. If you disable or do not configure this policy setting, by default Windows Defender prompts users to allow or block unknown activity on their computers .
■ Turn Off Routinely Taking Action By default, Windows Defender will take action on all detected threats automatically after about ten minutes . Enable this policy to configure Windows Defender to prompt the user to choose how to respond to a threat .
■ Configure Microsoft SpyNet Reporting SpyNet is the online community that helps users choose how to respond to potential spyware threats that Microsoft has not yet classified by showing users how other members have responded to an alert . When enabled and set to Basic or Advanced, Windows Defender will display information about how other users responded to a potential threat . When enabled and set to Basic, Windows Defender will also submit a small amount of information about the potentially malicious files on the user's computer. When set to Advanced, Windows Defender will send more detailed information. If you enable this setting and set it to No Membership, SpyNet will not be used, and the user will not be able to change the setting. If you leave this setting Disabled (the default), SpyNet will not be used unless the user changes the setting on his local computer. The Microsoft Malware Protection Center recommends that this setting be set to Advanced to provide their analysts with more complete information on potentially unwanted software.
Windows Defender Group Policy settings are defined in WindowsDefender. admx, which is included with Windows 7. For more information about using Group Policy administrative templates, read Chapter 14, "Managing the Desktop Environment."
Was this article helpful?