Windows Defender Block at First Sight - Enable in Windows 10

    Windows Defender Block at First Sight - Enable in Windows 10

    How to Enable or Disable Windows Defender Block at First Sight in Windows 10
    Published by
    2 Weeks Ago
    Designer Media Ltd

    Published by


    Brink's Avatar
    Administrator

    Posts: 16,467

    Show Printable Version 


    How to Enable or Disable Windows Defender Block at First Sight in Windows 10

    information   Information
    Windows Defender helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC without your knowledge: it might install itself from an email message, when you connect to the Internet, or when you install certain apps using a USB flash drive, CD, DVD, or other removable media. Some malware can also be programmed to run at unexpected times, not only when it's installed.

    Block at First Sight is a feature of Windows Defender cloud protection starting with Windows 10 Anniversary Update (version 1607) that provides a way to detect and block new malware within seconds. Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work.


    How Block at First Sight works



    When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.

    If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file.

    In many cases this process can reduce the response time to new malware from hours to seconds.

    Note   Note
    Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files.



    This tutorial will show you how to enable or disable the Block at First Sight cloud protection feature in Windows Defender for all users in Windows 10.

    You must be signed in as an administrator to be able to enable or disable Block at First Sight.


    CONTENTS:
    • Option One: To Turn On or Off Windows Defender Block at First Sight in Settings
    • Option Two: To Enable Windows Defender Block at First Sight in Group Policy
    • Option Three: To Disable Windows Defender Block at First Sight in Group Policy
    • Option Four: To Enable or Disable Windows Defender Block at First Sight using a REG file


    EXAMPLE: Windows Defender Settings with Block at First Sight enabled
    Click image for larger version. 

Name:	Windows_Defender_Block_at_First_Sight-Enabled.jpg 
Views:	12 
Size:	137.3 KB 
ID:	110781





    Windows Defender Block at First Sight - Enable in Windows 10 OPTION ONE Windows Defender Block at First Sight - Enable in Windows 10
    To Turn On or Off Windows Defender Block at First Sight in Settings

    Note   Note
    You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as Cloud-based protection and Automatic sample submission are both turned on.

    If you enabled Block at First Site using Option Two or Option Four below, then the settings in this option will be grayed out.


    1. Open Settings, and click/tap on the Update & security icon.

    2. Do step 3 (on) or step 4 (off) below for what you want to do.


     3. To Turn On Block at First Sight Cloud Protection in Windows Defender

    NOTE: This is the default setting.

    A) Click/tap on Windows Defender on the left side. (see screenshot below)

    B) Turn on Real-time protection.

    C) Turn on Cloud-based Protection.

    D) Turn on Automatic sample submission, and go to step 5 below.

     4. To Turn Off Block at First Sight Cloud Protection in Windows Defender

    A) Click/tap on Windows Defender on the left side. (see screenshot below)

    B) Turn off Cloud-based Protection.

    D) Turn off Automatic sample submission, and go to step 5 below.

    5. When finished, you can close Settings if you like.

    Click image for larger version. 

Name:	Windows_Defender_Block_at_First_Sight.png 
Views:	13 
Size:	212.2 KB 
ID:	110790





    Windows Defender Block at First Sight - Enable in Windows 10 OPTION TWO Windows Defender Block at First Sight - Enable in Windows 10
    To Enable Windows Defender Block at First Sight in Group Policy

    Note   Note
    This option will override Option One.

    Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Four below to enable Block at First Sight using a .reg file instead.


    1. Open the Local Group Policy Editor.

    2. Navigate to the location below in the left pane of Local Group Policy Editor. (see screenshot below)

    Computer Configuration/Administrative Templates/Windows Components/Windows Defender/MAPS

    Click image for larger version. 

Name:	Configure_Block_at_First_Site_gpedit-1.jpg 
Views:	13 
Size:	113.5 KB 
ID:	110782

    3. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Configure the ‘Block at First Sight’ feature policy to edit it. (see screenshot above)

    A) Select (dot) Enabled, and click/tap on OK. (see screenshot below)

    Click image for larger version. 

Name:	Configure_Block_at_First_Site_gpedit-2.jpg 
Views:	11 
Size:	150.9 KB 
ID:	110783

    4. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Join Microsoft MAPS policy to edit it. (see screenshot below)

    Click image for larger version. 

Name:	Join_Microsoft_MAPS_gpedit-1.jpg 
Views:	11 
Size:	111.8 KB 
ID:	110784

    A) Select (dot) Enabled. (see screenshot below)

    B) Select Advanced MAPS under Options, and click/tap on OK.
    Note   Note
    Advanced MAPS membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.


    Click image for larger version. 

Name:	Join_Microsoft_MAPS_gpedit-2.jpg 
Views:	12 
Size:	183.2 KB 
ID:	110785

    5. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Send file samples when further analysis is required policy to edit it. (see screenshot below)

    Click image for larger version. 

Name:	Send_file_samples_gpedit-1.jpg 
Views:	12 
Size:	113.0 KB 
ID:	110788

    A) Select (dot) Enabled. (see screenshot below)

    B) Select Send safe samples or Send all samples under Options for what you want, and click/tap on OK.

    Click image for larger version. 

Name:	Send_file_samples_gpedit-2.jpg 
Views:	12 
Size:	90.4 KB 
ID:	110789

    6. Navigate to the location below in the left pane of Local Group Policy Editor. (see screenshot below)

    Computer Configuration/Administrative Templates/Windows Components/Windows Defender/Real-time Protection

    Click image for larger version. 

Name:	Real-time_Protection_gpedit-1.png 
Views:	10 
Size:	75.5 KB 
ID:	110798

    7. In the right pane of Real-time Protection in Local Group Policy Editor, double click/tap on the Turn off real-time protection policy to edit it. (see screenshot above)

    A) Select (dot) Disabled, and click/tap on OK. (see screenshot below)

    Click image for larger version. 

Name:	Real-time_Protection_gpedit-2.png 
Views:	11 
Size:	34.4 KB 
ID:	110799

    8. In the right pane of Real-time Protection in Local Group Policy Editor, double click/tap on the Scan all downloaded files and attachments policy to edit it. (see screenshot below)

    Click image for larger version. 

Name:	Scan_all_gpedit-1.jpg 
Views:	12 
Size:	229.2 KB 
ID:	110786

    A) Select (dot) Enabled, and click/tap on OK. (see screenshot below)

    Click image for larger version. 

Name:	Scan_all_gpedit-2.jpg 
Views:	10 
Size:	88.5 KB 
ID:	110787

    9. When finished, you can close the Local Group Policy Editor if you like.





    Windows Defender Block at First Sight - Enable in Windows 10 OPTION THREE Windows Defender Block at First Sight - Enable in Windows 10
    To Disable Windows Defender Block at First Sight in Group Policy

    Note   Note
    You may choose to disable the Block at First Sight feature if you want to retain the pre-requisite settings without using Block at First Sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.

    Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Four below to disable Block at First Sight using a .reg file instead.


    1. Open the Local Group Policy Editor.

    2. Navigate to the location below in the left pane of Local Group Policy Editor. (see screenshot below)

    Computer Configuration/Administrative Templates/Windows Components/Windows Defender/MAPS

    Click image for larger version. 

Name:	Configure_Block_at_First_Site_gpedit-1.jpg 
Views:	13 
Size:	113.5 KB 
ID:	110782

    3. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Configure the ‘Block at First Sight’ feature policy to edit it. (see screenshot above)

    4. Select (dot) Disabled, and click/tap on OK. (see screenshot below)

    Click image for larger version. 

Name:	Configure_Block_at_First_Site_gpedit-2.jpg 
Views:	11 
Size:	150.9 KB 
ID:	110783

    5. When finished, you can close the Local Group Policy Editor if you like.





    Windows Defender Block at First Sight - Enable in Windows 10 OPTION FOUR Windows Defender Block at First Sight - Enable in Windows 10
    To Enable or Disable Windows Defender Block at First Sight using a REG file

    Note   Note
    The .reg files below will add and modify the DWORD values in the registry keys.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection

    DisableIOAVProtection DWORD
    • (delete) = Default Not Configured
    • 0 = Enable

    DisableRealtimeMonitoring DWORD
    • (delete) = Default Not Configured
    • 0 = Enable

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet

    DisableBlockAtFirstSeen DWORD
    • (delete) = Default Not Configured
    • 1 = Disable
    • 0 = Enable

    SpynetReporting DWORD
    • (delete) = Default Not Configured
    • 2 = Advanced MAPS

    SubmitSamplesConsent DWORD
    • (delete) = Default Not Configured
    • 1 = Send safe samples
    • 3 = Send all samples


    1. Do step 2 (enable with "Send safe samples"), step 3 (enable with "Send all sample"), step 4 (disable), or step 5 (default Not Configured) below for what you would like to do.


     2. To Enable Block at First Sight with "Send safe samples"

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    EnableBlockAtFirstSight_AdvancedMAPS_SendSafeSamples.reg

    download

     3. To Enable Block at First Sight with "Send all samples"

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    EnableBlockAtFirstSight_AdvancedMAPS_SendAllSamples.reg

    download

     4. To Disable Block at First Sight

    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Disable_BlockAtFirstSight.reg

    download

     5. To Set Block at First Sight to Default "Not Configured"

    Note   Note
    This is the default setting to set all Block at First Sight group polices back to "Not Configured".

    This will have the settings in Option One above to no longer be grayed out.


    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Default_NotConfigured_BlockAtFirstSight.reg

    download

    6. Save the .reg file to your desktop.

    7. Double click/tap on the downloaded .reg file to merge it.

    8. If prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    9. If you like, you can now delete the downloaded .reg file.


    That's it,
    Shawn



  1. Join Date : Feb 2015
    Bamberg Germany
    Posts : 13,393
    Microsoft Windows 10 Pro 64-bit 14393 Multiprocessor Free
       2 Weeks Ago #1

    Until I saw your gray out screenshot, I hadn't realized mine was, nice thing about Defender--set & forget:
    Click image for larger version. 

Name:	image.png 
Views:	4 
Size:	66.0 KB 
ID:	110813

    Of course I had used the GPEdit version when I found out about it, as it makes it harder for anyone(and any, hopefully, malware) to change.
      My System SpecsSystem Spec


 


Similar Threads
Tutorial Category
Solved How do you enable PUP detection engine on Windows Defender?
How do you enable PUP detection engine on Windows Defender? I know that feature only exclusive for Windows 10 Pro, but I heard there's a trick to enable it on the home version as well.
AntiVirus, Firewalls and System Security
How to enable the video chat app ooVoo.exe when using Windows Defender
Although I have enabled ooVoo.exe in the McAfee Antivirus Plus software, I think Windows Defender is blocking it as no sooner I video call a friend using the ooVoo app, the call is terminated. ooVoo opines to check any antivirus software that is...
AntiVirus, Firewalls and System Security
Windows Defender PUA Protection - Enable or Disable in Windows 10
How to Enable or Disable Windows Defender PUA Protection in Windows 10 Potential Unwanted Application (PUA or PUP) refers to unwanted application bundlers or their bundled applications. These applications can increase the risk of your network...
Tutorials
How to Enable Windows Defender Adware Blocking in Windows 10
Read more: http://www.ghacks.net/2015/11/30/add-adware-protection-to-windows-defender/ SOURCE: Shields up on potentially unwanted applications in your enterprise - Microsoft Malware Protection Center - Site Home - TechNet Blogs
AntiVirus, Firewalls and System Security
Windows 10 : Is Defender capable to block all internet threats?
Hello everybody, IS DEFENDER CAPABLE TO BLOCK ALL VIRUS THREATS AND ALLOW ME SAFE INTERNET BROWSING AND NET BANKING? ------------------------------------------------------------------------------------------------------------------------- My...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:33.
Find Us
Twitter Facebook Google+



Windows 10 Forums