Page 1 of 2 12 LastLast
  1.    14 Aug 2017 #1
    Join Date : Aug 2016
    Posts : 82
    Windows 7-pro-sp1 and windows 10-pro-1703

    Where is Defender setting to Quarantine - in Win 1703


    In Windows 1607 Windows Defender had a way to set how to handle detections and I could set two bottom lines to Quarantine rather than Recommended setting, which probably meant delete.
    In Windows 1703 - I cannot find where such setting is made. I think I looked through every possible thing (as admin) in the Defender settings and no go.
    Also there was a way in the registry to have Defender check for PUPs and I don't recall how that gem was set.
    Does anyone know?
      My ComputerSystem Spec
  2.    14 Aug 2017 #2
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 436
    Win10 Home x64 - 1709

    Hey 91fw,
    Far as I know the default is Quarantine. If you using Win10 Pro, I believe you can set WD thru the Group Policy Editor. You can also Open PowerShell as Administrator > Get-MpPreference and Set-MpPreference.
    Get-MpPreference
    Set-MpPreference

    View Current Settings
    get-mppreference

    Set preference for PUP
    set-mppreference PUAProtection 1

    Note: I would create a txt file of the current settings first
    get-mppreference > "$($env:userprofile)\Desktop\wd-settings.txt"
      My ComputersSystem Spec
  3.    15 Aug 2017 #3
    Join Date : Aug 2016
    S/E England
    Posts : 4,477
    10 Home x64 (1709) (10 Pro on 2nd pc)

    Quote Originally Posted by 91fw View Post
    Also there was a way in the registry to have Defender check for PUPs and I don't recall how that gem was set.
    Does anyone know?
    Microsoft call them PUAs ('Potentionally Unwanted Applications' rather than 'Programs'). There's a tutorial for this.

    Enable or Disable Windows Defender PUA Protection in Windows 10
      My ComputersSystem Spec
  4.    15 Aug 2017 #4
    Join Date : Aug 2016
    Posts : 82
    Windows 7-pro-sp1 and windows 10-pro-1703
    Thread Starter

    Quote Originally Posted by Eagle51 View Post
    Note: I would create a txt file of the current settings first
    get-mppreference > "$($env:userprofile)\Desktop\wd-settings.txt"
    Thanks much for this, see below.
      My ComputerSystem Spec
  5.    15 Aug 2017 #5
    Join Date : Aug 2016
    Posts : 82
    Windows 7-pro-sp1 and windows 10-pro-1703
    Thread Starter

    Quote Originally Posted by Bree View Post
    Microsoft call them PUAs ('Potentionally Unwanted Applications' rather than 'Programs'). There's a tutorial for this.
    Enable or Disable Windows Defender PUA Protection in Windows 10
    Thank you both for the neat instructions. Still it's all clear as mud to me. Can't understand why all those 34 possible settings are not in the GUI. I can't send feedback to M$ because I only use a local account.

    I could, but did not use gpedit, just wanted to see how it works by other methods.
    I did use powershell for the first time ever, and the result of PUAProtection did change from 0 to 1. I used the "-PUAProtection 1" (see -) in the command with this final result:
    HighThreatDefaultAction : 0
    LowThreatDefaultAction : 0
    MAPSReporting : 2
    ModerateThreatDefaultAction : 0
    PUAProtection : 1
    QuarantinePurgeItemsAfterDelay : 90
    I did not use the registry, it was and still is:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
    "MpEnablePus"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
    - So why did the powershell output report PUAProtection as zero before I changed it to 1 when the registry already was set?
    - In the powershell .txt output, any idea what is the meaning of zero, and what is 90 - miliseconds, seconds, minutes, hours, days, years, centuries? Is there somewhere a list of the meaning of some settings? Watching scripts might not be a bad idea.
    - Are the CMD commands no longer possible? Just powershell with its strange syntax?
      My ComputerSystem Spec
  6.    15 Aug 2017 #6
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 436
    Win10 Home x64 - 1709

    - So why did the powershell output report PUAProtection as zero before I changed it to 1 when the registry already was set?
    Not sure on that

    - In the powershell .txt output, any idea what is the meaning of zero, and what is 90 - miliseconds, seconds, minutes, hours, days, years, centuries? Is there somewhere a list of the meaning of some settings? Watching scripts might not be a bad idea.
    Check this page ... Set-MpPreference

    - Are the CMD commands no longer possible? Just powershell with its strange syntax?
    Command Prompt is still available. The get/set mppreference just happens to be a PowerShell command. If you're referring to the win+x menu, check this tutorial ... Show Command Prompt or Windows PowerShell on Win+X menu in Windows 10 Windows 10 Customization Tutorials
      My ComputersSystem Spec
  7.    16 Aug 2017 #7
    Join Date : Aug 2016
    Posts : 82
    Windows 7-pro-sp1 and windows 10-pro-1703
    Thread Starter

    Quote Originally Posted by Eagle51 View Post
    Check this page ... Set-MpPreference
    Thanks for sticking with me.

    In my default settings, LowThreatDefaultAction is zero (as are actually all other threat actions).
    So I look up what zero might stand for in the M$ page you so kindly provided.
    LowThreatDefaultAction
    Specifies which automatic remediation action to take for a low level threat. The acceptable values for this parameter are:
    Quarantine
    Remove
    Ignore
    Type: ThreatAction
    Parameter Sets: (All)
    Aliases: ltdefac
    Accepted values: Clean, Quarantine, Remove, Allow, UserDefined, NoAction, Block
    I still don't know what zero stands for. Nor what number might be good for, for example, "Ask me" or "Remove" or "Allow". It was possible to set such things on 1607, but not now on 1703. For some settings they do list corresponding numbers. Curious.
    I have a hunch there's no solution to the removed options in GUI, Arrggghhh other than take a look at gpedit which I haven't yet done.
      My ComputerSystem Spec
  8.    16 Aug 2017 #8
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 436
    Win10 Home x64 - 1709

    I hadn't looked that close at that particular settings and mine is 0. The couple of things WD has flagged, it quarantined. So I can only assume (dangerous I know) that 0 is default for quarantine. If I were to change it, I would use the accepted value wording and not guess at what number they might be.
      My ComputersSystem Spec
  9.    17 Aug 2017 #9
    Join Date : Aug 2016
    Posts : 82
    Windows 7-pro-sp1 and windows 10-pro-1703
    Thread Starter

    Quote Originally Posted by Eagle51 View Post
    I hadn't looked that close at that particular settings and mine is 0. The couple of things WD has flagged, it quarantined. So I can only assume (dangerous I know) that 0 is default for quarantine. If I were to change it, I would use the accepted value wording and not guess at what number they might be.
    When WD flagged, did you a get an alert on the screen so you could then look at the exact list?
    In previous windows (1607) I did get an alert and then in the GUI I was able to see what they show and what to do. It was ImgBurn with its OpenCandy junk so was a correct detection, and since I knew how OpenCandy works (wants to run out of .tmp file which another program would block for me) I chose to ignore. Is that still possible? I'm just trying to see how it'll work and the total lack of GUI information annoys me
      My ComputerSystem Spec
  10.    17 Aug 2017 #10
    Join Date : Oct 2016
    Charlotte, NC
    Posts : 436
    Win10 Home x64 - 1709

    Yea, you get a notification which takes you to the WD Security Center. There you can see details, history, etc. and If I remember correctly it gave me 3 options (clean, quarantine, ignore). If you like the old GUI check this tutorial.
    Create Windows Defender Antivirus Shortcut in Windows 10 Windows 10 Security System Tutorials
      My ComputersSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved Windows Defender Anti-Virus Options disappears [CU/ 1703]
After installing CU/ 1703, Windows Defender Anti-Virus Options disappears and sometime randomly returns, else with System Restore (to a point well AFTER installing CU/ 1703). I want Limited Periodic Scanning to always be on or available (so I can...
AntiVirus, Firewalls and System Security
Solved Upgrade to 1703 now has defender icon in notification area
I have just done an upgrade from 1607 to 1703. Now in the notification area I have a Defender icon with an exclamation mark warning me that SmartScreen is turned off. I have no intention of switching SmartScreen on and I don't even use...
Installation and Upgrade
Solved Windows 10 version 1703 Defender
Since the last update on 12 Apr 2017 (Creators update) I can't find out how to manually scan my computer with Defender. (interface has completely changed) The update went flawless and in the taskbar I can see the Defender icon. Opening that icon,...
General Support
Does Bit Defender Prohibit Windows Defender From Being Activated Too ?
Hello. Using BitDefender. Cant seem to activate Windows Defender (also). Does Bit Defender prohibit Windows Defender from being activated ? Any idea why I can't activate ? Assuming I can, somehow, do I want both ?
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:15.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums