Where is Defender setting to Quarantine - in Win 1703

Page 1 of 2 12 LastLast

  1. Posts : 102
    Windows 7-pro-sp1 and windows 10-pro-1803
       #1

    Where is Defender setting to Quarantine - in Win 1703


    In Windows 1607 Windows Defender had a way to set how to handle detections and I could set two bottom lines to Quarantine rather than Recommended setting, which probably meant delete.
    In Windows 1703 - I cannot find where such setting is made. I think I looked through every possible thing (as admin) in the Defender settings and no go.
    Also there was a way in the registry to have Defender check for PUPs and I don't recall how that gem was set.
    Does anyone know?
      My Computer

  2. Eagle51's Avatar
    Posts : 1,471
    Win10 Home x64 - 1809
       #2

    Hey 91fw,
    Far as I know the default is Quarantine. If you using Win10 Pro, I believe you can set WD thru the Group Policy Editor. You can also Open PowerShell as Administrator > Get-MpPreference and Set-MpPreference.
    Get-MpPreference
    Set-MpPreference

    View Current Settings
    get-mppreference

    Set preference for PUP
    set-mppreference PUAProtection 1

    Note: I would create a txt file of the current settings first :)
    get-mppreference > "$($env:userprofile)\Desktop\wd-settings.txt"
      My Computers

  3. Bree's Avatar
    Posts : 18,790
    10 Home x64 (20H2) (10 Pro on 2nd pc)
       #3

    91fw said:
    Also there was a way in the registry to have Defender check for PUPs and I don't recall how that gem was set.
    Does anyone know?
    Microsoft call them PUAs ('Potentionally Unwanted Applications' rather than 'Programs'). There's a tutorial for this.

    Enable or Disable Windows Defender PUA Protection in Windows 10
      My Computers


  4. Posts : 102
    Windows 7-pro-sp1 and windows 10-pro-1803
    Thread Starter
       #4

    Eagle51 said:
    Note: I would create a txt file of the current settings first :)
    get-mppreference > "$($env:userprofile)\Desktop\wd-settings.txt"
    Thanks much for this, see below.
      My Computer


  5. Posts : 102
    Windows 7-pro-sp1 and windows 10-pro-1803
    Thread Starter
       #5

    Bree said:
    Microsoft call them PUAs ('Potentionally Unwanted Applications' rather than 'Programs'). There's a tutorial for this.
    Enable or Disable Windows Defender PUA Protection in Windows 10
    Thank you both for the neat instructions. Still it's all clear as mud to me. Can't understand why all those 34 possible settings are not in the GUI. I can't send feedback to M$ because I only use a local account.

    I could, but did not use gpedit, just wanted to see how it works by other methods.
    I did use powershell for the first time ever, and the result of PUAProtection did change from 0 to 1. I used the "-PUAProtection 1" (see -) in the command with this final result:
    HighThreatDefaultAction : 0
    LowThreatDefaultAction : 0
    MAPSReporting : 2
    ModerateThreatDefaultAction : 0
    PUAProtection : 1
    QuarantinePurgeItemsAfterDelay : 90
    I did not use the registry, it was and still is:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
    "MpEnablePus"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
    - So why did the powershell output report PUAProtection as zero before I changed it to 1 when the registry already was set?
    - In the powershell .txt output, any idea what is the meaning of zero, and what is 90 - miliseconds, seconds, minutes, hours, days, years, centuries? Is there somewhere a list of the meaning of some settings? Watching scripts might not be a bad idea.
    - Are the CMD commands no longer possible? Just powershell with its strange syntax?
      My Computer

  6. Eagle51's Avatar
    Posts : 1,471
    Win10 Home x64 - 1809
       #6

    - So why did the powershell output report PUAProtection as zero before I changed it to 1 when the registry already was set?
    Not sure on that

    - In the powershell .txt output, any idea what is the meaning of zero, and what is 90 - miliseconds, seconds, minutes, hours, days, years, centuries? Is there somewhere a list of the meaning of some settings? Watching scripts might not be a bad idea.
    Check this page ... Set-MpPreference

    - Are the CMD commands no longer possible? Just powershell with its strange syntax?
    Command Prompt is still available. The get/set mppreference just happens to be a PowerShell command. If you're referring to the win+x menu, check this tutorial ... Show Command Prompt or Windows PowerShell on Win+X menu in Windows 10 Windows 10 Customization Tutorials
      My Computers


  7. Posts : 102
    Windows 7-pro-sp1 and windows 10-pro-1803
    Thread Starter
       #7

    Eagle51 said:
    Check this page ... Set-MpPreference
    Thanks for sticking with me.

    In my default settings, LowThreatDefaultAction is zero (as are actually all other threat actions).
    So I look up what zero might stand for in the M$ page you so kindly provided.
    LowThreatDefaultAction
    Specifies which automatic remediation action to take for a low level threat. The acceptable values for this parameter are:
    Quarantine
    Remove
    Ignore
    Type: ThreatAction
    Parameter Sets: (All)
    Aliases: ltdefac
    Accepted values: Clean, Quarantine, Remove, Allow, UserDefined, NoAction, Block
    I still don't know what zero stands for. Nor what number might be good for, for example, "Ask me" or "Remove" or "Allow". It was possible to set such things on 1607, but not now on 1703. For some settings they do list corresponding numbers. Curious.
    I have a hunch there's no solution to the removed options in GUI, Arrggghhh other than take a look at gpedit which I haven't yet done.
      My Computer

  8. Eagle51's Avatar
    Posts : 1,471
    Win10 Home x64 - 1809
       #8

    I hadn't looked that close at that particular settings and mine is 0. The couple of things WD has flagged, it quarantined. So I can only assume (dangerous I know) that 0 is default for quarantine. If I were to change it, I would use the accepted value wording and not guess at what number they might be.
      My Computers


  9. Posts : 102
    Windows 7-pro-sp1 and windows 10-pro-1803
    Thread Starter
       #9

    Eagle51 said:
    I hadn't looked that close at that particular settings and mine is 0. The couple of things WD has flagged, it quarantined. So I can only assume (dangerous I know) that 0 is default for quarantine. If I were to change it, I would use the accepted value wording and not guess at what number they might be.
    When WD flagged, did you a get an alert on the screen so you could then look at the exact list?
    In previous windows (1607) I did get an alert and then in the GUI I was able to see what they show and what to do. It was ImgBurn with its OpenCandy junk so was a correct detection, and since I knew how OpenCandy works (wants to run out of .tmp file which another program would block for me) I chose to ignore. Is that still possible? I'm just trying to see how it'll work and the total lack of GUI information annoys me :)
      My Computer

  10. Eagle51's Avatar
    Posts : 1,471
    Win10 Home x64 - 1809
       #10

    Yea, you get a notification which takes you to the WD Security Center. There you can see details, history, etc. and If I remember correctly it gave me 3 options (clean, quarantine, ignore). If you like the old GUI check this tutorial.
    Create Windows Defender Antivirus Shortcut in Windows 10 Windows 10 Security System Tutorials
      My Computers


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:18.
Find Us




Windows 10 Forums