Worklet: Windows Defender Remote Work - RTM, Removable Drives, and other scan configurations

Its important that Windows devices are abiding by endpoint protection schemes now that so many more people are working remotely. It can also be hard to enforce standards around removable devices.

That’s why we use the following to ensure the proper configurations are in place for Windows Defender (see comments for details on each item):

#To enable real-time monitoring:


Set-MpPreference -DisableRealtimeMonitoring $false





#Making sure to catch removable USB drives as scan-able:


Set-MpPreference -DisableRemovableDriveScanning $false





#Making sure that email scanning (attachments) is enabled


Set-MpPreference -DisableEmailScanning $false





#Disable the scan of network files, which can cause issues remotely


Set-MpPreference -DisableScanningNetworkFiles $false





#Making sure to scan scripts as well


Set-MpPreference -DisableScriptScanning $false





#Make it so that before a scan runs Defender checks for new/the latest threat signatures


Set-MpPreference -CheckForSignaturesBeforeRunningScan $true

Feel free to comment out the ones you don’t want for your threat model 🙂

Be the first to reply!

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded