Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [windows-defender]

32 questions
6
votes
1 answer

Managing Windows Defender in small business domain (is a nightmare)

I've spent a few months rolling out Group Policy for Windows Defender on a small business domain (about 25 workstations), and gathering the results with Event Viewer. (We are not running SCCM) I have it set to run a quick scan everyday, and a full…
corporate_IT_drone
  • 61
  • 4
2
votes
2 answers

Defender ATP public IP addresses

Does anybody know the IP addresses Microsoft uses for their Defender ATP Service? I can find the associated domain names but not a reliable source of the IP addresses being used.
TobyU
  • 191
  • 2
  • 8
1
vote
0 answers

Windows Firewall - Protected network connections?

In Windows Defender Firewall, under Advanced Settings, there is a "Protected network connections" setting for each profile (Domain, Public, Private). An image of this setting: Protected network connections My goal is to block all connections on…
Rudolfking
  • 11
  • 2
1
vote
2 answers

Is it safe to delete Windows Defender Scans History Files?

OS: Windows 10 Pro (used as production server to host websites, and mail functions.) I've noticed that de-fragmenting my hard drive (using MyDefrag v4.3.1) it's taking for ever to work itself through this C:\ProgramData\Microsoft\Windows…
MeSo2
  • 254
  • 1
  • 3
  • 18
1
vote
0 answers

Windows Defender won't install on Server 2016

I'm trying to install Windows Defender on one of our WIN Server 2016s but am getting a failure message with error code 0x800f0831. I tried the install through Server Manager > Add Roles and Feature. Defender was removed from this server several…
72909903
  • 39
  • 5
1
vote
0 answers

Onboarding Server 2016 to Defender ATP Package Fails to Install

I am having issues onboarding multiple Windows Server 2016 to Defender ATP. The initial installation of the Onboarding Package fails and rolls back. The server I am focusing on currently is fully updated and has Windows Defender Antivirus installed…
Riguez
  • 123
  • 1
  • 4
1
vote
0 answers

How to set alerts for an installed application not in exception list?

We are often getting incidents from Microsoft Defender about malicious activity detected on user devices, For example, lately we had an incident that said there was a defense evasion, however, at the crux of the issue is that the user simply had…
Cataster
  • 117
  • 4
1
vote
0 answers

Why isnt the remediation improving the exposure score in Microsoft defender?

I am trying to improve our exposure score on Microsoft Defender and noted that "Block persistence through WMI event subscription" has a remediation which Ive already applied since almost a month now. Remediation: Ensure that Microsoft Defender…
Cataster
  • 117
  • 4
1
vote
1 answer

Using Set-MpPreference to schedule Windows full and quick scans doesn't work

On a Windows 10 machine, I have been trying to set the time of virus scans using the following PowerShell commands. Set-MpPreference -ScanParameters FullScan Set-MpPreference -ScanScheduleDay Monday Set-MpPreference -ScanScheduleTime (Get-Date…
Philip
  • 73
  • 8
1
vote
0 answers

MMC crash during remote firewall management

Using MMC, I'm attempting to remotely manage the Windows Defender Firewall on our Hyper-V Server 2019 instance (no GUI, CLI only). The NetBIOS name is SERVER1. The Windows Defender Firewall Remote Management rules are enabled: Name …
InteXX
  • 753
  • 2
  • 15
  • 33
0
votes
0 answers

BSOD Critical_Process_Died after enabling Windows Defender Firewall

Server 2019 1809 17763.914 running Remote Desktop Services and all updates are applied. On reboot, the Windows Defender Firewall is stopped (even though it is set to automatically start) and when I manually start the service (via any command line,…
SkywalkerIsNull
  • 1
  • 3
0
votes
0 answers

How to make Windows Defener trust my applications at company level

In my company, I made some Windows form applications for internal use. They're some client-server applications, client is C# windows form (.NET4.6), server is ASP.NET REST API, publish using ClickOnce. Everytime user start application, Windows…
Luke
  • 101
  • 1
  • 10
0
votes
1 answer

Windows defender real-time protection "disabled"

Initially windows defender was disabled for some reason in Windows server 2016. I enabled it from gpedit.msc by disabling "Turn off windows defender". When opening Windows defender, it shows real-time protection "disabled". I went to settings and…
Bose
  • 1
  • 2
0
votes
0 answers

Windows Defender Real Time Scan

Windows Defender would not detect in real time a new Malware hidden in a .zip file. If I scan the .zip file after it was downloaded from the website it does detect it and deletes it. Zip file is not protected and it has a simple .exe inside; there…
KCJ
  • 11
  • 1
  • 4
0
votes
1 answer

My scheduled task to run MpCmdRun.exe works with one set of flags but not another (fails with 0x2 "File not found")

I have a GPO that gives my Win10 workstations two scheduled tasks. Task one runs C:\Program Files\Windows Defender\MpCmdRun.exe -removedefinitions -dynamicsignatures Task two runs C:\Program Files\Windows Defender\MpCmdRun.exe…
The ITea Guy
  • 321
  • 1
  • 6
  • 16
1
2 3