Group policy how to enable on windows defender

Pradeepkumar Gone 1 Reputation point
2020-08-21T07:41:08.377+00:00

Hello,

I want to apply group policy on windows defender to apply to all computers. We unable to find the whether group policy is applying on computers or not.

We have schedule the scanning in the day of the week,

when we trying to enable the every day scanning it automatically disabling the policy option.

how to check the logs that exactly scanning in schedule time.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,802 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,208 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,231 Reputation points
    2020-08-21T08:40:12.767+00:00

    Hello,

    Thank you so much for posting here.

    According to our description, we applied group policy on Windows defender, but we are unable to verify whether this policy is applied or not. To check whether this policy is applied or not,

    1. Logon one client with the Administrator account.
    2. Open CMD, run as administrator.
    3. Type gpresult /h C:\report.html and click Enter.
    4. Open report file to check the policies under Computer Details.

    Since it is computer configuration, we could logon one computer with the Administrator account to have a check by running “gpresult /h” to get a detailed group policy result report, then check if the specific settings get applied or not.

    As for "How to check the logs that exactly scanning in schedule time", Windows Defender adds entries to the Event Viewer in the following location:

    Event Viewer >> Applications and Services Logs >> Microsoft >> Windows >> Windows Defender >> Operational

    Where we'll see:
    Windows Defender scan has started. (Event ID 1000)
    Windows Defender scan has finished. (Event ID 1001)

    19320-1.png

    As for "when we trying to enable the every day scanning it automatically disabling the policy option.", so sorry that we could not clearly understand this issue. When we configure Every Day under Specify the day of the week to run a scheduled scan, click "Apply" and then this policy will be enabled.

    19435-2.png

    For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong

    0 comments
  2. Pradeepkumar Gone 1 Reputation point
    2020-08-21T09:34:00.077+00:00

    Hi Xiong,
    Thanks for your response

    Could you please help me

    1) which group policies should enable to run windows defender in client systems.
    2) Apply only the Full scan
    3) How to push the group policies on client systems
    4) Can we have option to check the logs in windows defender app. I mean got the question can we see history of full scan details.

    0 comments
  3. Hannah Xiong 6,231 Reputation points
    2020-08-24T02:51:27.723+00:00

    Hi,

    You are welcome. Thank you so much for your feedback.

    1) I recommend looking through all of the available policy options for Windows Defender so that we could get an understanding of how we can configure Windows Defender using group policy and which group policies we need to meet our requirements.

    Reference:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus

    2) As per configuration of the Full scan, we could kindly have a check whether it is required.

    19699-1.png

    3) After the configuration, we will push the group policies on client systems. To do this:

    Log on the client with domain user account or administrator account, and then open the CMD and run as administrator.
    Enter "gpupdate /force" to force the update and refresh the group policies
    Then enter "gpresult /h C:\report.html" to get the result report to check whether the settings are applied or not.

    4) To check the history or review the scan result, we could refer to:

    https://www.tenforums.com/tutorials/123840-view-protection-history-microsoft-defender-antivirus-windows-10-a.html

    https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus

    Hope the information is helpful. For any question, please feel free to contact us.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best regards,
    Hannah Xiong