Applies To: Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista
TrustedImageIdentifier specifies a unique identifier that signals that the files that are installed on the computer have already been scanned, and do not require additional on-access scans by Windows® Defender. Windows Defender is a Microsoft® application that can help to prevent, remove, and quarantine malware and spyware.
By default, Windows Defender performs a scan of each file on the computer when the computer accesses the file for the first time. This is known as an on-access scan. When Windows Defender performs a quick scan or a full scan (also known as on-demand scans), the rest of the files on the system will be marked as safe.
If you set a trusted image identifier, Windows Defender does not perform on-access scans of the individual files that belong to the trusted image. This can increase system speed.
If you have already deployed a series of computers, and then later determine that there is a potential problem with the security of the image, contact your Depth Project Manager (PM) within the Windows Ecosystem Engagement team, and provide the unique identifier of the image. Microsoft will add this unique identifier into Windows Update. After a computer with that unique identifier receives updates from Windows Update, Windows Defender performs scans on all of the files on that computer.
Specifies a Trusted_identifier_ID value. Trusted_identifier_ID is a string.
We recommend that you use a unique identifier, such as a GUID, for the value of this setting. Using a GUID allows you to easily identify the image.
Valid Configuration Passes
Security-Malware-Windows-Defender | TrustedImageIdentifier
This setting does not apply to Windows Server® 2012 editions.
For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.
The following XML output shows how to signal Windows Defender so that it does not scan the current set of files.