EnableRemoteManagedDefaults

EnableRemoteManagedDefaults specifies whether to configure Windows Defender to be remotely managed using recommended default settings:

Name Default setting for remote management of Windows Defender

Scan\CheckForSignaturesBeforeScan

true

Scan\AvgCPULoadFactor

20

Threats\ThreatSeverityDefaultAction

quarantine

Scan\DisableRestorePoint

false

Scan\DisableReparsePoint

false

UX Configuration\UILockdown

true

Quarantine\PurgeItemsAfterDelay

35 days

Signature Updates\SignatureUpdateInterval

11 hours

Signature Updates\FallbackOrder

InternalDefinitionUpdateServer|MicrosoftUpdateServer|MMPC

Scan\DisableRemovableDriveScanning

false

Scan\DisableScanningNetworkFiles

true

If configured, Windows Defender will not display any user interface on the local computer. The default settings can still be overridden using Group Policy.

Windows Defender is an application that can prevent, remove, and quarantine malware (malicious software) and spyware.

Values

true

Configures Windows Defender for remote management.

false

Does not configure Windows Defender for remote management. This is the default value.

Valid Configuration Passes

oobeSystem

offlineServicing

specialize

Parent Hierarchy

Security-Malware-Windows-Defender | EnableRemoteManagedDefaults

Applies To

For Windows Windows Server 2016 editions, Windows Defender is installed with the operating system.

For Windows Server 2012, Windows Server 2008 R2 and Windows Server 2008, Windows Defender is installed with the Desktop Experience Pack.

For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.

XML Example

The following XML output shows how to Windows Defender to be remotely managed using recommended default settings.

<EnableRemoteManagedDefaults>true</EnableRemoteManagedDefaults>

Security-Malware-Windows-Defender