設定 Microsoft Defender 防毒軟體偵測的補救Configure remediation for Microsoft Defender Antivirus detections

適用於:Applies to:

當 Microsoft Defender 防毒軟體執行掃描時,它會嘗試修正或移除所偵測到的威脅。When Microsoft Defender Antivirus runs a scan, it attempts to remediate or remove threats that are detected. 您可以設定 Microsoft Defender 防毒軟體應如何處理特定威脅、是否應該在修正之前建立還原點,以及何時應移除威脅。You can configure how Microsoft Defender Antivirus should address certain threats, whether a restore point should be created before remediating, and when threats should be removed.

本文說明如何使用群組原則來設定這些設定,但是您也可以使用Microsoft Endpoint Configuration ManagerMicrosoft IntuneThis article describes how to configure these settings by using Group Policy, but you can also use Microsoft Endpoint Configuration Manager and Microsoft Intune.

您也可以使用 Set-MpPreference PowerShell Cmdlet MSFT_MpPreference WMI 類別來設定這些設定。You can also use the Set-MpPreference PowerShell cmdlet or MSFT_MpPreference WMI class to configure these settings.

設定修正選項Configure remediation options

  1. 在您的群組原則管理電腦上,開啟 [ 群組原則管理主控台],以滑鼠右鍵按一下您要設定的群組原則物件,然後按一下 [ 編輯]。On your Group Policy management computer, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.

  2. 在 [ 群組原則管理編輯器 ] 中,移至 [ 電腦 設定],然後選取 [ 管理範本]。In the Group Policy Management Editor go to Computer configuration and select Administrative templates.

  3. 展開樹狀目錄,以 Windows 元件 > Microsoft Defender 防毒軟體Expand the tree to Windows components > Microsoft Defender Antivirus.

  4. 使用下表,選取位置,然後視需要編輯原則。Using the table below, select a location, and then edit the policy as needed.

  5. 選取 [確定]Select OK.

位置Location 設定Setting 描述Description 預設設定 ((如果未設定)) Default setting (if not configured)
掃描Scan 建立系統還原點Create a system restore point 在嘗試清除或掃描之前每天都會建立系統還原點A system restore point will be created each day before cleaning or scanning is attempted 停用Disabled
掃描Scan 開啟從掃描歷程記錄資料夾中移除專案Turn on removal of items from scan history folder 指定在掃描歷程記錄中應該保留的專案數天數Specify how many days items should be kept in the scan history 30 天30 days
Root 關閉常式修復Turn off routine remediation 您可以指定 Microsoft Defender 防毒軟體是否會自動 remediates 威脅,或者是否應要求端點使用者執行的動作。You can specify whether Microsoft Defender Antivirus automatically remediates threats, or if it should ask the endpoint user what to do. 停用 (威脅會自動修正) Disabled (threats are remediated automatically)
隔離Quarantine 設定從隔離資料夾中移除專案Configure removal of items from Quarantine folder 指定專案應該保留在隔離之前多少天之後才能被移除Specify how many days items should be kept in quarantine before being removed 90 天90 days
威脅Threats 指定偵測到預設動作時不應該採取的威脅警示層級Specify threat alert levels at which default action should not be taken when detected Microsoft Defender 防毒軟體所偵測到的每個威脅都會被指派威脅層級 (低、中、高或嚴重的) 。Every threat that is detected by Microsoft Defender Antivirus is assigned a threat level (low, medium, high, or severe). 您可以使用此設定來定義每個威脅層級的所有威脅應如何補救 (隔離、移除或忽略) You can use this setting to define how all threats for each of the threat levels should be remediated (quarantined, removed, or ignored) 不適用Not applicable
威脅Threats 指定當偵測到預設動作時不應該採取的威脅Specify threats upon which default action should not be taken when detected 指定應該修正 (使用威脅識別碼的特定威脅) 。Specify how specific threats (using their threat ID) should be remediated. 您可以指定是否應該隔離、移除或忽略特定威脅。You can specify whether the specific threat should be quarantined, removed, or ignored 不適用Not applicable

重要

Microsoft Defender 防毒軟體會根據許多因素來偵測和 remediates 檔案。Microsoft Defender Antivirus detects and remediates files based on many factors. 在某些情況下,完成修復需要重新開機。Sometimes, completing a remediation requires a reboot. 即使後來判斷出的偵測是誤報,也必須完成重新開機,以確保已完成所有其他的修復步驟。Even if the detection is later determined to be a false positive, the reboot must be completed to ensure all additional remediation steps have been completed.

如果您以誤報的 Microsoft Defender 防毒軟體隔離檔案,您可以在裝置重新開機後,從隔離區還原檔案。If you are certain Microsoft Defender Antivirus quarantined a file based on a false positive, you can restore the file from quarantine after the device reboots. 請參閱在 Microsoft Defender 防毒軟體還原隔離的檔案。See Restore quarantined files in Microsoft Defender Antivirus.

為了避免未來發生此問題,您可以從掃描中排除檔案。To avoid this problem in the future, you can exclude files from the scans. 請參閱設定及驗證 Microsoft Defender 防毒軟體掃描的排除專案。See Configure and validate exclusions for Microsoft Defender Antivirus scans.

另請參閱設定修正-必要的排程完整 Microsoft Defender 防毒軟體掃描以取得更多修正相關設定。Also see Configure remediation-required scheduled full Microsoft Defender Antivirus scans for more remediation-related settings.

另請參閱See also