開啟雲端提供的保護Turn on cloud-delivered protection

適用於:Applies to:

注意

Microsoft Defender 防毒軟體 cloud service 是一種機制,可將更新的保護傳遞到網路和端點。The Microsoft Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. 雖然它稱為雲端服務,但不只是保護儲存在雲端中的檔案;相反地,它會使用分散式資源和機器教學,以比傳統的安全性智慧更新速度更快的速率來提供對端點的保護。Although it is called a cloud service, it is not simply protection for files stored in the cloud; rather, it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.

Microsoft Defender 防毒軟體會使用多個偵測及防護技術來提供準確、即時和智慧的保護。Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. 深入瞭解 Microsoft Defender 在第二代端點的核心的高級技術Get to know the advanced technologies at the core of Microsoft Defender for Endpoint next-generation protection.

您可以多種方式開啟或關閉 Microsoft Defender 防毒軟體雲端提供的保護:You can turn Microsoft Defender Antivirus cloud-delivered protection on or off in several ways:

  • Microsoft IntuneMicrosoft Intune
  • Microsoft 端點管理員Microsoft Endpoint Manager
  • 群組原則Group Policy
  • PowerShell Cmdlet。PowerShell cmdlets.

您也可以在 Windows 安全性應用程式的個別用戶端中開啟或關閉該功能。You can also turn it on or off in individual clients with the Windows Security app.

請參閱使用 Microsoft 雲端提供的保護,以取得 Microsoft Defender 防毒軟體雲端提供保護的概述。See Use Microsoft cloud-delivered protection for an overview of Microsoft Defender Antivirus cloud-delivered protection.

如需特定網路連線需求的詳細資訊,以確保端點能夠連線至雲端提供的保護服務,請參閱 Configure and validate network connectionsFor more information about the specific network-connectivity requirements to ensure your endpoints can connect to the cloud-delivered protection service, see Configure and validate network connections.

注意

在 Windows 10 中,本主題所述的 基本高級 報告選項之間沒有任何差異。In Windows 10, there is no difference between the Basic and Advanced reporting options described in this topic. 這是傳統的區別,而且選擇任一設定會導致相同的雲端傳送層級保護。This is a legacy distinction and choosing either setting will result in the same level of cloud-delivered protection. 共用的資訊類型或數量不會有任何差異。There is no difference in the type or amount of information that is shared. 如需我們收集之專案的詳細資訊,請參閱 Microsoft 隱私權聲明For more information on what we collect, see the Microsoft Privacy Statement.

使用 Intune 開啟雲端傳送保護Use Intune to turn on cloud-delivered protection

  1. 請移至 Microsoft 端點管理員系統管理中心 (https://endpoint.microsoft.com) 並登入。Go to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com) and log in.

  2. 在 [ 首頁 ] 窗格中,選取 [裝置設定] > 設定檔On the Home pane, select Device configuration > Profiles.

  3. 選取您要設定的 裝置限制 配置檔案類型。Select the Device restrictions profile type you want to configure. 如果您需要建立新的 裝置限制 配置檔案類型,請參閱 在 Microsoft Intune 中設定裝置限制設定If you need to create a new Device restrictions profile type, see Configure device restriction settings in Microsoft Intune.

  4. 選取 [屬性 > 設定:編輯 > Microsoft Defender 防毒軟體]。Select Properties > Configuration settings: Edit > Microsoft Defender Antivirus.

  5. 雲端提供的保護 參數上,選取 [ 啟用]。On the Cloud-delivered protection switch, select Enable.

  6. 在 [ 提交範例前提示使用者 ] 下拉式清單中,選取 [ 自動傳送所有資料]。In the Prompt users before sample submission dropdown, select Send all data automatically.

如需 Intune 裝置設定檔的詳細資訊,包括如何建立和設定其設定,請參閱什麼是 Microsoft Intune 裝置設定檔?For more information about Intune device profiles, including how to create and configure their settings, see What are Microsoft Intune device profiles?

使用 Microsoft 端點管理員開啟雲端傳送保護Use Microsoft Endpoint Manager to turn on cloud-delivered protection

  1. 請移至 Microsoft 端點管理員系統管理中心 (https://endpoint.microsoft.com) 並登入。Go to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com) and log in.

  2. 選擇 [ Endpoint security > 防病毒]。Choose Endpoint security > Antivirus.

  3. 選取防病毒設定檔。Select an antivirus profile. (如果您尚沒有其中一個,或若您想要建立新的設定檔,請參閱在 Microsoft Intune 中設定裝置限制設定(If you don't have one yet, or if you want to create a new profile, see Configure device restriction settings in Microsoft Intune.

  4. 選取 [ 屬性]。Select Properties. 然後,選擇 [ 設定設定] 旁的 [ 編輯]。Then, next to Configuration settings, choose Edit.

  5. 展開 [ cloud protection],然後在 [ 雲端提供的保護層級 ] 清單中,選取下列其中一項:Expand Cloud protection, and then in the Cloud-delivered protection level list, select one of the following:

    • High:套用強層次的偵測。High: Applies a strong level of detection.
    • High plus:使用 高階 ,套用其他保護措施 (可能會影響用戶端效能) 。High plus: Uses the High level and applies additional protection measures (may impact client performance).
    • 零容錯:封鎖所有的未知可執行檔。Zero tolerance: Blocks all unknown executables.
  6. 選取 [ 複查 + 儲存],然後選擇 [ 儲存]。Select Review + save, then choose Save.

如需設定 Microsoft Endpoint Configuration Manager 的詳細資訊,請參閱 how to create and deploy 反惡意程式碼原則: Cloud-protection serviceFor more information about configuring Microsoft Endpoint Configuration Manager, see How to create and deploy antimalware policies: Cloud-protection service.

使用群組原則開啟雲端傳送保護Use Group Policy to turn on cloud-delivered protection

  1. 在您的群組原則管理裝置上,開啟 [ 群組原則管理主控台],以滑鼠右鍵按一下您要設定的群組原則物件,然後選取 [ 編輯]。On your Group Policy management device, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select Edit.

  2. 在 [ 群組原則管理編輯器] 中,移至 [ 電腦 設定]。In the Group Policy Management Editor, go to Computer configuration.

  3. 選取 [系統 管理範本]。Select Administrative templates.

  4. 展開樹狀目錄,以 Windows 元件 > Microsoft Defender 防毒軟體 > 對應Expand the tree to Windows components > Microsoft Defender Antivirus > MAPS

  5. 連按兩下 [ 加入 MICROSOFT 地圖]。Double-click Join Microsoft MAPS. 確定已開啟此選項,並將其設定為 [ 基本地圖 ] 或 [ 高級地圖]。Ensure the option is turned on and set to Basic MAPS or Advanced MAPS. 選取 [確定]Select OK.

  6. 需要進一步分析時, 請按兩下 [傳送檔案範例]。Double-click Send file samples when further analysis is required. 確定第一個選項設定為 [ 啟用 ],且其他選項設定為下列其中一項:Ensure that the first option is set to Enabled and that the other options are set to either:

    1. (1) 傳送安全的範例Send safe samples (1)

    2. 將所有範例都傳送 (3) Send all samples (3)

      注意

      [ 傳送安全範例 (1) ] 選項表示將會自動傳送大部分的範例。The Send safe samples (1) option means that most samples will be sent automatically. 可能包含個人資訊的檔案仍會出現提示,需要其他確認。Files that are likely to contain personal information will still prompt and require additional confirmation. 將此選項設定為 Always Prompt (0) 會降低裝置的保護狀態。Setting the option to Always Prompt (0) will lower the protection state of the device. 設定為 永不傳送 (2) 表示 Microsoft Defender for Endpoint 的「 區塊第一次看到 」功能將無法運作。Setting it to Never send (2) means that the Block at First Sight feature of Microsoft Defender for Endpoint won't work.

  7. 選取 [確定]Select OK.

使用 PowerShell Cmdlet 開啟雲端傳送保護Use PowerShell cmdlets to turn on cloud-delivered protection

下列 Cmdlet 可以開啟雲端提供的保護:The following cmdlets can turn on cloud-delivered protection:

Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent SendAllSamples

如需如何搭配 Microsoft Defender 防毒軟體使用 PowerShell 的詳細資訊,請參閱use PowerShell Cmdlet 以設定及執行 Microsoft Defender 防毒軟體Defender CmdletFor more information on how to use PowerShell with Microsoft Defender Antivirus, see Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus and Defender cmdlets. 原則 CSP-Defender 也有專用於 SubmitSamplesConsent的詳細資訊。Policy CSP - Defender also has more information specifically on -SubmitSamplesConsent.

注意

您也可以將 SubmitSamplesConsent 設定為 SendSafeSamples (預設設定) 、 NeverSendAlwaysPromptYou can also set -SubmitSamplesConsent to SendSafeSamples (the default setting), NeverSend, or AlwaysPrompt. SendSafeSamples 設定表示將會自動傳送大多數的範例。The SendSafeSamples setting means that most samples will be sent automatically. 可能包含個人資訊的檔案仍會出現提示,需要其他確認。Files that are likely to contain personal information will still prompt and require additional confirmation.

警告

設定 -SubmitSamplesConsentNeverSendAlwaysPrompt 會降低裝置的保護層級。Setting -SubmitSamplesConsent to NeverSend or AlwaysPrompt will lower the protection level of the device. 此外,設定為 NeverSend 表示 Microsoft Defender For Endpoint 的「 區塊第一次看到 」功能將無法運作。In addition, setting it to NeverSend means that the Block at First Sight feature of Microsoft Defender for Endpoint won't work.

使用 Windows 管理指令 (WMI) 開啟雲端傳送保護Use Windows Management Instruction (WMI) to turn on cloud-delivered protection

針對下列屬性,使用 MSFT_MpPreference 類別的 Set 方法Use the Set method of the MSFT_MpPreference class for the following properties:

MAPSReporting
SubmitSamplesConsent

如需允許參數的詳細資訊,請參閱Windows Defender WMIv2 APIsFor more information about allowed parameters, see Windows Defender WMIv2 APIs

在 Windows 安全性應用程式的個別用戶端上開啟雲端提供保護Turn on cloud-delivered protection on individual clients with the Windows Security app

注意

如果設定為 [將 Microsoft MAPS 群組原則設定覆寫] 設定為 [已停 用],則 Windows 設定中的 雲端型保護 設定會變灰並無法使用。If the Configure local setting override for reporting Microsoft MAPS Group Policy setting is set to Disabled, then the Cloud-based protection setting in Windows Settings will be greyed-out and unavailable. 必須先將透過群組原則物件進行的變更部署到個別端點,才能在 Windows 設定中更新設定。Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.

  1. 在工作欄中選取盾牌圖示,或搜尋 Defender 的 [開始] 功能表,以開啟 Windows 安全性應用程式。Open the Windows Security app by selecting the shield icon in the task bar, or by searching the start menu for Defender.

  2. 在左功能表列上選取 [ 病毒 & 威脅防護 磚 (] 或 [盾牌] 圖示) 然後 & [病毒威脅防護設定 ] 標籤:Select the Virus & threat protection tile (or the shield icon on the left menu bar) and then the Virus & threat protection settings label:

    病毒 & 威脅防護設定的螢幕擷取畫面

  3. 確認已將 雲端式保護自動範例提交 切換為 [ 開啟]。Confirm that Cloud-based Protection and Automatic sample submission are switched to On.

注意

如果已使用群組原則設定自動範例提交,則設定會變灰並無法使用。If automatic sample submission has been configured with Group Policy then the setting will be greyed-out and unavailable.