| V-213427 | | Microsoft Defender AV must be configured to automatically take action on all detected tasks. | This policy setting allows Microsoft Defender configuration to automatically take action on all detected threats. The action to be taken on a particul... |
| V-213429 | | Microsoft Defender AV must be configured to not exclude files for scanning. | This policy setting allows disabling of scheduled and real-time scanning for files under the paths specified or for the fully qualified resources spec... |
| V-213430 | | Microsoft Defender AV must be configured to not exclude files opened by specified processes. | This policy setting allows the disabling of scheduled and real-time scanning for any file opened by any of the specified processes. The process itself... |
| V-213431 | | Microsoft Defender AV must be configured to enable the Automatic Exclusions feature. | This setting allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.... |
| V-213432 | | Microsoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS. | This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If this se... |
| V-213433 | | Microsoft Defender AV must be configured to check in real time with MAPS before content is run or accessed. | This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or a... |
| V-213434 | | Microsoft Defender AV must be configured to join Microsoft MAPS. | This policy setting allows joining Microsoft MAPS. Microsoft MAPS is the online community that helps in choosing how to respond to potential threats. ... |
| V-213435 | | Microsoft Defender AV must be configured to only send safe samples for MAPS telemetry. | This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are:
(0x0) Always prompt
(0x1)... |
| V-213436 | | Microsoft Defender AV must be configured for protocol recognition for network protection. | This policy setting allows the configuration of protocol recognition for network protection against exploits of known vulnerabilities. If this setting... |
| V-213437 | | Microsoft Defender AV must be configured to not allow local override of monitoring for file and program activity. | This policy setting configures a local override for the configuration of monitoring for file and program activity on your computer. This setting can o... |
| V-213438 | | Microsoft Defender AV must be configured to not allow override of monitoring for incoming and outgoing file activity. | This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This setting can only be ... |
| V-213439 | | Microsoft Defender AV must be configured to not allow override of scanning for downloaded files and attachments. | This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This setting can only be s... |
| V-213440 | | Microsoft Defender AV must be configured to not allow override of behavior monitoring. | This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Group Policy. If this se... |
| V-213441 | | Microsoft Defender AV Group Policy settings must take priority over the local preference settings. | This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set by Group Policy. I... |
| V-213442 | | Microsoft Defender AV must monitor for incoming and outgoing files. | This policy setting allows the configuration of monitoring for incoming and outgoing files without having to turn off monitoring entirely. It is recom... |
| V-213443 | | Microsoft Defender AV must be configured to monitor for file and program activity. | This policy setting allows configuration of monitoring for file and program activity. If this setting is enabled or not configured, monitoring for fil... |
| V-213444 | | Microsoft Defender AV must be configured to scan all downloaded files and attachments. | This policy setting allows configuration of scanning for all downloaded files and attachments. If this setting is enabled or not configured, scanning ... |
| V-213445 | | Microsoft Defender AV must be configured to always enable real-time protection. | This policy setting turns off real-time protection prompts for known malware detection. Microsoft Defender Antivirus alerts when malware or potential... |
| V-213446 | | Microsoft Defender AV must be configured to enable behavior monitoring. | This policy setting allows configuration of behavior monitoring. If this setting is enabled or not configured, behavior monitoring will be enabled. If... |
| V-213447 | | Microsoft Defender AV must be configured to process scanning when real-time protection is enabled. | This policy setting allows the configuration of process scanning when real-time protection is turned on. This helps to catch malware, which could star... |
| V-213448 | | Microsoft Defender AV must be configured to scan archive files. | This policy setting allows the configuration of scans for malicious software and unwanted software in archive files such as .ZIP or .CAB files. If thi... |
| V-213449 | | Microsoft Defender AV must be configured to scan removable drives. | This policy setting allows the management of whether or not to scan for malicious software and unwanted software in the contents of removable drives s... |
| V-213450 | | Microsoft Defender AV must be configured to perform a weekly scheduled scan. | This policy setting allows specifying the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to... |
| V-213451 | | Microsoft Defender AV must be configured to turn on e-mail scanning. | This policy setting allows the configuration of e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files acc... |
| V-213454 | | Microsoft Defender AV must be configured to check for definition updates daily. | This policy setting allows specifying the day of the week on which to check for definition updates. The check can also be configured to run every day ... |
| V-213455 | | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Severe. | This policy setting allows the customization of which automatic remediation action will be taken for each threat alert level. Threat alert levels shou... |
| V-213456 | | Microsoft Defender AV must be configured to block executable content from email client and webmail. | This rule blocks the following file types from being run or launched from an email seen in either Microsoft Outlook or webmail (such as Gmail.com or O... |
| V-213457 | | Microsoft Defender AV must be configured block Office applications from creating child processes. | Office apps, such as Word or Excel, will not be allowed to create child processes. This is a typical malware behavior, especially for macro-based atta... |
| V-213458 | | Microsoft Defender AV must be configured block Office applications from creating executable content. | This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is ... |
| V-213459 | | Microsoft Defender AV must be configured to block Office applications from injecting into other processes. | Office apps, such as Word, Excel, or PowerPoint, will not be able to inject code into other processes. This is typically used by malware to run malici... |
| V-213460 | | Microsoft Defender AV must be configured to impede JavaScript and VBScript to launch executables. | JavaScript and VBScript scripts can be used by malware to launch other malicious apps. This rule prevents these scripts from being allowed to launch a... |
| V-213461 | | Microsoft Defender AV must be configured to block execution of potentially obfuscated scripts. | Malware and other threats can attempt to obfuscate or hide their malicious code in some script files. This rule prevents scripts that appear to be obf... |
| V-213462 | | Microsoft Defender AV must be configured to block Win32 imports from macro code in Office. | This rule blocks potentially malicious behavior by not allowing macro code to execute routines in the Win 32 dynamic link library (DLL).... |
| V-213463 | | Microsoft Defender AV must be configured to prevent user and apps from accessing dangerous websites. | Enable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host p... |
| V-213464 | | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level High. | This policy setting allows the customization of which automatic remediation action will be taken for each threat alert level. Threat alert levels shou... |
| V-213465 | | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Medium. | This policy setting allows the customization of which automatic remediation action will be taken for each threat alert level. Threat alert levels shou... |
| V-213466 | | Microsoft Defender AV must be configured for automatic remediation action to be taken for threat alert level Low. | This policy setting allows the customization of which automatic remediation action will be taken for each threat alert level. Threat alert levels shou... |
| V-213426 | | Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature. | After enabling this feature, PUA protection blocking takes effect on endpoint clients after the next signature update or computer restart. Signature u... |
| V-213428 | | Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software. | This policy setting turns off Microsoft Defender Antivirus. If this policy setting is enabled, Microsoft Defender Antivirus does not run and computers... |
| V-213452 | | Microsoft Defender AV spyware definition age must not exceed 7 days. | This policy setting allows defining the number of days that must pass before spyware definitions are considered out of date. If definitions are determ... |
| V-213453 | | Microsoft Defender AV virus definition age must not exceed 7 days. | This policy setting allows defining the number of days that must pass before virus definitions are considered out of date. If definitions are determin... |
