Compared to 3rd party antivirus software, the antivirus program Windows Defender Antivirus only provides a basic level of protection, but the overall protection level of Windows Defender Antivirus has been improved compared to other antivirus software.
On the Windows 10 Creators Update, Microsoft introduced a new feature called Windows Defender Security Center. We can say that Windows Defender Security Center is the “center” of the center for security related settings.
With Windows Defender Security Center, the blocking level of Windows Defender Antivirus has also been “raised” to a new level to enhance protection against threats.
Note: Steps to perform Windows Defender setup in Windows 10 and 8 to increase the defenses below activate the cloud protection level of Windows Defender Antivirus. This feature is only available on Windows 10 version 1703 (and higher versions) and management through various interfaces included Group Policy, Registry Editor, System Center Configuration Manager or Microsoft Intune.
The main benefit of enabling cloud protection is to detect and block new malware, even without a signature.
Core differences with Microsoft Advanced Protection Service, the previous version of cloud protection service available for Windows 10 version 1607 and Windows 8.1 was that you could configure the time to block the cloud and on the first version also supported this feature (go to 1607 but not on Windows 8.1).
set up Windows Defender to increase defenses
Use Group Policy to enable cloud protection for Windows Defender
If you are using the Pro or Enterprise version of Windows 10 (or Creators Update or higher), follow the steps below to enable protection:
Step 1: Import gpedit.msc Go to the Search box on the Start Menu and press Enter to open the window Local Group Policy Editor.
Step 2: In the Local Group Policy Editor window, in the left pane, navigate to the following key:
Computer Configuration => Administrative Templates => Windows Components => Windows Defender Antivirus => MAPS
Step 3: Find and double click Join Microsoft MAPS.
Step 4: Set the word value Not Configured Fort Enabled.
Step 5: At Join Microsoft MAPS, select Advanced MAPS.
Basic membership It is no longer an option, because Microsoft “doesn’t approve” of this option on Windows 10. If you choose basic membership, you will automatically be signed up for Advanced membership instead.
Basic membership will send basic information to Microsoft about the detected software, including the location of the software, actions that you apply or that are automatically applied, and whether the action is successful.
Advanced membership, in addition to basic information, will send additional information to Microsoft about malware, spyware and unwanted software, including the location of the software, file name, and how the various Software performance and its impact on your computer.
Note that both will send data to Microsoft.
The MAPS directory contains 3 additional policies, which you may want to configure:
– Configure the “Block at First Sight” feature: can enable or disable the Block at First Sight policy. If this policy is enabled, checks are done in real time with the Microsoft Active Protection Service before content is allowed to run or be accessed on the device.
– Configure local setting override for reporting to Microsoft: Allows users to configure local overrides. If this policy is enabled, Local preference settings take precedence over Group Policy.
– Send file samples when further analysis is required: Specifies whether and when sample files are shipped to Microsoft. You can set it to always prompt, send safe samples automatically, never send or send all samples automatically.
Note that if you enable the Configure the “Block at First Sight” feature policy, you must choose one of the 2 automatic sending options.
Change the cloud protection level of Windows Defender
Now that you have joined MAPS on the device, you can now set a higher level of protection.
Step 1: In the Local Group Policy Editor window, navigate to the following key:
Computer Configuration => Administrative Templates => Windows Components => Windows Defender Antivirus => MpEngine
Step 2: Find and double-click Select cloud protection level.
Step 3: Set the value to Enabled and in the Select cloud blocking level section, select the High blocking level option.
Microsoft talks about the difference between two blocking levels:
– Default Windows Defender Antivirus blocking level setting provides strong detection without increasing the risk of detecting legitimate files.
– High blocking level setting will apply strong detection level. Although unlikely, some legitimate files may be detected (although you will have the option to unblock or dispute that detection).
Use Registry Editor to activate the level of cloud protection for Windows Defender
On Windows 10 Home devices does not support Group Policy Editor. However, users can use the Windows Registry Editor to make the necessary changes.
Step 1: On the Search Start Menu box, type regedit.exe on it then press Enter.
Step 2: If the window appears UAC, click Yes to open the window Windows Registry Editor.
Step 3: In the Windows Registry Editor window, in the left pane, navigate to the following key:
HKEY_LOCAL_MACHINE Software Policies Microsoft Windows Defender
Step 4: Find and right-click Windows Defender, choose new =>Key.
Step 5: Name this new key Spynet.
Step 6: Right-click on Spynet, select new =>DWORD (32-bit) Value.
Step 7: Name this value as SpynetReporting.
Step 8: Double click SpynetReporting, and set the value in the frame Value Data was 2.
Step 9: Return to the link HKEY_LOCAL_MACHINE Software Policies Microsoft Windows Defender.
Step 10: Right-click Windows Defender, choose new =>Key.
Step 11: Name this key MpEngine.
Step 12: Right-click the newly created MpEngine key, select new >DWORD (32-bit) Value.
Step 13: Name this value as MpCloudBlockLevel.
Step 14: Double click MpCloudBlockLevel and set the value in the frame Value data was 2.
Doing this will help you set up Windows Defender to increase the defenses of the computer to become more solid with detailed reports and higher security.
In addition, sometimes users also turn off Windows Defender with the Registry on Windows 10, this method takes a bit of time but ensures that Windows Defender is turned off completely, you refer to how Turn off Windows Defender with the Registry here on Windows 10.
You can opt-out of MAPS by deleting the keys Registry or set policies in Group Policy Editor Fort Disabled or Not configured.
Setting up Windows Defender to increase defenses is a good idea. However, some users may not want to use this option, possibly because: first, it allows sending more data to Microsoft (including the sample files if configured in this way). , and secondly, because it can increase the number of false positives (positive error rate).
To use Windows Defender faster, you can add Windows Defender to the Right-click Menu like many other applications, details, please refer to the article Add Windows Defender to the Right-click Menu here.