Microsoft 宣布了从Windows 10 v1703开始​​的新^{(Windows 10 v1703)}Windows Defender 安全中心，这使得切换我们 PC 的安全设置变得更加容易。默认情况下，Windows Defender设置为低保护模式，因为这将通过施加更少的限制使我们的生活更轻松，但 IT 管理员可以启用云保护^{(Cloud Protection)}并更改这些组策略^{(Group Policy)}设置 -配置^{(Configure Block)}一见钟情，配置本地设置覆盖^(Configure)以^{(First Sight)}进行报告, 并加入 Microsoft MAPS^{(Join Microsoft MAPS)} ( Microsoft Advanced Protection Service ) 或SpyNet , 以设置Windows Defender 防病毒^{(Windows Defender Antivirus)}阻止保护到最高级别。

^{(Harden Windows Defender)}在Windows 10中^{(Windows 10)}强化 Windows Defender保护

运行gpedit.msc打开组策略编辑器^{(Group Policy Editor)}并导航到以下路径：

Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Maps

在这里，您将看到 4 个设置：

• 加入微软地图
• 配置一见钟情^(Block)功能_ _^{(First Sight)}
• 配置^(Configure)本地设置覆盖以向Microsoft MAPS报告^{(Microsoft MAPS)}
• 需要进一步分析时发送^(Send)文件样本。

您可以根据您的要求配置 Windows Defender 设置。

1]加入微软地图

要加入Microsoft 高级保护服务^{(Microsoft Advanced Protection Service)}，请双击加入 Microsoft 地图^{(Join Microsoft Maps)}。在打开的属性^(Properties)框中，选择“已启用^(Enabled)”。

This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.

您在这里有 3 个选项 -禁用^(Disabled)、基本^(Basic)会员和高级^(Advanced)会员。

2 ]配置^{(Configure Block)}一见钟情功能^{(First Sight)}

加入MAPS后，您可以双击 0n Block at First Sight并在其属性^(Properties)框中选择 Enabled ..

This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.

此功能需要如下设置这些组策略设置：^{(Group Policy)}加入 Microsoft MAPS^{(Join Microsoft MAPS)}必须启用，需要进一步分析时发送文件样本^{(Send file samples when further analysis is required)}应设置为发送安全样本^{(Send safe samples)}或发送所有样本^{(Send all samples)}，扫描所有下载的文件和附件^{(Scan all downloaded files and attachments)}策略必须启用，并且不应启用关闭实时保护^{(Turn off real-time protection)}策略。

3]配置^(Configure)本地设置覆盖以向Microsoft MAPS报告^{(Microsoft MAPS)}

配置本地设置覆盖以向 Microsoft MAPS 报告^{(Configure local setting override for reporting to Microsoft MAPS)}设置将使用户优先于组策略^{(Group Policy)}，从而最终允许他们覆盖相同的设置。

This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy.

您需要双击它并在打开的属性^(Properties)框中选择启用。启用此功能后，它将实时运行检查并决定是否允许内容运行。

4]需要进一步分析时发送文件样本^(Send)

需要进一步分析时发送文件样本^{(Send file samples when further analysis is required)}设置可让您将所有样本自动发送到Microsoft以^(Microsoft)进行进一步分析。

This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. The possible options are: Always prompt, Send safe samples automatically, Never send and Send all samples automatically.

您需要双击它并在打开的属性^(Properties)框中选择启用。

完成此操作后，您可以继续为 Windows Defender 设置云保护级别。^{(Having done this, you can move on to set the Cloud protection level for Windows Defender.)}

5]在Windows Defender中^{(Windows Defender)}选择云保护^{(Select Cloud Protection)}级别

云保护级别也可以通过访问以下路径使用组策略来启用：^{(Group Policy)}

Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > MpEngine

在右侧窗格中，您将看到Select protection level。双击它以打开其属性^(Properties)框，然后选择Enabled。您将看到提供的两个选项：

1. 默认Windows Defender 防病毒^{(Windows Defender Antivirus)}阻止级别
2. 高阻塞级别

选择高阻止级别^{(High blocking level)}，然后单击应用。

This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.

阅读^(Read)：如何在 Windows Defender 中启用和配置勒索软件保护^{(Ransomware Protection in Windows Defender)}。

6]配置扩展云检查

在MpEngine设置下，您还将看到 配置扩展云检查^{(Configure extended cloud check)}设置。如果您愿意，您也可以启用此设置

This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it’s safe. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds.

提示^(TIP)：让 Windows Defender 也保护您免受潜在有害程序的侵害^{(Make Windows Defender protect you against Potentially Unwanted Programs too)}。

7 ]使用注册表^(Registry)启用^{(] Enable)}并将云保护^{(Cloud Protection)}级别设置为高^(High)

如果您是Windows 10 Home的用户，那么您可以使用Windows 注册表^{(Windows Registry)}并调整一些设置。为此，请在开始搜索中键入^{(Start Search)}regedit.exe ，然后按 Enter^(Enter)打开注册表编辑器^{(Registry Editor)}。现在导航到以下键：

HKEY_LOCAL_Machine\Software\Policies\Microsoft\Windows Defender

在左侧，右键单击Windows Defender，选择新建 > 密钥并将密钥命名为Spynet。右键单击Spynet并再次选择New > Dword (32-bit) 并将其命名为SpynetReporting。将其值设置为2以将其设置为高级。

现在，再次右键单击左侧出现的Windows Defender键，然后选择^{(Windows Defender)}New > Key。这次将密钥命名为MpEngine。接下来右键单击MpEngine键并选择New > Dword (32-bit) value。将该键命名为MpCloudBlockLevel并将其值设置为2以将其设置为高块级别。

可以帮助您的工具：^{(Tools that may help you:)}

1. ConfigureDefender帮助您立即更改Windows 安全^{(Windows Security)}设置
2. WinDefThreatsView工具可让您为^{(WinDefThreatsView)}Windows Defender威胁设置默认操作。

Harden Windows Defender protection to the highest levels on Windows 10

Microsoft announced a new Windowѕ Defеnder Securitу Center starting from the Windows 10 v1703 and this makes it easier to toggle the security settings for our PCs. By default, Windows Defender is set in a low protection mode since this will make our lives easy by imposing fewer restrictions, but IT administrators can enable Cloud Protection and change these Group Policy settings – Configure Block at First Sight, Configure local setting override for reporting, and Join Microsoft MAPS (Microsoft Advanced Protection Service) or SpyNet, to set Windows Defender Antivirus blocking protection to highest levels.

Harden Windows Defender protection in Windows 10

Run gpedit.msc to open the Group Policy Editor and navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Maps

Here you will see 4 settings:

• Join Microsoft Maps
• Configure Block at First Sight feature
• Configure local setting override for reporting to Microsoft MAPS
• Send file samples when further analysis is required.

You can configure Windows Defender settings according to your requirements.

1] Join Microsoft Maps

To join Microsoft Advanced Protection Service, double-click on Join Microsoft Maps. In the Properties box which opens, select “Enabled.”

This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.

You have 3 options here – Disabled, Basic membership and Advanced membership.

2] Configure Block at First Sight feature

After joining MAPS, you can double-click 0n Block at First Sight and select Enabled in its Properties box..

This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.

This feature requires these Group Policy settings to be set as follows: Join Microsoft MAPS must be enabled, the Send file samples when further analysis is required should be set to Send safe samples or Send all samples, the Scan all downloaded files and attachments policy must be enabled and the Turn off real-time protection policy should NOT be enabled.

3] Configure local setting override for reporting to Microsoft MAPS

The Configure local setting override for reporting to Microsoft MAPS setting will let users take precedence over the Group Policy thus eventually allowing them to override the same.

This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy.

You need to double-click on it and select Enabled in the Properties box which opens. Once this feature is enabled it will run checks in real-time and will decide on whether to allow the content to run or not.

4] Send file samples when further analysis is required

The Send file samples when further analysis is required setting will let you send all the samples automatically to Microsoft for further analysis.

This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. The possible options are: Always prompt, Send safe samples automatically, Never send and Send all samples automatically.

You need to double-click on it and select Enabled in the Properties box which opens.

Having done this, you can move on to set the Cloud protection level for Windows Defender.

5] Select Cloud Protection level in Windows Defender

The cloud protection level too can be enabled by using the Group Policy by visiting the following path:

Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > MpEngine

In the right pane, you will see Select protection level. Double-click on it to open its Properties box and then choose Enabled. You will see two options offered:

1. Default Windows Defender Antivirus blocking level
2. High blocking level

Select High blocking level and click on Apply.

This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.

Read: How to enable and configure Ransomware Protection in Windows Defender.

6] Configure extended cloud check

Under the MpEngine settings, you will also see a Configure extended cloud check setting. If you wish, you may also Enable this setting

This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it’s safe. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds.

TIP: Make Windows Defender protect you against Potentially Unwanted Programs too.

7] Enable & set Cloud Protection level to High using Registry

If you are a user of Windows 10 Home, then you can use the Windows Registry and tweak some settings. To do this, type regedit.exe in Start Search and hit Enter to open the Registry Editor. Now navigate to the following key:

HKEY_LOCAL_Machine\Software\Policies\Microsoft\Windows Defender

In the left side, right-click on Windows Defender, select New > Key and name the key Spynet. Right-click on Spynet and again select New > Dword (32-bit) and name it SpynetReporting. Set its value to 2 to set it at Advanced level.

Now, again right-click on the Windows Defender key which appears on the left side and select New > Key. This time name the key as MpEngine. Next right-click on the MpEngine key and select New > Dword (32-bit) value. Name the key as MpCloudBlockLevel and give it a value of 2 to set it at High block level.

Tools that may help you:

1. ConfigureDefender helps you change Windows Security settings instantly
2. WinDefThreatsView tool lets you set default actions for Windows Defender threats.

Related posts

• 什么是Windows 10中的Control Flow Guard - 如何打开或关闭它

• Error 0x800106ba，Windows Defender Application未能初始化

• 您的IT administrator已禁用Windows Security

• 当存储Windows Defender Offline扫描日志？

• 在Windows Defender启用和配置Ransomware Protection

• Update Windows Defender定义使用PowerShell

• 在Windows Defender管理隔离Items，Exclusions

• 如何打开Windows Security Center在Windows 10

• 在Windows 10启用或打开Microsoft Defender的通知

• 如何在Windows 10上启用Windows Defender中的Network扫描

• Windows Defender不会关闭| Unable以禁用Windows Defender

• Fix Windows Defender error 0x8007139f在Windows 11/10上

• 如何在Windows 10的Exploit Protection中添加或排除应用程序

• WinDefThreatsView - Windows Defender Set default威胁的动作

• 从Windows Security修改Exploit Protection防止用户

• 在Windows 10上永久禁用Windows Defender

• 什么是Windows 10中的Firewall and Network Protection以及如何隐藏此部分

• 配置Windows Defender以扫描Windows 10中的.zip .rar .cab文件

• Windows 10中的Remove Windows Defender Notification Icon

• 由于Windows Defender blockage，Apple iCloud不起作用