在 Windows 10 上将 Windows Defender 保护强化到最高级别
Microsoft 宣布了从Windows 10 v1703开始的新(Windows 10 v1703)Windows Defender 安全中心,这使得切换我们 PC 的安全设置变得更加容易。默认情况下,Windows Defender设置为低保护模式,因为这将通过施加更少的限制使我们的生活更轻松,但 IT 管理员可以启用云保护(Cloud Protection)并更改这些组策略(Group Policy)设置 -配置(Configure Block)一见钟情,配置本地设置覆盖(Configure)以(First Sight)进行报告, 并加入 Microsoft MAPS(Join Microsoft MAPS) ( Microsoft Advanced Protection Service ) 或SpyNet , 以设置Windows Defender 防病毒(Windows Defender Antivirus)阻止保护到最高级别。
(Harden Windows Defender)在Windows 10中(Windows 10)强化 Windows Defender保护
运行gpedit.msc打开组策略编辑器(Group Policy Editor)并导航到以下路径:
Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Maps
在这里,您将看到 4 个设置:
- 加入微软地图
- 配置一见钟情(Block)功能_ _(First Sight)
- 配置(Configure)本地设置覆盖以向Microsoft MAPS报告(Microsoft MAPS)
- 需要进一步分析时发送(Send)文件样本。
您可以根据您的要求配置 Windows Defender 设置。
1]加入微软地图
要加入Microsoft 高级保护服务(Microsoft Advanced Protection Service),请双击加入 Microsoft 地图(Join Microsoft Maps)。在打开的属性(Properties)框中,选择“已启用(Enabled)”。
This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.
您在这里有 3 个选项 -禁用(Disabled)、基本(Basic)会员和高级(Advanced)会员。
2 ]配置(Configure Block)一见钟情功能(First Sight)
加入MAPS后,您可以双击 0n Block at First Sight并在其属性(Properties)框中选择 Enabled ..
This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.
此功能需要如下设置这些组策略设置:(Group Policy)加入 Microsoft MAPS(Join Microsoft MAPS)必须启用,需要进一步分析时发送文件样本(Send file samples when further analysis is required)应设置为发送安全样本(Send safe samples)或发送所有样本(Send all samples),扫描所有下载的文件和附件(Scan all downloaded files and attachments)策略必须启用,并且不应启用关闭实时保护(Turn off real-time protection)策略。
3]配置(Configure)本地设置覆盖以向Microsoft MAPS报告(Microsoft MAPS)
配置本地设置覆盖以向 Microsoft MAPS 报告(Configure local setting override for reporting to Microsoft MAPS)设置将使用户优先于组策略(Group Policy),从而最终允许他们覆盖相同的设置。
This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy.
您需要双击它并在打开的属性(Properties)框中选择启用。启用此功能后,它将实时运行检查并决定是否允许内容运行。
4]需要进一步分析时发送文件样本(Send)
需要进一步分析时发送文件样本(Send file samples when further analysis is required)设置可让您将所有样本自动发送到Microsoft以(Microsoft)进行进一步分析。
This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. The possible options are: Always prompt, Send safe samples automatically, Never send and Send all samples automatically.
您需要双击它并在打开的属性(Properties)框中选择启用。
完成此操作后,您可以继续为 Windows Defender 设置云保护级别。(Having done this, you can move on to set the Cloud protection level for Windows Defender.)
5]在Windows Defender中(Windows Defender)选择云保护(Select Cloud Protection)级别
云保护级别也可以通过访问以下路径使用组策略来启用:(Group Policy)
Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > MpEngine
在右侧窗格中,您将看到Select protection level。双击它以打开其属性(Properties)框,然后选择Enabled。您将看到提供的两个选项:
- 默认Windows Defender 防病毒(Windows Defender Antivirus)阻止级别
- 高阻塞级别
选择高阻止级别(High blocking level),然后单击应用。
This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.
阅读(Read):如何在 Windows Defender 中启用和配置勒索软件保护(Ransomware Protection in Windows Defender)。
6]配置扩展云检查
在MpEngine设置下,您还将看到 配置扩展云检查(Configure extended cloud check)设置。如果您愿意,您也可以启用此设置
This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it’s safe. The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds.
提示(TIP):让 Windows Defender 也保护您免受潜在有害程序的侵害(Make Windows Defender protect you against Potentially Unwanted Programs too)。
7 ]使用注册表(Registry)启用(] Enable)并将云保护(Cloud Protection)级别设置为高(High)
如果您是Windows 10 Home的用户,那么您可以使用Windows 注册表(Windows Registry)并调整一些设置。为此,请在开始搜索中键入(Start Search)regedit.exe ,然后按 Enter(Enter)打开注册表编辑器(Registry Editor)。现在导航到以下键:
HKEY_LOCAL_Machine\Software\Policies\Microsoft\Windows Defender
在左侧,右键单击Windows Defender,选择新建 > 密钥并将密钥命名为Spynet。右键单击Spynet并再次选择New > Dword (32-bit) 并将其命名为SpynetReporting。将其值设置为2以将其设置为高级。
现在,再次右键单击左侧出现的Windows Defender键,然后选择(Windows Defender)New > Key。这次将密钥命名为MpEngine。接下来右键单击MpEngine键并选择New > Dword (32-bit) value。将该键命名为MpCloudBlockLevel并将其值设置为2以将其设置为高块级别。
可以帮助您的工具:(Tools that may help you:)
- ConfigureDefender帮助您立即更改Windows 安全(Windows Security)设置
- WinDefThreatsView工具可让您为(WinDefThreatsView)Windows Defender威胁设置默认操作。
Related posts
什么是Windows 10中的Control Flow Guard - 如何打开或关闭它
Error 0x800106ba,Windows Defender Application未能初始化
您的IT administrator已禁用Windows Security
当存储Windows Defender Offline扫描日志?
在Windows Defender启用和配置Ransomware Protection
Update Windows Defender定义使用PowerShell
在Windows Defender管理隔离Items,Exclusions
如何打开Windows Security Center在Windows 10
在Windows 10启用或打开Microsoft Defender的通知
如何在Windows 10上启用Windows Defender中的Network扫描
Windows Defender不会关闭| Unable以禁用Windows Defender
Fix Windows Defender error 0x8007139f在Windows 11/10上
如何在Windows 10的Exploit Protection中添加或排除应用程序
WinDefThreatsView - Windows Defender Set default威胁的动作
从Windows Security修改Exploit Protection防止用户
在Windows 10上永久禁用Windows Defender
什么是Windows 10中的Firewall and Network Protection以及如何隐藏此部分
配置Windows Defender以扫描Windows 10中的.zip .rar .cab文件
Windows 10中的Remove Windows Defender Notification Icon
由于Windows Defender blockage,Apple iCloud不起作用