Security-Malware-Windows-Defender

The Security-Malware-Windows-Defender component manages Microsoft Defender. Microsoft Defender is a Microsoft application that can prevent, remove, and quarantine spyware.

In This Section

Setting Description
DefinitionUpdateFileSharesSources Configures UNC file share sources for downloading definition updates.
EnableRemoteManagedDefaults Configures Microsoft Defender to run in a remotely managed experience with no local user interface.
FallbackOrder Defines the order in which definition update sources should be contacted.
Scan Contains all settings to configure the scan.
ScheduleDay Specifies the day of the week to run a scheduled scan.
ScheduleTime Specifies the time of day to run a scheduled scan.
ScanParameters Specifies the scan type to use for a scheduled scan.
SignatureUpdateInterval Specifies the interval to check for definition updates.
ThreatSeverityDefaultAction Contains all settings to configure the default action to be taken for a threat alert.
Low Specifies the default action to be taken for threat alert level, Low.
Moderate Specifies the default action to be taken for threat alert level, Moderate.
High Specifies the default action to be taken for threat alert level, High.
Severe Specifies the default action to be taken for threat alert level, Severe.
TrustedImageIdentifier Specifies a unique identifier that signals that the files that are installed on the computer have already been scanned, and do not require additional scans by Microsoft Defender.

Applies To

To determine whether a component applies to the image you’re building, load your image into Windows SIM and search for the component or setting name. For information on how to view components and settings, see Configure Components and Settings in an Answer File.

Components