+ Post New Thread
Results 1 to 9 of 9
How do you do....it? Thread, Using Windows Defender as Antispyware on a domain in Technical; Quick and dirty guide on how to use Windows Defender Beta 2 as an Antispyware solution on a domain, and ...
  1. #1

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Using Windows Defender as Antispyware on a domain

    Quick and dirty guide on how to use Windows Defender Beta 2 as an Antispyware solution on a domain, and control the (basic) settings.

    Requirements:

    A Domain enviroment (duh).
    A WSUS Server.

    Instructions:

    1. Download Windows Defender.

    http://www.microsoft.com/downloads/d...displaylang=en

    2. Create a new GPO, set it up however you want so it only gets sent to the machines you want (I'm presuming you have 100% XP, I haven't tested w2k).

    3. Add the Windows Defender MSI as a software distribution in the machine policy.

    4. Go to your WSUS Server. Enable Definition updates for Windows Defender. Autoapprove them too if you like.


    Optional (Control settings):

    The defaults that the MSI uses are fairly sane. Howver if you want to have a bit more control follow these steps.

    1. run 'gpupdate /force /boot' on one of your machines you deployed the MSI to.

    2. Once its rebooted, login as admin.

    3. Setup Windows Defender how you want it.

    4. Run regedit, export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender to defender.reg

    5. Manually remove the cruft about Definitions, last scans, and empty keys. You should get a defender.reg that similar to this:

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection]
    "EnableUnknownPrompts"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan]
    "AutomaticallyCleanAfterScan"=dword:00000001
    "CheckForSignaturesBeforeRunningScan"=dword:00000000
    "ScheduleTime"=dword:000002d0
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates]
    "UpdateOnStartUp"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\SpyNet]
    "SpyNetReporting"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\UX Configuration]
    "AllowNonAdminFunctionality"=dword:00000000
    6. Go back to your Windows Defender GPO. Create a new machine startup script that runs 'regedit /s defender.reg'

    7. Your done!

  2. #2
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54

    Re: Using Windows Defender as Antispyware on a domain

    Thanks Geoff - very useful... has anyone tried running this alongside existing AV progs yet?

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Using Windows Defender as Antispyware on a domain

    Working ok here with Sophos...

  4. #4
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: Using Windows Defender as Antispyware on a domain

    Running here as above with McAfee Enterprise Virus Scan ver8.0i

  5. #5
    Guest

    Re: Using Windows Defender as Antispyware on a domain

    Same here with Sophos.

  6. #6
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: Using Windows Defender as Antispyware on a domain

    Small point but say that you have VNC installed.... how can you make it that Windows Defender will automatically allow installation of it on all machines?

    If its already installed and you choose the setting of automatically use the default action during a scan, it will remove it otherwise.

    Any thoughts?
    Nath

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Using Windows Defender as Antispyware on a domain

    Alter the exceptions on a client machine. Export the extra registry entries and add them to your .reg file.

  8. #8
    tarquel's Avatar
    Join Date
    Jun 2005
    Location
    Powys, Mid-Wales, UK
    Posts
    1,740
    Thank Post
    13
    Thanked 44 Times in 34 Posts
    Rep Power
    29

    Re: Using Windows Defender as Antispyware on a domain

    hmmm...perhaps I'm missing something here but I dont see it.

    I've allowed it each time on this machine - I Take a look at the reg key you put in the first post and i see no mention in the registry where it allows VNC [i.e. doesnt stop it in its tracks]

    Nath.

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Using Windows Defender as Antispyware on a domain

    Because I didn't have any exceptions at that point in time. I removed all the empty subkeys. Including the one that does exceptions.

    Here's the extra line I have for UltraVNC.

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction]
    "16555"=dword:00000006

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 21st March 2011, 12:01 PM
  2. Windows Defender Error
    By SimpleSi in forum Windows
    Replies: 6
    Last Post: 9th January 2007, 01:45 AM
  3. Windows Defender Released
    By thom in forum Windows
    Replies: 14
    Last Post: 26th October 2006, 12:10 AM
  4. Windows Defender
    By Gatt in forum Windows
    Replies: 8
    Last Post: 13th June 2006, 08:13 PM
  5. Replies: 13
    Last Post: 7th March 2006, 10:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •