Upcoming Feature: Huntress Recommended Managed AV Defaults
This article lists all of the Huntress recommended defaults in the Managed AV Dashboard.
- Managed Microsoft Defender Antivirus (Beta) Overview
- Managed AV (Beta) - FAQ/Known issues
- Managed AV (Beta) - Interface & Basic Settings
- Managed AV (Beta) - Exclusions
Huntress Recommended Defaults is an upcoming feature created to streamline the configuration of best-practice Defender policies by automatically applying default settings recommended by Huntress. This article details the Huntress Recommended default settings. You can navigate to the related Microsoft documentation by clicking the hyperlinked setting.
About Huntress Recommended Defaults
These recommended settings can be easily applied by inheriting them at the Account level. You can also customize these settings by simply overriding at the Account, Organization, or Host levels. For more information on inheritance, please see https://support.huntress.io/article/308-managed-av-beta-interface-basic-settings#inheritance.
What will change?
In the current version of Managed AV configuration policy, all settings default to Use System Default at the Account level, which adopts the existing Microsoft Defender default that applies to each endpoint. This feature replaces these defaults and actively sets a Huntress Recommended Default setting depending on best practice AV configuration at the Account level. If an override (or a change from Use System Default) is already configured at the Account, Organization, or Host level, this override will be preserved.
For partners who are in Audit Mode, this will only update the configuration policy for Managed AV but will not modify any agents.
For partners who are in Enforce Mode, Huntress Recommended Defaults will take the place of "Use System Default" at the Account level. See the table below to understand what settings may change. You can always override any Huntress Recommended Settings at the Account level if desired for your Account or organization.
What are the settings?
|Suppress all notifications||Disabled||Disabled||Suppress all notifications|
|Enable Headless UI Mode||Disabled||Disabled||Enable Headless UI Mode|
|Path Exclusions||No action||No action||Path Exclusions|
|Extension Exclusions||No action||No action||Extension Exclusions|
|Process Exclusions||No action||No action|| Process Exclusions
|Network Inspection System|
|Turn on definition retirement*||Enabled||Enabled||-|
|Turn on protocol recognition*||Enabled||Enabled||-|
|Configure removal of items from Quarantine folder*||Disabled||Disabled||Configure removal of items from Quarantine folder|
|Turn on catch-up quick scan||Disabled||Enabled||Turn on catch-up quick scan|
|Specify the time for a daily quick scan||2 am local time||2 am local time||Specify the time for a daily quick scan|
|Turn on catch-up full scan||Disabled||Enabled||Turn on catch-up full scan|
|Specify the day of the week to run a scheduled scan||Never||Thursday||Specify the day of the week to run a scheduled scan|
|Specify the time of day to run a scheduled scan||2 am local time||2 am local time||Specify the time of day to run a scheduled scan|
|Start the scheduled scan only when the computer is on but not in use||Enabled||Enabled||Start the scheduled scan only when the computer is on but not in use|
|Specify the maximum percentage of CPU utilization during a scan||50%||20%||Specify the maximum percentage of CPU utilization during a scan|
|Check for the latest virus and spyware security intelligence before a scan||Disabled||Enabled||Check for the latest virus and spyware security intelligence before a scan|
|Specify the scan type to use for a scheduled scan||Quick Scan||Full Scan||Specify the scan type to use for a scheduled scan|
|Scan archive files*||Enabled||Enabled||Scan archive files|
|Scan network files*||Enabled||Enabled||Scan network files|
|Scan packed executables*||Enabled||Enabled||Scan packed executables|
|Scan removable drives*||Enabled||Enabled||Scan removable drives|
* These settings are enforced and cannot be changed from the Huntress default configuration to maintain best-practice configuration and compliance. Please send any feedback to firstname.lastname@example.org.