Team: Huntress EDR
Product: Managed AV, MAV, Managed Antivirus
Environment: Managed AV management, Windows Defender
Summary: This article lists all of the Huntress recommended defaults in the Managed AV Dashboard.
Related Articles
- Managed Microsoft Defender Antivirus Overview
- Managed AV - FAQ/Known issues
- Managed AV - Interface & Basic Settings
- Managed AV - Exclusions
Huntress Recommended Defaults is a feature created to streamline the configuration of best-practice Defender policies by automatically applying default settings recommended by Huntress. This article details the Huntress Recommended default settings. You can navigate to the related Microsoft documentation by clicking the hyperlinked setting.
About Huntress Recommended Defaults
Color Legend:
These recommended settings can be easily applied by inheriting them at the Account level. You can also customize these settings by simply overriding at the Account, Organization, or Host levels. For more information on inheritance, please see this.
Overview
In the current version of Managed AV configuration policy, all settings default to Use System Default at the Account level, which adopts the existing Microsoft Defender default that applies to each endpoint. This feature replaces these defaults and actively sets a Huntress Recommended Default setting depending on best practice AV configuration at the Account level. If an override (or a change from Use System Default) is already configured at the Account, Organization, or Host level, this override will be preserved.
For partners who are in Audit Mode, this will only update the configuration policy for Managed AV but will not modify any agents.
For partners who are in Enforce Mode, Huntress Recommended Defaults will take the place of "Use System Default" at the Account level. See the table below to understand what settings may change. You can always override any Huntress Recommended Settings at the Account level if desired for your Account or organization.
What are the settings?
| Setting Client Interface |
Defender Default |
Huntress Default |
Huntress Explanation |
Microsoft Article |
| Suppress all notifications | Disabled | Disabled |
Suppress Microsoft Defender notifications. This will mute Microsoft Defender alerts and notifications from users.
|
Suppress all notifications |
| Hide Defender UI | Disabled | Disabled |
Hide the Microsoft Defender configuration interface. This will keep users from attempting to change settings.
|
Enable Headless UI Mode |
Exclusions |
||||
| Path Exclusions | No action | No action |
Defender will not scan any files within the directories specified by these paths or any sub-directories.
|
Path Exclusions |
| Extension Exclusions | No action | No action |
Defender will not scan any files with these extensions.
|
Extension Exclusions |
| Process Exclusions | No action | No action |
Defender will ignore these processes and will not trigger behavioral detections.
|
Process Exclusions |
Quarantine |
||||
| Configure removal of items from Quarantine folder* | Disabled | Disabled | Configure removal of items from Quarantine folder | |
Scanning |
||||
| Catch-up scans | Disabled | Enabled |
Catch-up scans for quick scans. If a computer is offline for two consecutive scheduled scans, a catch-up scan is started the next time someone signs in to the computer
|
Turn on catch-up quick scan |
| Scan Time | 2 am local time | 2 am local time |
The base start time for a daily quick scan.
|
Specify the time for a daily quick scan |
| Start the scheduled scan only when the computer is on but not in use | Enabled | Enabled | Start the scheduled scan only when the computer is on but not in use | |
| Specify the maximum percentage of CPU utilization during a scan | 50% | 20% | Specify the maximum percentage of CPU utilization during a scan | |
| Check for the latest virus and spyware security intelligence before a scan | Disabled | Enabled | Check for the latest virus and spyware security intelligence before a scan | |
| Specify the scan type to use for a scheduled scan | Quick Scan | Quick Scan | Specify the scan type to use for a scheduled scan | |
| Scan archive files* | Enabled | Enabled |
Scan for malicious and unwanted programs in archive files such as .zip or .cab files. This policy is always "Enabled" for Huntress Managed Antivirus.
|
Scan archive files |
| Scan network files* | Disabled | Disabled |
Scans network files. This is currently not recommended per Defender guidelines and set to "Disabled" by Huntress Managed Antivirus.
|
Scan network files |
| Scan packed executables* | Enabled | Enabled |
Scan packed executable files for malicious and unwanted programs. This policy is always "Enabled" for Huntress Managed Antivirus.
|
Scan packed executables |
| Scan removable drives* | Disabled | Disabled |
Scans removable drives. This is currently not recommended per Defender guidelines and set to "Disabled" by Huntress Managed Antivirus.
|
Scan removable drives |
Signatures |
||||
| Signature Update Interval | 15 mins b/f scheduled scan | Every 6 hours |
The interval for how often to check for security intelligence updates.
|
Group Policy |
| Signature Catch-up Interval* | Every Day | Every Day |
The number of days after which a catch-up security intelligence update is required. This policy is always "Every day" for Huntress Managed Antivirus.
|
|
| Update Signatures on Startup* | Enabled | Enabled |
Check for the latest security intelligence on service startup. This policy is always "Enabled" for Huntress Managed Antivirus.
|
Configured in Group Policy |
| Update Signatures from Microsoft Update* | Enabled | Enabled |
Download latest security intelligence from Microsoft Update. This policy is always "Enabled" for Huntress Managed Antivirus.
|
|
Advanced |
||||
| Purge Quarantine After Delay* | 90 Days | Never |
The number of days after which items are removed from the Quarantine folder. This policy is always "Never" for Huntress Managed Antivirus.
|
|
| NIS Definition Retirement* | Enabled | Enabled |
After checking if the host has the necessary updates for network protection against an exploit, retire the exploit definition if no longer necessary. This policy is always "Enabled" for Huntress Managed Antivirus.
|
|
| NIS Protocol Recognition* | Enabled | Enabled |
Protocol recognition of known vulnerabilities for network protection. This policy is always "Enabled" for Huntress Managed Antivirus.
|
* These settings are enforced and cannot be changed from the Huntress default configuration to maintain best-practice configuration and compliance. Please send any feedback to here.
Comments
0 comments
Please sign in to leave a comment.