Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
_OE-C-Microsoft_Defender_Antivirus
Data collected on: 04.10.2021 15:03:21
General
Details
Domainkit.edu
OwnerKIT\Domain Admins
Created28.09.2021 13:41:14
Modified28.09.2021 13:41:14
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions1 (AD), 1 (SYSVOL)
Unique ID{E4F32D9A-A599-4640-8D42-06CD69B187A4}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
BSI-TestNoEnabledkit.edu/KIT/Staff/SCC/Betrieb/CMK/Rechnerkonten/BSI-Test
TCS_GPO_TestNoEnabledkit.edu/KIT/Staff/SCC/Dienste/FMC/Rechnerkonten/TCS_GPO_Test

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
KIT\Domain AdminsEdit settings, delete, modify securityNo
KIT\Domain ComputersReadNo
KIT\Enterprise AdminsEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersRead (from Security Filtering)No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Microsoft Defender Antivirus
PolicySettingComment
Configure detection for potentially unwanted applicationsEnabled
 
PolicySettingComment
Turn off Microsoft Defender AntivirusNot Configured08.2020: Diese Richtlinie wird nicht mehr ausgewertet: Verhaltensänderung mit Microsoft Defender Antimalware platform Version 4.18.2007.8, KB 4052623.
Abschalten des Defenders nur noch in der UI oder durch die 3rd Party Antivirus Software.
Windows Components/Microsoft Defender Antivirus/Exclusions
PolicySettingComment
Extension ExclusionsEnabled
Extension Exclusions 
aas
adm
adml
admx
chk
cmtx
csv
db
dat
dit
dns
edb
frx
inf
ini
ins
jrs
log
mdb
pat
pol
sdb
tmp
vhd
vhdx
vmdk
xml
ost
pst
PolicySettingComment
Path ExclusionsEnabled
Path Exclusions 
C:\Windows\SoftwareDistribution\Datastore
C:\Windows\SoftwareDistribution\Datastore\Logs
C:\Windows\Sysvol
C:\System Volume Information\DFSR
C:\Windows\System32\DHCP
C:\Windows\System32\Dns
C:\Windows\System32\Wins
C:\Windows\System32\Drivers\etc
Windows Components/Microsoft Defender Antivirus/MAPS
PolicySettingComment
Join Microsoft MAPSDisabled
Send file samples when further analysis is requiredEnabled
Send file samples when further analysis is requiredNever send
Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Attack Surface Reduction
PolicySettingComment
Configure Attack Surface Reduction rulesEnabled
Set the state for each ASR rule: 
MSSCT - Block executable content from email client and webmail1
BE9BA2D9-53EA-4CDC-84E5-9B1EEEE465501
MSSCT - Block all Office applications from creating child processes1
D4F940AB-401B-4EFC-AADC-AD5F3C50688A1
MSSCT - Block Office applications from creating executable content1
3B576869-A4EC-4529-8536-B80A7769E8991
MSSCT - Block Office applications from injecting code into other processes1
75668C1F-73B5-4CF0-BB93-3ECF5CB7CC841
MSSCT - Block JavaScript or VBScript from launching downloaded executable content1
D3E037E1-3EB8-44C8-A917-57927947596D1
MSSCT - Block execution of potentially obfuscated scripts1
5BEB7EFE-FD9A-4556-801D-275E5FFC04CC1
MSSCT - Block Win32 API calls from Office macro1
92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B1
Block executable files from running unless they meet a prevalence, age, or trusted list criterion1
01443614-cd74-433a-b99e-2ecdc07bfc251
MSSCT - Use advanced protection against ransomware1
c1db55ab-c21a-4637-bb3f-a12568109d351
Block credential stealing from the Windows local security authority subsystem (lsass.exe)1
9e6c4e1f-7d60-472f-ba1a-a39ef669e4b21
Block process creations originating from PSExec and WMI commands1
d1e49aac-8f56-4280-b9ba-993a6d77406c1
Block untrusted and unsigned processes that run from USB1
b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba41
MSSCT - Block Office communication application from creating child processes1
26190899-1602-49e8-8b27-eb1d0a1ce8691
MSSCT - Block Adobe Reader from creating child processes1
7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c1
MSSCT - Block persistence through WMI event subscription1
e6db77e5-3df2-4cf1-b95a-636979351e5b1
Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Network Protection
PolicySettingComment
Prevent users and apps from accessing dangerous websitesEnabled
 
Windows Components/Microsoft Defender Antivirus/Real-time Protection
PolicySettingComment
Turn off real-time protectionDisabled
Turn on behavior monitoringDisabledVollgas TELEMETRIE: Nur verfügbar in M365/E365 E5 (5!), Bestandteil von Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
Wird wenn Deaktiviert vom Defender als Warnung in den Benachrichtigungen gemeldet: Information, Event ID 1117, https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/DefenderTamperingRestore&threatid=2147741622&enterprise=0
Name: VirTool:Win32/DefenderTamperingRestore
ID: 2147741622
Schweregrad: Schwerwiegend
Kategorie: Tool
Pfad: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Erkennungsursprung: Unbekannt
Windows Components/Microsoft Defender Antivirus/Reporting
PolicySettingComment
Configure Watson eventsDisabled
Windows Components/Microsoft Defender Antivirus/Scan
PolicySettingComment
Scan removable drivesEnabled
Turn on e-mail scanningDisabled
User Configuration (Disabled)
No settings defined.