Posted by: kurtsh | February 9, 2021

INFO: Notes on deploying Microsoft Defender Antivirus

imageMicrosoft Defender Antivirus (formerly called “Windows Defender Antivirus”) is a tremendously powerful anti-malware, threat protection solution for Windows 10 workstations.  It is built into all versions of Windows 10 – Home, Professional, Enterprise – and provides the strongest antivirus protection that Microsoft offers.  (Microsoft internally relies on Microsoft Defender Antivirus for it’s Enterprise workstation malware protection – and the broader “Microsoft Defender for Endpoint” solution for it’s full  endpoint detect & response technology)

I was recently asked how to migrate from a 3rd party solution to Microsoft Defender Antivirus, so I thought I’d share what I gathered:

  1. MIGRATION PROJECT PLAN
    We provide this guide for migrating from 3rd party AV solutions to our “Premium” Endpoint Detect & Response solution, “Microsoft Defender for Endpoint”, which is a superset of Microsoft Defender Antivirus and other endpoint protection technologies.  It may be of use to you as the general steps are all there.  (There are also explicit instructions available for switching from McAfee & Symantec)
    1. Make the switch from a non-Microsoft endpoint solution to Microsoft Defender for Endpoint (Generic plan)
      https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration
  2. APPLICATION EXCLUSIONS
    Establishing application exclusions are documented in the link below:
    1. Configure and validate exclusions for Microsoft Defender Antivirus scans
      https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus
    2. Configure and validate exclusions based on file extension and folder location
      Configure and validate exclusions based on extension, name, or location – Windows security | Microsoft Docs
    3. Configure Microsoft Defender Antivirus exclusions on Windows Server
      https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus
  3. “OTHER ELEMENTS” OF MICROSOFT DEFENDER ANTIVIRUS TO CONSIDER
    There is more to Microsoft Defender Antivirus than just malware filtering.  If you are interested in configuring & tuning “Cloud-delivered Protection”, for example, this is covered in this article, “Configure Microsoft Defender Antivirus features”.
    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features
  4. EVALUATION ENVIRONMENT FOR MICROSOFT DEFENDER ANTIVIRUS
    You can also follow the document, “Evaluate Microsoft Defender Antivirus”.  We provide a demo environment online through VMs in Microsoft’s Azure cloud to experiment with if you’re interested.  See the link below.
    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus

DEPLOYMENT & MANAGEMENT

The following links are all the documentation you need to deploy and manage Microsoft Defender Antivirus:

(Side note: There is a rather exhaustive book available on Amazon that you might be interested in that goes over Microsoft Defender Antivirus management using SCCM.  This is called “System Center Endpoint Protection” and is really just SCCM used with a series of management templates to control Microsoft Defender Antivirus:

QUESTIONS & FAQs?

imageI’ve linked to a document called “Windows Defender Frequently Asked Questions” to review.  (“Windows Defender” is the previous name for “Microsoft Defender Antivirus”)  And adhoc questions can be addressed (no SLA) at the Community site:

The following document also provides guidance on evaluating Microsoft Defender Antivirus for those looking for it:

Posted in Uncategorized

«
»

Categories

%d bloggers like this: