none
Windows Defender on Windows 10 Ignores GPO Settings

    Question

  • Can anyone shed any light on why Windows Defender on Windows 10 Pro ignores all it's group policy settings?

    I'm trying to set the definition to check for updates every hour and to schedule a quick scan, but it just doesn't seem to want to do either.

    I've checked the RSoP and they are applying, but just being ignored.

    Any help would be appreciated.

    Thank you.

    Thursday, June 9, 2016 10:42 AM

All replies

  • Hi,
     
    Am 09.06.2016 um 12:42 schrieb wi7bit:
    > Can anyone shed any light on why Windows Defender on Windows 10
    > Pro ignores all it's group policy settings?
     
    No, it doesn´t. I set only 2 settings, but they work.
     
    Computerconfiguration\AdmTemplates\Windows Components\Endpoint Protection
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Thursday, June 9, 2016 12:51 PM
  • 'Endpoint Protection' doesn't exist under 'Windows Components'....

    The GPO I'm talking about is under:

    Computer Configuration \ Admin Templates \ Windows Components \ Windows Defender


    • Edited by wi7bit Thursday, June 9, 2016 2:08 PM
    Thursday, June 9, 2016 1:05 PM
  • Am 09.06.2016 um 15:05 schrieb wi7bit:
    > 'Endpoint Protection' doesn't exist under 'Windows Components'....
     
    You need to update your ADMx Templates.
     
    Windows Defender is "XP/7", Windows 10 is where Defender is called
    "Endpoint Protection" ... :-(
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Thursday, June 9, 2016 3:51 PM
  • Errr... no it's not.

    Under Windows 10, if you search in the settings or in the search box, it comes up as Windows Defender.

    'Endpoint Protection' is to do with 'System Centre'.

    My templates are up-to-date.

    Thursday, June 9, 2016 3:56 PM
  • Am 09.06.2016 um 17:56 schrieb wi7bit:
    > 'Endpoint Protection' is to do with 'System Centre'.
     
    All my settings are written to:
    \SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
     
    Probably there is a problem with my 14295 Build, because "Endpoint
    Protection" is the only english entry in my german language system.
    I do not have "Windows Components\Windows Defender"
     
    Funny: I do not have a "Endpointprotection" ADMx/ADMl file, but I have a
    "WindowsDefender" ADMx/ADMl ... :-D
     
    ok, whatever is wrong in my system:
    Yes, I can configure Windows Defender by GPO, without any problem, some
    settings are greyed out in the new "pc settings", some entries like file
    exclusions are added.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    • Proposed as answer by Jay GuModerator Tuesday, June 28, 2016 11:09 AM
    • Unproposed as answer by wi7bit Tuesday, June 28, 2016 11:16 AM
    Thursday, June 9, 2016 4:09 PM
  • Am 09.06.2016 um 18:09 schrieb Mark Heitbrink [MVP]:
    > Probably there is a problem with my 14295 Build,
     
    The category names within my WindowsDefender.adml are
        <string id="AntiSpywareDefender">Endpoint Protection</string>
        <string id="AntiSpyware">Endpoint Protection</string>
     
    In the end, it is the same product.
     
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    • Proposed as answer by Jay GuModerator Tuesday, June 28, 2016 11:09 AM
    • Unproposed as answer by wi7bit Tuesday, June 28, 2016 11:16 AM
    Thursday, June 9, 2016 4:24 PM
  • The category names within my WindowsDefender.adml are:

      <string id="AntiSpywareDefender">Windows Defender</string>

      <string id="AntiSpyware">Endpoint Protection</string>

    The setting that seems to work is "Turn off Windows Defender" which we have set to disabled. If we enable it, then it turns off, but none of the other settings have any affect.

    Tuesday, June 28, 2016 11:22 AM
  • Does anyone have an update on this issue?

    Am I the only one seeing this?

    Thursday, July 28, 2016 7:56 AM
  • I am also seeing this issue.
    Thursday, September 15, 2016 10:44 PM
  • Anyone had some luck with that? I have the same issue on my Windows Server 2016 servers.

    Windows Defender ignores all GPO setting despite GPO was applied to all servers in subject.

    Sunday, November 12, 2017 11:54 PM
  • We put this down to the "This GPO only works on the Enterprise Edition" situation, even thought it doesn't say so in the comments.

    Most business I know use the 'Pro' edition, as it comes with the PC. So this game they're playing is really messing things up and can see why people want to go back to Win7.

    Anyway, not sure why it's doing it to you. I suspect it's the same reason. 

    Monday, November 13, 2017 8:43 AM