It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda RMM
formerly Managed Workplace

Setting Up Microsoft Defender Antivirus Policies

  • Last updated on

A Microsoft Defender Antivirus configuration policy is a collection of settings and preferences that determine how Microsoft Defender Antivirus is configured on devices. A policy also includes manual or automatic application rules that determine which devices it will be applied to.

Barracuda RMM includes a default Microsoft Defender Antivirus policy that you can use with or without modifications. You can also create as many customized Antivirus policies as you require.

Use Antivirus policies to:

  • Set up as many antivirus policies as you require.

  • Enable or disable Microsoft Defender Antivirus on devices.

  • Run single-site, multi-site, and device reports.

You can:

  • Copy an existing Microsoft Defender Antivirus policy, including the default policy included with Barracuda RMM, or create a new policy.

  • Configure the settings in the Antivirus policy to determine which Antivirus settings are applied.

  • Automatically apply the policy to devices by setting up automatic application rules.

  • Add policies to services, for use in service plans.

  • Manually apply the policy to specific groups and devices.

  • Remove policies you no longer require.

About the Default Microsoft Defender Antivirus Policy

Barracuda RMM includes a default Microsoft Defender Antivirus policy with suggested settings for Microsoft Defender Antivirus. This policy has auto-application rules that apply it automatically to Workstations that have Windows 10 and Servers that Windows Server 2016 or Windows Server 2019 when the policy is added to a service.

You can use this default antivirus policy as is, or you can modify the configuration settings and automatic application rules. You cannot modify the summary information. To modify the default policy, it is recommended that you first create a copy, and then modify the copy. See Copying a Microsoft Defender Antivirus Policy below.

Creating a New Microsoft Defender Antivirus Policy

When setting up a new Microsoft Defender Antivirus policy, you begin by providing a name and description and then identifying the settings you want you want Microsoft Defender Antivirus to use. You can also control the folders Microsoft Defender Antivirus can access and identify items you want excluded from antivirus scans.

Microsoft Defender Antivirus policies also give you the option to set up alerts to warn you of the status of Microsoft Defender Antivirus on your devices.

You can also create a new policy by copying another policy and then renaming it. See Copying a Microsoft Defender Antivirus Policy below.

  1. Click Service Delivery > Policies > Antivirus > Microsoft Defender AV.

  2. Click New.

  3. In the Policy Name box, type a name for the policy.

  4. In the Description box, type a description of the policy.

  5. Click Create.

  6. To configure policy settings, do any of the following procedures, which can be found below:

    • To configure Microsoft Defender cloud protection and sample submission

    • To protect folders from unauthorized access with Microsoft Defender Antivirus

    • To configure Microsoft Defender Antivirus exclusions

    • To configure Microsoft Defender Antivirus alerts

Once your policy is created and configured, you may want to do the following:

To identify devices and groups the policy will be applied to, see either of the following, which can be found below:

  • Creating Rules to Automatically Apply an Antivirus Policy

  • Manually Applying a Microsoft Defender Antivirus Policy to Devices and Groups

To add the policy to a service:

  • Follow the To add policies to a service procedure.

Copying a Microsoft Defender Antivirus Policy

When you copy a Microsoft Defender Antivirus policy, a new policy is created with a number appended to the policy title to differentiate the copy from the original, for example (1), (2), etc. The Overview information is copied and cannot be modified in the copy, except for the name and description. The configuration settings and automatic application rules are also copied and can be modified as needed.

Automatic application rules and manually applied groups and devices are not copied.

  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Select the check box beside the Antivirus policy you want to copy.

  3. Click Copy.

  4. Do one or more of the following:

    • Type a new name.

    • Type a new description.

  5. Click Create.

Creating Rules to Automatically Apply an Antivirus Policy

Barracuda RMM includes a rule-building interface that you can use to define the criteria a device must meet for the Antivirus policy to be applied. This interface is the same as the one that you use to create automatic application rules for other policy types, such as monitoring policies and automation policies.

Rules are created by first defining AND and OR statements, then by adding rules to the statements. For example, if you are creating a rule to automatically apply a Windows Defender Antivirus policy to all servers running on Windows Server 2019, in the default AND group, you would specify that the OS Name contains “Windows Server 2019".

To create a rule that specifies that a server must either have Windows Server 2019 or Windows Server 2016, you would change the AND group to an OR group, and then add a second rule that specifies that the OS Name contains “Windows Server 2016".

The default Microsoft Windows Defender policy contains auto-application rules that will apply the policy to workstations and servers with Microsoft Windows Defender available. You can copy and paste the default policy to use the rules as they are or modify them.

For instructions on creating and modifying automatic application rules, see Creating Rules to Automatically Apply an Antivirus Policy.

Note that the method for creating automatic application rules is the same for Windows Defender Antivirus policies as it is for other policy types.

Manually Applying a Microsoft Defender Antivirus Policy to Devices and Groups

You can select groups and devices to which you want to apply the Antivirus policy.

  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Click the name of the Antivirus policy you want to apply to devices and groups.

  3. Click the Manual Application tab.

  4. To apply the policy to a group, do the following:

    • In the Applied Groups section, click Add.

    • From the Group Type list, select Service Groups or Site Groups.

    • Select the check box beside each group you want to add.

    • Click OK.

  5. To apply the policy to a device, do the following:

    • In the Applied Devices section, click Add.

    • Use the filters at top of the window to narrow down the devices displayed, and click Filter.

    • Select the check box beside each device you want to add.

    • Click OK.

  6. Click Close.

Configuring a Microsoft Defender Antivirus Policy

A policy is a group of system settings that determine how Microsoft Defender Antivirus is configured on devices.

With Microsoft Defender Antivirus policies, you can:

  • Configure the level of protection you want to provide.

  • Protect files, folders, and memory items from unauthorized access.

  • Exclude files, folders, and processes from protection.

  • Configure alerts that let you know when Microsoft Defender Antivirus requires your attention.

To configure Microsoft Defender cloud protection and sample submission
  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Click the name of a policy.

  3. Click the Settings tab.

  4. Click Modify.

  5. On the Virus & Threat Protection tab, do either of the following:

    • To let Microsoft Defender Antivirus use distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates, slide the Cloud-Delivered Protection slider to On.

    • To let Windows Defender Antivirus upload suspicious files to the cloud protection service for analysis, slide the Automatic Sample Submission slider to On.

  6. Click Save.

  7. Click Close.

To protect folders from unauthorized access with Microsoft Defender Antivirus
  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Click the name of a policy.

  3. Click the Settings tab.

  4. Click Modify.

  5. On the Virus & Threat Protection tab, slide the Controlled Folder Access slider to on.

  6. Type a folder path in the Protected Folders field, then click Add.

  7. Repeat step 6 until you have added all the folders you want to add.

  8. Click Save.

  9. Click Close.

To configure Microsoft Defender Antivirus exclusions
  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Click the name of a policy.

  3. Click the Settings tab.

  4. Click Modify.

  5. On the Virus & Threat Protection tab, slide the Exclusions slider to On.

  6. Do any of the following:

    • To exclude folders, click the Folder Paths tab, then type a folder path. Click Add.

    • To exclude files by file name, click the File Names tab, then type the folder path and file name. Click Add.

    • To exclude files by file type, click the File Types tab, then type the folder path and file name. Click Add.

    • To exclude files by process name, click the Process Names tab, then type the process name. Click Add.

  7. Repeat step 6 until you have added all the folders you want to add.

  8. Click Save.

  9. Click Close.

To configure Microsoft Defender Antivirus alerts
  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Click the name of a policy.

  3. Click the Settings tab.

  4. Click Modify.

  5. Click the Alerts tab.

  6. On the Alerts tab, do any of the following:

    • Select the Microsoft Defender AV is disabled checkbox.

    • Select the Microsoft Defender AV real-time protection is disabled checkbox.

    • Select the Microsoft Defender AV virus definition out-of-date checkbox.

    • Select the Microsoft Defender AV quick scan overdue checkbox.

    • Select the Microsoft Defender AV full scan overdue checkbox.

  7. Click the edit icon next to any of the alerts you enabled to customize the categories, actions, and notifications.
    For more information, see: Setting an Alert to Create a Trouble Ticket, Setting an Alert to Send an Email, Setting an Alert to Self-heal, or Escalating an Alert.

  8. Click Save.

  9. Click Close.

Removing a Microsoft Defender Antivirus Policy

When you remove a Microsoft Defender Antivirus policy, any devices that were managed using that policy no longer receive management commands or policy updates from the Onsite Manager. For example, changes to the policy settings will not be applied to the device.

Microsoft Defender Antivirus is not uninstalled from devices when you delete a policy.

  1. Click Service Delivery > Policies > Microsoft Defender AV.

  2. Select the check box beside the policy you want to remove.

  3. Click Delete.

Setting the Microsoft Defender Schedule

The Microsoft Defender schedule is set through the execution schedule. For more information, see Setting the Microsoft Defender AV Schedule.