Last modified by jklein on 2024/08/13 07:31
Hide last authors
jklein 1.1 1 {{aagon.priorisierung}}
2 20
3 {{/aagon.priorisierung}}
4
Sabrina V. 2.1 5 There are Defender settings in the GPO that are detected as threats. These are settings that disable modules, creating a vulnerability.
6 If such settings are set, they will be detected as threats "VirTool:Win32/DefenderTamperingRestore" and the event type //Alert //with event ID 1116 is raised.
jklein 1.1 7
8 {{aagon.warnungsbox}}
Sabrina V. 2.1 9 Please note that disabling modules is generally not recommended!
jklein 1.1 10 {{/aagon.warnungsbox}}
11
Sabrina V. 2.1 12 If you must disable modules, you must define the threat as an exception so that it is ignored when it is detected.
jklein 1.1 13
Sabrina V. 2.1 14 Proceed as follows:
15 ~1. Double-click //Defender Management// > //Configuration// //Profiles// > //Default// //Defender// to open the settings.
jklein 1.1 16
17 {{figure}}
18 (% style="text-align:center" %)
19 [[image:18_64_Defender Management_ Konfigurationsprofile_1561.png||alt="63_Defender Management_Konfig Einstellungen_3838.png"]]
20
21 {{figureCaption}}
Sabrina V. 2.1 22 Configuration Profile settings
jklein 1.1 23 {{/figureCaption}}
24 {{/figure}}
25
Sabrina V. 2.1 26 2. Navigate to //Actions for threats// and add the threat name and ID using the plus sign under //Threat action//. Use the drop-down menu under //Actions// to decide what to do with the threat. It is recommended that you ignore the threat.
jklein 1.1 27
28 {{figure}}
29 [[image:63_Defender Management_Bedrohungsaktion_577.png]]
30
31 {{figureCaption}}
Sabrina V. 2.1 32 Define threat action
jklein 1.1 33 {{/figureCaption}}
34 {{/figure}}
35
Sabrina V. 2.1 36 This will cause the threat to be ignored and removed from the event list.
© Aagon GmbH 2025
Besuchen Sie unsere neue Aagon-Community