Last modified by Jannis Klein on 2024/08/13 07:31
Hide last authors
Jannis Klein 1.1 1 {{aagon.priorisierung}}
2 20
3 {{/aagon.priorisierung}}
4
Sabrina V. 2.1 5 There are Defender settings in the GPO that are detected as threats. These are settings that disable modules, creating a vulnerability.
6 If such settings are set, they will be detected as threats "VirTool:Win32/DefenderTamperingRestore" and the event type //Alert //with event ID 1116 is raised.
Jannis Klein 1.1 7
8 {{aagon.warnungsbox}}
Sabrina V. 2.1 9 Please note that disabling modules is generally not recommended!
Jannis Klein 1.1 10 {{/aagon.warnungsbox}}
11
Sabrina V. 2.1 12 If you must disable modules, you must define the threat as an exception so that it is ignored when it is detected.
Jannis Klein 1.1 13
Sabrina V. 2.1 14 Proceed as follows:
15 ~1. Double-click //Defender Management// > //Configuration// //Profiles// > //Default// //Defender// to open the settings.
Jannis Klein 1.1 16
17 {{figure}}
18 (% style="text-align:center" %)
19 [[image:18_64_Defender Management_ Konfigurationsprofile_1561.png||alt="63_Defender Management_Konfig Einstellungen_3838.png"]]
20
21 {{figureCaption}}
Sabrina V. 2.1 22 Configuration Profile settings
Jannis Klein 1.1 23 {{/figureCaption}}
24 {{/figure}}
25
Sabrina V. 2.1 26 2. Navigate to //Actions for threats// and add the threat name and ID using the plus sign under //Threat action//. Use the drop-down menu under //Actions// to decide what to do with the threat. It is recommended that you ignore the threat.
Jannis Klein 1.1 27
28 {{figure}}
29 [[image:63_Defender Management_Bedrohungsaktion_577.png]]
30
31 {{figureCaption}}
Sabrina V. 2.1 32 Define threat action
Jannis Klein 1.1 33 {{/figureCaption}}
34 {{/figure}}
35
Sabrina V. 2.1 36 This will cause the threat to be ignored and removed from the event list.
© Aagon GmbH 2025
Besuchen Sie unsere neue Aagon-Community