Last modified by Jannis Klein on 2024/08/13 07:31

Show last authors
1 {{aagon.priorisierung}}
2 20
3 {{/aagon.priorisierung}}
4
5 There are Defender settings in the GPO that are detected as threats. These are settings that disable modules, creating a vulnerability.
6 If such settings are set, they will be detected as threats "VirTool:Win32/DefenderTamperingRestore" and the event type //Alert //with event ID 1116 is raised.
7
8 {{aagon.warnungsbox}}
9 Please note that disabling modules is generally not recommended!
10 {{/aagon.warnungsbox}}
11
12 If you must disable modules, you must define the threat as an exception so that it is ignored when it is detected.
13
14 Proceed as follows:
15 ~1. Double-click //Defender Management// > //Configuration// //Profiles// > //Default// //Defender// to open the settings.
16
17 {{figure}}
18 (% style="text-align:center" %)
19 [[image:18_64_Defender Management_ Konfigurationsprofile_1561.png||alt="63_Defender Management_Konfig Einstellungen_3838.png"]]
20
21 {{figureCaption}}
22 Configuration Profile settings
23 {{/figureCaption}}
24 {{/figure}}
25
26 2. Navigate to //Actions for threats// and add the threat name and ID using the plus sign under //Threat action//. Use the drop-down menu under //Actions// to decide what to do with the threat. It is recommended that you ignore the threat.
27
28 {{figure}}
29 [[image:63_Defender Management_Bedrohungsaktion_577.png]]
30
31 {{figureCaption}}
32 Define threat action
33 {{/figureCaption}}
34 {{/figure}}
35
36 This will cause the threat to be ignored and removed from the event list.
© Aagon GmbH 2025
Besuchen Sie unsere neue Aagon-Community