Anyone have a neat list of all the default settings for WD 1.1.1600?
Guess they're not entirely necessary, but it'd be nice if WD (like many
other programs) had a "Restore Defaults" button.

Kyle wrote:
> Anyone have a neat list of all the default settings for WD 1.1.1600?
> Guess they're not entirely necessary, but it'd be nice if WD (like
> many other programs) had a "Restore Defaults" button.

You should be able to create a batch file to reset WD to defaults by using
the following code:

@echo off
"C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults

Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt from
within the Windows Defender program folder.

--

Regards, Dave

"Dave M" wrote:

> Kyle wrote:
> > Anyone have a neat list of all the default settings for WD 1.1.1600?
> > Guess they're not entirely necessary, but it'd be nice if WD (like
> > many other programs) had a "Restore Defaults" button.
>
> You should be able to create a batch file to reset WD to defaults by using
> the following code:
>
> @echo off
> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
>
> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt from
> within the Windows Defender program folder.
>
> --
>
> Regards, Dave
>
>
>

I'll try again. Evidently my first reply didn't take.

Thanks for the reply, Dave. I'm really an extreme novice with the command
prompt stuff. I tried it and got a bunch of command options, but the
Restoredefaults didn't seem to have any meaning. I may not have been doing it
correctly.

"Dave M" wrote:

> Kyle wrote:
> > Anyone have a neat list of all the default settings for WD 1.1.1600?
> > Guess they're not entirely necessary, but it'd be nice if WD (like
> > many other programs) had a "Restore Defaults" button.
>
> You should be able to create a batch file to reset WD to defaults by using
> the following code:
>
> @echo off
> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
>
> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt from
> within the Windows Defender program folder.
>
> --
>
> Regards, Dave
>
>
>

Kyle wrote:
> I'll try again. Evidently my first reply didn't take.
>
> Thanks for the reply, Dave. I'm really an extreme novice with the
> command prompt stuff. I tried it and got a bunch of command options,
> but the Restoredefaults didn't seem to have any meaning. I may not
> have been doing it correctly.
>
> "Dave M" wrote:
>
>> Kyle wrote:
>>> Anyone have a neat list of all the default settings for WD 1.1.1600?
>>> Guess they're not entirely necessary, but it'd be nice if WD (like
>>> many other programs) had a "Restore Defaults" button.
>>
>> You should be able to create a batch file to reset WD to defaults by
>> using the following code:
>>
>> @echo off
>> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
>>
>> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt
>> from within the Windows Defender program folder.
>>
>> --
>>
>> Regards, Dave

I don't want to restore defaults, as I've modified Defender extensively and
I would loose the mods, so I'll gather logs instead using "-GetFiles".

Here's how to navigate to the Windows Defender folder (your location should
be similar).
Then to list the command options available for MpCmdRun.
Then to gather log files with the "-GetFiles" command.
Don't neglect to include the (-)hyphen in front of each command.

Start > Run > type "CMD" without quotes > click OK
****************************************************************************************
C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
****************************************************************************************
C:\Program Files\Windows Defender>MpCmdRun -?
Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
Use this tool to automate and troubleshoot Windows Defender

Usage:
mpcmdrun.exe [command] [-options]

Command Description
-? / -h Displays all available options for this
to
-Trace [-Grouping] [-Level] Starts diagnostic tracing
-RemoveDefinitions [-All] Restores the installed signature
definitio
to a previous backup copy or to the
origin
default set of signatures
-RestoreDefaults Resets the Windows Defender registry
settings to known good defaults
-SignatureUpdate Checks for new definition updates
-Scan [-ScanType] Scans for malicious software
-GetSWE Exports information about software
install
on your computer
-GetFiles Collects support information

Additional Information:

Support information will be in the following directory:
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
Defend

-Scan [-ScanType]
0 Default, according to your configuration
1 Quick scan
2 Full system scan

-Trace [-Grouping] [-Level]
Begins tracing Windows Defender's actions. You can specify
the components for which tracing is enabled and how much
information
is recorded.
If no component is specified, all the components will be logged.
If no level is specified, the Error, Warning and Informational
levels
will be logged.

[-Grouping]
0x1 Service
0x2 Malware Protection Engine
0x4 User Interface
0x8 Real-Time Protection
0x10 Scheduled actions

[-Level]
0x1 Errors
0x2 Warnings
0x4 Informational messages
0x8 Function calls
0x10 Assertions

-GetFiles
Gathers the following log files and packages them together in a
compressed file in the support directory

- Any trace files from Windows Defender
- The Windows Update history log
- All WinDefend or WinDefendRtp events from the
System and Application event log
- All relevant Windows Defender registry locations
- All software information from Software Explorer

-RemoveDefinitions
Restores the last set of signature definitions

-RemoveDefinitions -All
Rolls the signature definitions back to the default signature set
and removes any installed signature and engine files.Use this
option if you have difficulties trying to update signatures.

-RestoreDefaults
Resets all configuration options to their default values; this is
the
equivalent of running Windows Defender setup unattended.

-GetSWE
Exports the contents of Software Explorer into a file named
MPSWE.txt
in the support directory
****************************************************************************************
C:\Program Files\Windows Defender>MpCmdRun -GetFiles
Collecting events from System Event Log...done!
Collecting events from Application Event Log...done!
Collecting Software Explorer information...done!
Collecting configuration information...done!
Getting Windows Update log...done!
Getting MpCmdRun log...done!
done!
done!
Getting MpSigStub log...done!
Creating CAB file...done!
Files successfully created in C:\Documents and Settings\All
Users\Application Data\Microsoft\Windows Defender\Support

--

Regards, Dave

My usage options don't include -RestoreDefaults like yours does. When I try
-RestoreDefaults I just get another list of the usage options. When I try
-GetFiles, I get a message Access is denied. This is probably more trouble
than it's worth. I'm not unhappy with my current settings. Thanks for the
try, Dave. I do enjoy playing with this stuff, but I hate to waste any more
of your time, unless you just want to tackle this for the fun of it.

"Dave M" wrote:

> Kyle wrote:
> > I'll try again. Evidently my first reply didn't take.
> >
> > Thanks for the reply, Dave. I'm really an extreme novice with the
> > command prompt stuff. I tried it and got a bunch of command options,
> > but the Restoredefaults didn't seem to have any meaning. I may not
> > have been doing it correctly.
> >
> > "Dave M" wrote:
> >
> >> Kyle wrote:
> >>> Anyone have a neat list of all the default settings for WD 1.1.1600?
> >>> Guess they're not entirely necessary, but it'd be nice if WD (like
> >>> many other programs) had a "Restore Defaults" button.
> >>
> >> You should be able to create a batch file to reset WD to defaults by
> >> using the following code:
> >>
> >> @echo off
> >> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
> >>
> >> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt
> >> from within the Windows Defender program folder.
> >>
> >> --
> >>
> >> Regards, Dave
>
> I don't want to restore defaults, as I've modified Defender extensively and
> I would loose the mods, so I'll gather logs instead using "-GetFiles".
>
> Here's how to navigate to the Windows Defender folder (your location should
> be similar).
> Then to list the command options available for MpCmdRun.
> Then to gather log files with the "-GetFiles" command.
> Don't neglect to include the (-)hyphen in front of each command.
>
> Start > Run > type "CMD" without quotes > click OK
> ****************************************************************************************
> C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
> ****************************************************************************************
> C:\Program Files\Windows Defender>MpCmdRun -?
> Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
> Use this tool to automate and troubleshoot Windows Defender
>
> Usage:
> mpcmdrun.exe [command] [-options]
>
> Command Description
> -? / -h Displays all available options for this
> to
> -Trace [-Grouping] [-Level] Starts diagnostic tracing
> -RemoveDefinitions [-All] Restores the installed signature
> definitio
> to a previous backup copy or to the
> origin
> default set of signatures
> -RestoreDefaults Resets the Windows Defender registry
> settings to known good defaults
> -SignatureUpdate Checks for new definition updates
> -Scan [-ScanType] Scans for malicious software
> -GetSWE Exports information about software
> install
> on your computer
> -GetFiles Collects support information
>
> Additional Information:
>
> Support information will be in the following directory:
> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
> Defend
>
> -Scan [-ScanType]
> 0 Default, according to your configuration
> 1 Quick scan
> 2 Full system scan
>
> -Trace [-Grouping] [-Level]
> Begins tracing Windows Defender's actions. You can specify
> the components for which tracing is enabled and how much
> information
> is recorded.
> If no component is specified, all the components will be logged.
> If no level is specified, the Error, Warning and Informational
> levels
> will be logged.
>
> [-Grouping]
> 0x1 Service
> 0x2 Malware Protection Engine
> 0x4 User Interface
> 0x8 Real-Time Protection
> 0x10 Scheduled actions
>
> [-Level]
> 0x1 Errors
> 0x2 Warnings
> 0x4 Informational messages
> 0x8 Function calls
> 0x10 Assertions
>
> -GetFiles
> Gathers the following log files and packages them together in a
> compressed file in the support directory
>
> - Any trace files from Windows Defender
> - The Windows Update history log
> - All WinDefend or WinDefendRtp events from the
> System and Application event log
> - All relevant Windows Defender registry locations
> - All software information from Software Explorer
>
> -RemoveDefinitions
> Restores the last set of signature definitions
>
> -RemoveDefinitions -All
> Rolls the signature definitions back to the default signature set
> and removes any installed signature and engine files.Use this
> option if you have difficulties trying to update signatures.
>
> -RestoreDefaults
> Resets all configuration options to their default values; this is
> the
> equivalent of running Windows Defender setup unattended.
>
> -GetSWE
> Exports the contents of Software Explorer into a file named
> MPSWE.txt
> in the support directory
> ****************************************************************************************
> C:\Program Files\Windows Defender>MpCmdRun -GetFiles
> Collecting events from System Event Log...done!
> Collecting events from Application Event Log...done!
> Collecting Software Explorer information...done!
> Collecting configuration information...done!
> Getting Windows Update log...done!
> Getting MpCmdRun log...done!
> done!
> done!
> Getting MpSigStub log...done!
> Creating CAB file...done!
> Files successfully created in C:\Documents and Settings\All
> Users\Application Data\Microsoft\Windows Defender\Support
>
> --
>
> Regards, Dave
>
>
>

Kyle - I take it you are running Vista?

My version number on Vista agrees with yours.

When I look at Windows Defender's mpcmdrun on Vista, like you, I don't see
a -RestoreDefaults switch.

I've looked through the UI for the program, the help, and the control panel,
and I have to say I don't see a way to reset the choices to defaults.

I think the defaults must be in place in a template which is used when new
user accounts are created, but I haven't spotted where that lives, and
blowing away and re-creating your user profile seems a hard way to
accomplish this goal.

You could create a new user, and log in as that user and look at the
Defender settings and write them down.....

Seems like a good suggestion to the developers--thanks!


"Kyle" <(E-Mail Removed)> wrote in message
news:93861301-AD99-405E-8C2C-(E-Mail Removed)...
> My usage options don't include -RestoreDefaults like yours does. When I
> try
> -RestoreDefaults I just get another list of the usage options. When I try
> -GetFiles, I get a message Access is denied. This is probably more trouble
> than it's worth. I'm not unhappy with my current settings. Thanks for the
> try, Dave. I do enjoy playing with this stuff, but I hate to waste any
> more
> of your time, unless you just want to tackle this for the fun of it.
>
> "Dave M" wrote:
>
>> Kyle wrote:
>> > I'll try again. Evidently my first reply didn't take.
>> >
>> > Thanks for the reply, Dave. I'm really an extreme novice with the
>> > command prompt stuff. I tried it and got a bunch of command options,
>> > but the Restoredefaults didn't seem to have any meaning. I may not
>> > have been doing it correctly.
>> >
>> > "Dave M" wrote:
>> >
>> >> Kyle wrote:
>> >>> Anyone have a neat list of all the default settings for WD 1.1.1600?
>> >>> Guess they're not entirely necessary, but it'd be nice if WD (like
>> >>> many other programs) had a "Restore Defaults" button.
>> >>
>> >> You should be able to create a batch file to reset WD to defaults by
>> >> using the following code:
>> >>
>> >> @echo off
>> >> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
>> >>
>> >> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt
>> >> from within the Windows Defender program folder.
>> >>
>> >> --
>> >>
>> >> Regards, Dave
>>
>> I don't want to restore defaults, as I've modified Defender extensively
>> and
>> I would loose the mods, so I'll gather logs instead using "-GetFiles".
>>
>> Here's how to navigate to the Windows Defender folder (your location
>> should
>> be similar).
>> Then to list the command options available for MpCmdRun.
>> Then to gather log files with the "-GetFiles" command.
>> Don't neglect to include the (-)hyphen in front of each command.
>>
>> Start > Run > type "CMD" without quotes > click OK
>> ****************************************************************************************
>> C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
>> ****************************************************************************************
>> C:\Program Files\Windows Defender>MpCmdRun -?
>> Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
>> Use this tool to automate and troubleshoot Windows Defender
>>
>> Usage:
>> mpcmdrun.exe [command] [-options]
>>
>> Command Description
>> -? / -h Displays all available options for
>> this
>> to
>> -Trace [-Grouping] [-Level] Starts diagnostic tracing
>> -RemoveDefinitions [-All] Restores the installed signature
>> definitio
>> to a previous backup copy or to the
>> origin
>> default set of signatures
>> -RestoreDefaults Resets the Windows Defender registry
>> settings to known good defaults
>> -SignatureUpdate Checks for new definition updates
>> -Scan [-ScanType] Scans for malicious software
>> -GetSWE Exports information about software
>> install
>> on your computer
>> -GetFiles Collects support information
>>
>> Additional Information:
>>
>> Support information will be in the following directory:
>> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
>> Defend
>>
>> -Scan [-ScanType]
>> 0 Default, according to your configuration
>> 1 Quick scan
>> 2 Full system scan
>>
>> -Trace [-Grouping] [-Level]
>> Begins tracing Windows Defender's actions. You can specify
>> the components for which tracing is enabled and how much
>> information
>> is recorded.
>> If no component is specified, all the components will be logged.
>> If no level is specified, the Error, Warning and Informational
>> levels
>> will be logged.
>>
>> [-Grouping]
>> 0x1 Service
>> 0x2 Malware Protection Engine
>> 0x4 User Interface
>> 0x8 Real-Time Protection
>> 0x10 Scheduled actions
>>
>> [-Level]
>> 0x1 Errors
>> 0x2 Warnings
>> 0x4 Informational messages
>> 0x8 Function calls
>> 0x10 Assertions
>>
>> -GetFiles
>> Gathers the following log files and packages them together in a
>> compressed file in the support directory
>>
>> - Any trace files from Windows Defender
>> - The Windows Update history log
>> - All WinDefend or WinDefendRtp events from the
>> System and Application event log
>> - All relevant Windows Defender registry locations
>> - All software information from Software Explorer
>>
>> -RemoveDefinitions
>> Restores the last set of signature definitions
>>
>> -RemoveDefinitions -All
>> Rolls the signature definitions back to the default signature set
>> and removes any installed signature and engine files.Use this
>> option if you have difficulties trying to update signatures.
>>
>> -RestoreDefaults
>> Resets all configuration options to their default values; this is
>> the
>> equivalent of running Windows Defender setup unattended.
>>
>> -GetSWE
>> Exports the contents of Software Explorer into a file named
>> MPSWE.txt
>> in the support directory
>> ****************************************************************************************
>> C:\Program Files\Windows Defender>MpCmdRun -GetFiles
>> Collecting events from System Event Log...done!
>> Collecting events from Application Event Log...done!
>> Collecting Software Explorer information...done!
>> Collecting configuration information...done!
>> Getting Windows Update log...done!
>> Getting MpCmdRun log...done!
>> done!
>> done!
>> Getting MpSigStub log...done!
>> Creating CAB file...done!
>> Files successfully created in C:\Documents and Settings\All
>> Users\Application Data\Microsoft\Windows Defender\Support
>>
>> --
>>
>> Regards, Dave
>>
>>
>>

I've been having trouble replying here using the web newsgroup reader.

Yes, Vista. No, the new user thing didn't work, as described here:
http://support.microsoft.com/kb/925548/en-us.

Good thought, though, I thought. Ugh. (Laughing Ghoulishly).

"Bill Sanderson" wrote:

> Kyle - I take it you are running Vista?
>
> My version number on Vista agrees with yours.
>
> When I look at Windows Defender's mpcmdrun on Vista, like you, I don't see
> a -RestoreDefaults switch.
>
> I've looked through the UI for the program, the help, and the control panel,
> and I have to say I don't see a way to reset the choices to defaults.
>
> I think the defaults must be in place in a template which is used when new
> user accounts are created, but I haven't spotted where that lives, and
> blowing away and re-creating your user profile seems a hard way to
> accomplish this goal.
>
> You could create a new user, and log in as that user and look at the
> Defender settings and write them down.....
>
> Seems like a good suggestion to the developers--thanks!
>
>
> "Kyle" <(E-Mail Removed)> wrote in message
> news:93861301-AD99-405E-8C2C-(E-Mail Removed)...
> > My usage options don't include -RestoreDefaults like yours does. When I
> > try
> > -RestoreDefaults I just get another list of the usage options. When I try
> > -GetFiles, I get a message Access is denied. This is probably more trouble
> > than it's worth. I'm not unhappy with my current settings. Thanks for the
> > try, Dave. I do enjoy playing with this stuff, but I hate to waste any
> > more
> > of your time, unless you just want to tackle this for the fun of it.
> >
> > "Dave M" wrote:
> >
> >> Kyle wrote:
> >> > I'll try again. Evidently my first reply didn't take.
> >> >
> >> > Thanks for the reply, Dave. I'm really an extreme novice with the
> >> > command prompt stuff. I tried it and got a bunch of command options,
> >> > but the Restoredefaults didn't seem to have any meaning. I may not
> >> > have been doing it correctly.
> >> >
> >> > "Dave M" wrote:
> >> >
> >> >> Kyle wrote:
> >> >>> Anyone have a neat list of all the default settings for WD 1.1.1600?
> >> >>> Guess they're not entirely necessary, but it'd be nice if WD (like
> >> >>> many other programs) had a "Restore Defaults" button.
> >> >>
> >> >> You should be able to create a batch file to reset WD to defaults by
> >> >> using the following code:
> >> >>
> >> >> @echo off
> >> >> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
> >> >>
> >> >> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt
> >> >> from within the Windows Defender program folder.
> >> >>
> >> >> --
> >> >>
> >> >> Regards, Dave
> >>
> >> I don't want to restore defaults, as I've modified Defender extensively
> >> and
> >> I would loose the mods, so I'll gather logs instead using "-GetFiles".
> >>
> >> Here's how to navigate to the Windows Defender folder (your location
> >> should
> >> be similar).
> >> Then to list the command options available for MpCmdRun.
> >> Then to gather log files with the "-GetFiles" command.
> >> Don't neglect to include the (-)hyphen in front of each command.
> >>
> >> Start > Run > type "CMD" without quotes > click OK
> >> ****************************************************************************************
> >> C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
> >> ****************************************************************************************
> >> C:\Program Files\Windows Defender>MpCmdRun -?
> >> Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
> >> Use this tool to automate and troubleshoot Windows Defender
> >>
> >> Usage:
> >> mpcmdrun.exe [command] [-options]
> >>
> >> Command Description
> >> -? / -h Displays all available options for
> >> this
> >> to
> >> -Trace [-Grouping] [-Level] Starts diagnostic tracing
> >> -RemoveDefinitions [-All] Restores the installed signature
> >> definitio
> >> to a previous backup copy or to the
> >> origin
> >> default set of signatures
> >> -RestoreDefaults Resets the Windows Defender registry
> >> settings to known good defaults
> >> -SignatureUpdate Checks for new definition updates
> >> -Scan [-ScanType] Scans for malicious software
> >> -GetSWE Exports information about software
> >> install
> >> on your computer
> >> -GetFiles Collects support information
> >>
> >> Additional Information:
> >>
> >> Support information will be in the following directory:
> >> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
> >> Defend
> >>
> >> -Scan [-ScanType]
> >> 0 Default, according to your configuration
> >> 1 Quick scan
> >> 2 Full system scan
> >>
> >> -Trace [-Grouping] [-Level]
> >> Begins tracing Windows Defender's actions. You can specify
> >> the components for which tracing is enabled and how much
> >> information
> >> is recorded.
> >> If no component is specified, all the components will be logged.
> >> If no level is specified, the Error, Warning and Informational
> >> levels
> >> will be logged.
> >>
> >> [-Grouping]
> >> 0x1 Service
> >> 0x2 Malware Protection Engine
> >> 0x4 User Interface
> >> 0x8 Real-Time Protection
> >> 0x10 Scheduled actions
> >>
> >> [-Level]
> >> 0x1 Errors
> >> 0x2 Warnings
> >> 0x4 Informational messages
> >> 0x8 Function calls
> >> 0x10 Assertions
> >>
> >> -GetFiles
> >> Gathers the following log files and packages them together in a
> >> compressed file in the support directory
> >>
> >> - Any trace files from Windows Defender
> >> - The Windows Update history log
> >> - All WinDefend or WinDefendRtp events from the
> >> System and Application event log
> >> - All relevant Windows Defender registry locations
> >> - All software information from Software Explorer
> >>
> >> -RemoveDefinitions
> >> Restores the last set of signature definitions
> >>
> >> -RemoveDefinitions -All
> >> Rolls the signature definitions back to the default signature set
> >> and removes any installed signature and engine files.Use this
> >> option if you have difficulties trying to update signatures.
> >>
> >> -RestoreDefaults
> >> Resets all configuration options to their default values; this is
> >> the
> >> equivalent of running Windows Defender setup unattended.
> >>
> >> -GetSWE
> >> Exports the contents of Software Explorer into a file named
> >> MPSWE.txt
> >> in the support directory
> >> ****************************************************************************************
> >> C:\Program Files\Windows Defender>MpCmdRun -GetFiles
> >> Collecting events from System Event Log...done!
> >> Collecting events from Application Event Log...done!
> >> Collecting Software Explorer information...done!
> >> Collecting configuration information...done!
> >> Getting Windows Update log...done!
> >> Getting MpCmdRun log...done!
> >> done!
> >> done!
> >> Getting MpSigStub log...done!
> >> Creating CAB file...done!
> >> Files successfully created in C:\Documents and Settings\All
> >> Users\Application Data\Microsoft\Windows Defender\Support
> >>
> >> --
> >>
> >> Regards, Dave
> >>
> >>
> >>
>
>

Windows Defender does not store information about settings on a per-user basis
<http://support.microsoft.com/kb/925548/en-us>

APPLIES TO

• Windows Defender, when used with:

Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based
Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based
Systems
Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
--=-


"Kyle" wrote:

> I've been having trouble replying here using the web newsgroup reader.
>
> Yes, Vista. No, the new user thing didn't work, as described here:
> http://support.microsoft.com/kb/925548/en-us.
>
> Good thought, though, I thought. Ugh. (Laughing Ghoulishly).
>
> "Bill Sanderson" wrote:
>
> > Kyle - I take it you are running Vista?
> >
> > My version number on Vista agrees with yours.
> >
> > When I look at Windows Defender's mpcmdrun on Vista, like you, I don't see
> > a -RestoreDefaults switch.
> >
> > I've looked through the UI for the program, the help, and the control panel,
> > and I have to say I don't see a way to reset the choices to defaults.
> >
> > I think the defaults must be in place in a template which is used when new
> > user accounts are created, but I haven't spotted where that lives, and
> > blowing away and re-creating your user profile seems a hard way to
> > accomplish this goal.
> >
> > You could create a new user, and log in as that user and look at the
> > Defender settings and write them down.....
> >
> > Seems like a good suggestion to the developers--thanks!
> >
> >
> > "Kyle" <(E-Mail Removed)> wrote in message
> > news:93861301-AD99-405E-8C2C-(E-Mail Removed)...
> > > My usage options don't include -RestoreDefaults like yours does. When I
> > > try
> > > -RestoreDefaults I just get another list of the usage options. When I try
> > > -GetFiles, I get a message Access is denied. This is probably more trouble
> > > than it's worth. I'm not unhappy with my current settings. Thanks for the
> > > try, Dave. I do enjoy playing with this stuff, but I hate to waste any
> > > more
> > > of your time, unless you just want to tackle this for the fun of it.
> > >
> > > "Dave M" wrote:
> > >
> > >> Kyle wrote:
> > >> > I'll try again. Evidently my first reply didn't take.
> > >> >
> > >> > Thanks for the reply, Dave. I'm really an extreme novice with the
> > >> > command prompt stuff. I tried it and got a bunch of command options,
> > >> > but the Restoredefaults didn't seem to have any meaning. I may not
> > >> > have been doing it correctly.
> > >> >
> > >> > "Dave M" wrote:
> > >> >
> > >> >> Kyle wrote:
> > >> >>> Anyone have a neat list of all the default settings for WD 1.1.1600?
> > >> >>> Guess they're not entirely necessary, but it'd be nice if WD (like
> > >> >>> many other programs) had a "Restore Defaults" button.
> > >> >>
> > >> >> You should be able to create a batch file to reset WD to defaults by
> > >> >> using the following code:
> > >> >>
> > >> >> @echo off
> > >> >> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
> > >> >>
> > >> >> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt
> > >> >> from within the Windows Defender program folder.
> > >> >>
> > >> >> --
> > >> >>
> > >> >> Regards, Dave
> > >>
> > >> I don't want to restore defaults, as I've modified Defender extensively
> > >> and
> > >> I would loose the mods, so I'll gather logs instead using "-GetFiles".
> > >>
> > >> Here's how to navigate to the Windows Defender folder (your location
> > >> should
> > >> be similar).
> > >> Then to list the command options available for MpCmdRun.
> > >> Then to gather log files with the "-GetFiles" command.
> > >> Don't neglect to include the (-)hyphen in front of each command.
> > >>
> > >> Start > Run > type "CMD" without quotes > click OK
> > >> ****************************************************************************************
> > >> C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
> > >> ****************************************************************************************
> > >> C:\Program Files\Windows Defender>MpCmdRun -?
> > >> Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
> > >> Use this tool to automate and troubleshoot Windows Defender
> > >>
> > >> Usage:
> > >> mpcmdrun.exe [command] [-options]
> > >>
> > >> Command Description
> > >> -? / -h Displays all available options for
> > >> this
> > >> to
> > >> -Trace [-Grouping] [-Level] Starts diagnostic tracing
> > >> -RemoveDefinitions [-All] Restores the installed signature
> > >> definitio
> > >> to a previous backup copy or to the
> > >> origin
> > >> default set of signatures
> > >> -RestoreDefaults Resets the Windows Defender registry
> > >> settings to known good defaults
> > >> -SignatureUpdate Checks for new definition updates
> > >> -Scan [-ScanType] Scans for malicious software
> > >> -GetSWE Exports information about software
> > >> install
> > >> on your computer
> > >> -GetFiles Collects support information
> > >>
> > >> Additional Information:
> > >>
> > >> Support information will be in the following directory:
> > >> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
> > >> Defend
> > >>
> > >> -Scan [-ScanType]
> > >> 0 Default, according to your configuration
> > >> 1 Quick scan
> > >> 2 Full system scan
> > >>
> > >> -Trace [-Grouping] [-Level]
> > >> Begins tracing Windows Defender's actions. You can specify
> > >> the components for which tracing is enabled and how much
> > >> information
> > >> is recorded.
> > >> If no component is specified, all the components will be logged.
> > >> If no level is specified, the Error, Warning and Informational
> > >> levels
> > >> will be logged.
> > >>
> > >> [-Grouping]
> > >> 0x1 Service
> > >> 0x2 Malware Protection Engine
> > >> 0x4 User Interface
> > >> 0x8 Real-Time Protection
> > >> 0x10 Scheduled actions
> > >>
> > >> [-Level]
> > >> 0x1 Errors
> > >> 0x2 Warnings
> > >> 0x4 Informational messages
> > >> 0x8 Function calls
> > >> 0x10 Assertions
> > >>
> > >> -GetFiles
> > >> Gathers the following log files and packages them together in a
> > >> compressed file in the support directory
> > >>
> > >> - Any trace files from Windows Defender
> > >> - The Windows Update history log
> > >> - All WinDefend or WinDefendRtp events from the
> > >> System and Application event log
> > >> - All relevant Windows Defender registry locations
> > >> - All software information from Software Explorer
> > >>
> > >> -RemoveDefinitions
> > >> Restores the last set of signature definitions
> > >>
> > >> -RemoveDefinitions -All
> > >> Rolls the signature definitions back to the default signature set
> > >> and removes any installed signature and engine files.Use this
> > >> option if you have difficulties trying to update signatures.
> > >>
> > >> -RestoreDefaults
> > >> Resets all configuration options to their default values; this is
> > >> the
> > >> equivalent of running Windows Defender setup unattended.
> > >>
> > >> -GetSWE
> > >> Exports the contents of Software Explorer into a file named
> > >> MPSWE.txt
> > >> in the support directory
> > >> ****************************************************************************************
> > >> C:\Program Files\Windows Defender>MpCmdRun -GetFiles
> > >> Collecting events from System Event Log...done!
> > >> Collecting events from Application Event Log...done!
> > >> Collecting Software Explorer information...done!
> > >> Collecting configuration information...done!
> > >> Getting Windows Update log...done!
> > >> Getting MpCmdRun log...done!
> > >> done!
> > >> done!
> > >> Getting MpSigStub log...done!
> > >> Creating CAB file...done!
> > >> Files successfully created in C:\Documents and Settings\All
> > >> Users\Application Data\Microsoft\Windows Defender\Support
> > >>
> > >> --
> > >>
> > >> Regards, Dave
> > >>
> > >>
> > >>
> >
> >

Amazing--good KB find.

Well, probably like you I've looked over the other 41 KB articles that the
current KB search engine finds, and I don't see anything addressing the
issue of resetting to defaults in Vista. You can't disable the feature
fully, just tell Windows to stop using it--and as far as I can see when you
start using it again, the settings are just as they were when you stopped.
For example, to respond initially to your message, I had to disable
Forefront Client Security, enable Windows Defender, which came up with
definitions from January--then update the definitions (and engine.)
Settings otherwise seem just as I left it back in January.

We could use a simple KB article stating what the default settings are.

"Kyle" <(E-Mail Removed)> wrote in message
news9935827-CAAA-4D29-8B7B-(E-Mail Removed)...
> I've been having trouble replying here using the web newsgroup reader.
>
> Yes, Vista. No, the new user thing didn't work, as described here:
> http://support.microsoft.com/kb/925548/en-us.
>
> Good thought, though, I thought. Ugh. (Laughing Ghoulishly).
>
> "Bill Sanderson" wrote:
>
>> Kyle - I take it you are running Vista?
>>
>> My version number on Vista agrees with yours.
>>
>> When I look at Windows Defender's mpcmdrun on Vista, like you, I don't
>> see
>> a -RestoreDefaults switch.
>>
>> I've looked through the UI for the program, the help, and the control
>> panel,
>> and I have to say I don't see a way to reset the choices to defaults.
>>
>> I think the defaults must be in place in a template which is used when
>> new
>> user accounts are created, but I haven't spotted where that lives, and
>> blowing away and re-creating your user profile seems a hard way to
>> accomplish this goal.
>>
>> You could create a new user, and log in as that user and look at the
>> Defender settings and write them down.....
>>
>> Seems like a good suggestion to the developers--thanks!
>>
>>
>> "Kyle" <(E-Mail Removed)> wrote in message
>> news:93861301-AD99-405E-8C2C-(E-Mail Removed)...
>> > My usage options don't include -RestoreDefaults like yours does. When I
>> > try
>> > -RestoreDefaults I just get another list of the usage options. When I
>> > try
>> > -GetFiles, I get a message Access is denied. This is probably more
>> > trouble
>> > than it's worth. I'm not unhappy with my current settings. Thanks for
>> > the
>> > try, Dave. I do enjoy playing with this stuff, but I hate to waste any
>> > more
>> > of your time, unless you just want to tackle this for the fun of it.
>> >
>> > "Dave M" wrote:
>> >
>> >> Kyle wrote:
>> >> > I'll try again. Evidently my first reply didn't take.
>> >> >
>> >> > Thanks for the reply, Dave. I'm really an extreme novice with the
>> >> > command prompt stuff. I tried it and got a bunch of command options,
>> >> > but the Restoredefaults didn't seem to have any meaning. I may not
>> >> > have been doing it correctly.
>> >> >
>> >> > "Dave M" wrote:
>> >> >
>> >> >> Kyle wrote:
>> >> >>> Anyone have a neat list of all the default settings for WD
>> >> >>> 1.1.1600?
>> >> >>> Guess they're not entirely necessary, but it'd be nice if WD (like
>> >> >>> many other programs) had a "Restore Defaults" button.
>> >> >>
>> >> >> You should be able to create a batch file to reset WD to defaults
>> >> >> by
>> >> >> using the following code:
>> >> >>
>> >> >> @echo off
>> >> >> "C:\Program Files\Windows Defender\MpCmdRun.exe" -Restoredefaults
>> >> >>
>> >> >> Otherwise just run "MpCmdRun -Restoredefaults" at a command prompt
>> >> >> from within the Windows Defender program folder.
>> >> >>
>> >> >> --
>> >> >>
>> >> >> Regards, Dave
>> >>
>> >> I don't want to restore defaults, as I've modified Defender
>> >> extensively
>> >> and
>> >> I would loose the mods, so I'll gather logs instead using "-GetFiles".
>> >>
>> >> Here's how to navigate to the Windows Defender folder (your location
>> >> should
>> >> be similar).
>> >> Then to list the command options available for MpCmdRun.
>> >> Then to gather log files with the "-GetFiles" command.
>> >> Don't neglect to include the (-)hyphen in front of each command.
>> >>
>> >> Start > Run > type "CMD" without quotes > click OK
>> >> ****************************************************************************************
>> >> C:\Documents and Settings\Dave>CD C:\Program Files\Windows Defender
>> >> ****************************************************************************************
>> >> C:\Program Files\Windows Defender>MpCmdRun -?
>> >> Windows Defender Command Line Utility (c) 2006 Microsoft Corporation
>> >> Use this tool to automate and troubleshoot Windows Defender
>> >>
>> >> Usage:
>> >> mpcmdrun.exe [command] [-options]
>> >>
>> >> Command Description
>> >> -? / -h Displays all available options for
>> >> this
>> >> to
>> >> -Trace [-Grouping] [-Level] Starts diagnostic tracing
>> >> -RemoveDefinitions [-All] Restores the installed signature
>> >> definitio
>> >> to a previous backup copy or to the
>> >> origin
>> >> default set of signatures
>> >> -RestoreDefaults Resets the Windows Defender
>> >> registry
>> >> settings to known good defaults
>> >> -SignatureUpdate Checks for new definition updates
>> >> -Scan [-ScanType] Scans for malicious software
>> >> -GetSWE Exports information about software
>> >> install
>> >> on your computer
>> >> -GetFiles Collects support information
>> >>
>> >> Additional Information:
>> >>
>> >> Support information will be in the following directory:
>> >> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
>> >> Defend
>> >>
>> >> -Scan [-ScanType]
>> >> 0 Default, according to your configuration
>> >> 1 Quick scan
>> >> 2 Full system scan
>> >>
>> >> -Trace [-Grouping] [-Level]
>> >> Begins tracing Windows Defender's actions. You can specify
>> >> the components for which tracing is enabled and how much
>> >> information
>> >> is recorded.
>> >> If no component is specified, all the components will be
>> >> logged.
>> >> If no level is specified, the Error, Warning and Informational
>> >> levels
>> >> will be logged.
>> >>
>> >> [-Grouping]
>> >> 0x1 Service
>> >> 0x2 Malware Protection Engine
>> >> 0x4 User Interface
>> >> 0x8 Real-Time Protection
>> >> 0x10 Scheduled actions
>> >>
>> >> [-Level]
>> >> 0x1 Errors
>> >> 0x2 Warnings
>> >> 0x4 Informational messages
>> >> 0x8 Function calls
>> >> 0x10 Assertions
>> >>
>> >> -GetFiles
>> >> Gathers the following log files and packages them together in
>> >> a
>> >> compressed file in the support directory
>> >>
>> >> - Any trace files from Windows Defender
>> >> - The Windows Update history log
>> >> - All WinDefend or WinDefendRtp events from the
>> >> System and Application event log
>> >> - All relevant Windows Defender registry locations
>> >> - All software information from Software Explorer
>> >>
>> >> -RemoveDefinitions
>> >> Restores the last set of signature definitions
>> >>
>> >> -RemoveDefinitions -All
>> >> Rolls the signature definitions back to the default signature
>> >> set
>> >> and removes any installed signature and engine files.Use this
>> >> option if you have difficulties trying to update signatures.
>> >>
>> >> -RestoreDefaults
>> >> Resets all configuration options to their default values; this
>> >> is
>> >> the
>> >> equivalent of running Windows Defender setup unattended.
>> >>
>> >> -GetSWE
>> >> Exports the contents of Software Explorer into a file named
>> >> MPSWE.txt
>> >> in the support directory
>> >> ****************************************************************************************
>> >> C:\Program Files\Windows Defender>MpCmdRun -GetFiles
>> >> Collecting events from System Event Log...done!
>> >> Collecting events from Application Event Log...done!
>> >> Collecting Software Explorer information...done!
>> >> Collecting configuration information...done!
>> >> Getting Windows Update log...done!
>> >> Getting MpCmdRun log...done!
>> >> done!
>> >> done!
>> >> Getting MpSigStub log...done!
>> >> Creating CAB file...done!
>> >> Files successfully created in C:\Documents and Settings\All
>> >> Users\Application Data\Microsoft\Windows Defender\Support
>> >>
>> >> --
>> >>
>> >> Regards, Dave
>> >>
>> >>
>> >>
>>
>>