Deploying Windows Defender (Beta2) via GPO on Network with WSUS?

[Ben [MCSE]]

Hi,

I've just downloaded Windows Defender (Beta2), and would like to deploy it
to some of our clients via GPO. I have created a Test GPO, and added the
package, after rebooting the test machine the install works. However, I was
wondering if it would be possible to configure Defender via the GPO, i.e.
scan time, type of scan, allowed programs etc. If not, I could write my own
admin template to add to the GPO, but not sure if this would be 100%
reliable, it's always been a bit fiddly in the past.
Is it possible to 'slipstream' the latest definitions into the install MSI,
before it gets installed on the client workstations? It would be nice to be
able to roll out an updated package, so users do not have to immediately
update it after it's installed.
Also we have a WSUS server on our network, I have added the new Defender
category, and approved the latest definitions for install, however when I
set Defender to check for updates, it says it couldn't find any new
definitions or scan engines. Is it not communicating with the WSUS server?
Or is something else wrong?

Cheers

Ben

 

[Bill Sanderson]

There are other messages in this group, or perhaps in .networking, which
address some of your questions. Microsoft states that an ADM document
allowing group policy management will be available by release time. No time
for that has been set that I've seen.

The internal update mechanism of Windows Defender should user autoupdate,
which should be reaching your WSUS server--I'd double check things there.
You can trigger a check for updates via Help, about, check for updates.

 

[Ben [MCSE]]

Hi Bill,

Thanks for the reply.

Just found that out after looking into writing my own ADM templates:

"It is not possible to configure Windows Defender (Beta 2) through Group
Policy settings. The final version of Windows Defender will include
administrator (.adm) files so that you can configure Windows Defender
through Group Policy."

Damn! Hope MS release this as a proper version soon, it feels like it's been
in beta for years!

After rebooting my laptop, the update seemed to work properly, connecting to
our WSUS server, and downloading the new definitions.

Ben

 

[Guest]

Glad to hear that the update corrected itself. There are some posts here or
install about some registry options--for example, if you turn off all the
real-time protection agents and save that choice, and then turn them back on,
you can see keys that control their use--and could selectively disable one
that was causing problems in your environment, for example.