Configuring settings

[Guest]

Previously on the test machine, MS AntiSpyware beta was installed. It was
set to do a daily scan at 12:30PM and auto update daily at 10AM. I'm testing
a SMS package to deploy Windows Defender Beta 2 to the machine. However,
after it upgrades, the settings for the daily scan, auto update, etc has
changed to the Windows Defender defaults.

Is there a way (maybe a configuration file) to change the settings? I'm
going to deploy to quite a few machines and I don't want to have to go to
each PC and then set the settings.

Thanks.

 

[Bill Sanderson MVP]

Windows Defender is not designed for such deployments, and is not
controllable via group policy. The appropriate Microsoft product in this
situation is:

http://www.microsoft.com/forefront/clientsecurity/default.mspx

However, that said, my impression from such upgrades on individual systems
was that such settings were carried over--the scan timing, in particular.

You should be aware that updates for beta2 are carried over
AutoUpdate/windows Update, and not the direct web mechanism used by beta1.
This may be significant in your environment. If you are running WSUS, the
definitions can be deployed via WSUS:

http://support.microsoft.com/kb/919772

Within the app, you can choose to check for updates before each scheduled
scan, or not. Otherwise, update timing is determined by the autoupdate
settings in Windows.

Daily scans by beta2 are done by a hidden scheduled task, using the Windows
task scheduler. This information doesn't help you "plug" the information
into Defender, though.

HKLM\software\microsoft\windows defender\scan\ScheduleTime

would appear to contain the value you want to control--mine is set to hex
21c which presumably corresponds to 9 a.m. which is my chosen setting.
Within the app, only hourly choices are available. Noon would correspond to
hex 2d0, decimal 720, 1 PM would be hex 30c, decimal 780.

I've no idea what the effect of setting this to decimal 750 would be.
Presumably, it would make the job be scheduled at 12:30, but (for me) the UI
reads 1 PM.

I'll try leaving it that way and see what happens.

This registry key doesn't seem to have access restrictions preventing it
from being easily changed.

(Jeez--just get the managed product and forget this nonsense!) <G>

 

[Dave M]

I hope he's not in a hurry (June 2007):
http://www.infoworld.com/article/06/06/12/79211_HNmscorpsec_1.html

 

[Bill Sanderson MVP]

Thanks - hadn't seen that. Introduction of a public beta program in 4q 2006
sounds good, though.

 

[Guest]

You were able to directly edit the ScheduleTime value? I get the message
"Cannot edit ScheduleTime: Error writing the value's new contents" when I
try to edit the values or when I try to create a new key under the Scan.

 

[Bill Sanderson MVP]

Hmm - I was. Take this as an error in posting on my part--there are some
differences between my system and yours, and perhaps that is one--my bad.

You'd need to change the permissions on the Scan key (step back a level) to
allow administrators full permissions, make the change, and then change
those permissions back again.

That process is more complex than I would want to try scripting, myself.

Sorry for the misinformation.

--

 

[Guest]

I think that's too much of a hastle. Do you know of any other way?

Because, with MS AntiSpyware beta, basically I set the settings (scan time,
etc) on my PC and then copy some of the .gcd files (configuration files) to
the other PCs. This made the settings the same as my computer.

 

[Bill Sanderson MVP]

I agree that it is too much work, but I don't know of another way. As an
alternative, consider the effect of leaving things at the defaults: Updates
will be received if autoupdate works on your network and if Windows Defender
is carried by any local server mechanism you have--i.e. WSUS. Scheduled
scans will default to intelligent quickscans (which is the recommended
choice)--and, if the 2 AM scheduled scan is missed, will take place--I
believe 10 minutes after the next user login.

On corporate machines I work with a quickscan takes as little as 2
minutes--to a max of about 10. This scan has no UI unless the user opens
Windows Defender during the scan.

I'd go ahead and deploy leaving things at the defaults--when I install
manually in office settings, I don't change any of the defaults.

--

 

[Guest]

Thanks Bill for the help.

Yes we have WSUS running and I believe you are right at leaving to the
default settings.