Citrix Endpoint Management

Defender device policy

Windows Defender is malware protection included with Windows 10. You can use the Endpoint Management device policy, Defender, to configure the Microsoft Defender policy for Windows 10 for desktop and tablet.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Windows Desktop and Tablet settings

Device Policies configuration screen

  • Allow scanning of archived files: Allows or blocks Defender to scan archived files. Defaults to Off.
  • Allow cloud protection: Allows or blocks Defender to send information to Microsoft about malware activity. Defaults to On.
  • Allow a full scan of removable drives: Allows or blocks Defender to scan removable drives such as USB sticks. Defaults to On.
  • Allow real-time monitoring: Defaults to On.
  • Allow scans of network files: Allows or blocks Defender to scan network files. Defaults to On.
  • Allow access to the Windows Defender UI: Specifies whether users can access the Windows Defender user interface. This setting takes effect the next time the user device starts. If this setting is Off, users don’t receive any Windows Defender notifications. Defaults to On.
  • Excluded extensions: The extensions to exclude from real-time or scheduled scans. To separate extensions, use the | character. For example, lib\|obj.
  • Excluded paths: The paths to exclude from real-time or scheduled scans. To separate paths, use the | character. For example, C:\Example|C:\Example1.
  • Excluded processes: The processes to exclude from real-time or scheduled scans. To separate processes, use the | character. For example, C:\Example.exe|C:\Example1.exe.
  • Submit samples for further analysis: Controls whether to send to Microsoft files that might require further analysis to determine if they are malicious. Options: Always prompt, Send safe samples, Never send, Send all samples. Defaults to Send safe samples.
Defender device policy