Create an Antivirus profile to configure the native Windows Defender antivirus on Windows Desktop devices. Windows Defender configured for all your devices ensures that your end users are protected as they use the device.

Important:

The Antivirus profile requires the AirWatch Unified Agent to be installed on the device. This profile only configures native Windows Defender and not other third-party antivirus appliances.

To configure the Antivirus Profile:

  1. Navigate to Devices > Profiles > List View > Add and select Add Profile.

  2. Select Windows and then select Windows Desktop.
  3. Select Device Profile.
  4. Configure the profile General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  5. Select the Antivirus Profile.
  6. Configure the Antivirus settings:
    Settings Descriptions
    Real Time Monitoring Enable to configure Windows Defender to monitor the device in real time.
    Set Signature Update Interval Enable to set the day and time that the device checks for updates for Defender.
    Set Scan Interval

    Enable to configure the interval between the different system scan.

    You can select various times and various scan types. Enabling this setting displays Full Scan, Quick Scan, and Remediation Scan settings.

    Full Scan Enable to schedule when a full system scan runs. Select the specific time and day.
    Quick Scan Enable to schedule when a quick system scan runs. Select the specific time and day.
    Remediation scan Enable to schedule when a remediation scan to fix errors runs. Select the specific time and day.
    Exclusions
    Exclusions

    Select the file paths or processes to exclude from the Windows Defender scans.

    Select Add New to add an exception.

    Threat Default Action
    Threat Default Action (Unknown, Low, Moderate, High, Severe threats)

    Set the default action for the different threat levels found during scans.

    • Clean – Select to clean the issues with the threat.
    • Quarantine – Select to separate the threat into a quarantine folder.
    • Remove – Select to remove the threat from your system.
    • Allow – Select to let the threat stay.
    • User Defined – Select to let the user decide what to do with the threat.
    • No Action – Select to take no action with the threat.
    • Block – Select to block the threat from accessing the device.
    Advanced
    Scan Avg CPU Load Factor Set the maximum average percentage of CPU Windows Defender can use during scans.
    Scan Only If Idle Enabled Enable to restrict Windows Defender to scan only when the CPU is idle.
    UI Lockdown

    Enable to lock down completely the UI so end users cannot change settings.

    Catchup Full Scan

    Enable to allow run a full scan that was interrupted or missed previously.

    A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.

    Catchup Quick Scan

    Enable to allow run a quick scan that was interrupted or missed previously.

    A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.

    Behavior Monitoring Enable to set the virus scanner to send an activity log to Microsoft.
    Privacy Mode Enable to prevent users, other than administrators, from displaying threat history.
    Intrusion Prevention System

    Enable to configure the network protection against exploitation of known vulnerabilities.

    This option enables Windows Defender to monitor the connections continuously and identify potentially malicious behavior patterns. In this respect, the software behaves like a classic virus scanner, except that instead of scanning files it now scans network traffic.

    Scan Email Enable to allow Windows Defender to scan emails.
    Scan Mapped Network Drives Enable to allow Windows Defender to scan network drives mapped to devices.
    Scan Archives Enable to allow Windows Defender to run a full scan archived folders.
    Scan Removable Drives Enable to allow Windows Defender to scan any removable drives attached to the device.
    Remove Quarantined Files After Set how long files are quarantined before being removed.
  7. Select Save & Publish.