Setting up Windows Defender as a custom engine in MetaDefender Core

In order to use Windows Defender as a custom engine in MetaDefender Core, the following conditions must be met:

  • Supported OS: Windows Server 2016/2019.

  • Real-time protection must be turned on.

images/download/attachments/5087523/image2019-7-18_18-1-57.png

  • The MetaDefender Core installation folder must be whitelisted:

images/download/attachments/5087523/image2019-7-18_18-2-21.png images/download/attachments/5087523/image2019-7-18_18-2-45.png

  • Passive Mode must be enabled for Windows Defender:

    • download the windows_defender_passive_mode archive and extract it

    • execute the enable_windows_defender_passive_mode.reg to automatically add the following 2 keys to the registry:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection]
      "DisableRoutinelyTakingAction"=dword:00000001
      "ForceDefenderPassiveMode"=dword:00000001
    • if you want to change Windows Defender back to active mode, execute the disable_windows_defender_passive_mode.reg or modify the two above registries to 00000000

Considering that this custom engine uses the native Windows Defender available on the system, the behavior of the engine relies on your Windows Defender local settings.

So, for example, if you do not want to submit files to Microsoft servers using the cloud feature, you should turn these settings off in the Windows Defender configuration.

images/download/attachments/5087523/Windows_Defender_Cloud_Scan.png

This article applies to MetaDefender Core v4
This article was last updated on 2020-06-11
VM