Configure the cloud block timeout period
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint Plan 2
- [Microsoft Defender for Business
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender Antivirus
Platforms
- Windows
- Windows Server
When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the Microsoft Defender Antivirus cloud service.
The default period that the file is blocked is 10 seconds. If you're a security administrator, you can specify more time to wait before the file is allowed to run. Extending the cloud block timeout period can help ensure there is enough time to receive a proper determination from the Microsoft Defender Antivirus cloud service.
Prerequisites to use the extended cloud block timeout
Block at first sight and its prerequisites must be enabled before you can specify an extended timeout period.
Specify the extended timeout period using Microsoft Defender for Endpoint Security settings management
To specify the cloud block timeout period with Microsoft Defender for Endpoint Security settings management:
- Go to the Microsoft Defender for Endpoint portal (https://security.microsoft.com) and sign in.
- Select Endpoints > Configuration management > Endpoint security policies.
- Select Create new Policy.
- Under Select Platform choose: "Windows 10, Windows 11, and Windows Server".
- Under Select Template choose: "Microsoft Defender Antivirus".
- Select Create policy.
- Enter a name and description and select Next.
- From the Defender dropdown go to Cloud Extended Timeout and toggle it on.
- Specify the extended time, in seconds, from 1 second to 50 seconds. Whatever you specify is added to the default 10 seconds.
- Select Next and Save to finish configuring your policy.
Specify the extended timeout period using Microsoft Intune
You can specify the cloud block timeout period with an endpoint security policy in Microsoft Intune.
Go to the Intune admin center (https://intune.microsoft.com/) and sign in.
Select Endpoint security, and then under Manage, choose Antivirus.
Select (or create) an antivirus policy.
In the Configuration settings section, scroll down to Cloud Extended Timeout and specify the timeout, in seconds, from 0 to 50 seconds. Whatever you specify is added to the default 10 seconds.
(This step is optional) Make any other changes to your antivirus policy. (Need help? See Settings for Microsoft Defender Antivirus policy in Microsoft Intune.)
Choose Next, and finish configuring your policy.
Specify the extended timeout period using Group Policy
You can use Group Policy to specify an extended timeout for cloud checks.
On your Group Policy management computer, open the Group Policy Management Console
Right-click the Group Policy Object you want to configure and then select Edit.
In the Group Policy Management Editor, go to Computer configuration, and then select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > MpEngine.
Double-click Configure extended cloud check and ensure the option is enabled.
Specify the extra amount of time to prevent the file from running while waiting for a cloud determination. Specify the extra time, in seconds, from 1 second to 50 seconds. Whatever you specify is added to the default 10 seconds.
Select OK.
Tip
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.