Windows Defender DisableScriptScanning

DCruickshank-8960 6 Reputation points
2020-11-05T12:23:17.197+00:00

Hi there

We currently have Defender controlled by ConfigMgr 2006. Running Get-MpPreference on a Win 10 client shows DisableScriptScanning set to True.

I then try Set-MpPreference -DisableScriptScanning $false but while the command completes without any feedback this seems to have no effect. I cannot see anywhere in the Antimalware Policies in ConfigMgr to control this nor in client settings.

There also seem to be controls for this in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Real-Time Protection but setting the keys DisableScriptScanning on its own or with LocalSettingOverrideDisableScriptScanning doesn't seem to help.

It looks like it used to be a thing in the EndPoint protection policies GUI of ConfigMgr 2012 so I'm not sure why it was removed. 37609-bbz1b2r.png

Has anyone managed to change this setting?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,910 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Jenny Feng 14,131 Reputation points
    2020-11-06T02:04:23.603+00:00

    Hi,
    This policy setting allows you to configure script scanning.
    You may change this setting via GPO:
    https://getadmx.com/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::real-time_protection_disablescriptscanning
    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Hope above information can help you.

    ============================================
    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. DCruickshank-8960 6 Reputation points
    2020-11-24T12:59:45.503+00:00

    Hi there,

    Sorry for the delay, real life got in the way.

    Before running anything I've run a gpresult and it shows these settings are configured by Local Group Policy. Does this mean it was set to 'Off' when we have SCCM 2012 and now it is not an option available in the GUI of ConfigMgr CB? 42030-disablescriptscanning.png

    I've had a look in Group Policy and we don't have System Center Endpoint Protection available under computer configuration. I see Forefront Endpoint Protection 2010 and also Windows Defender Anti virus but neither of these have a ScriptScanning option. Are there admx templates I need to import as I can see some are available but not for Windows 10 https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/endpoint-protection-group-policies

    I'll try setting the registry key with a GPO and report how that goes.

    0 comments No comments

  3. DCruickshank-8960 6 Reputation points
    2020-11-24T13:21:22.29+00:00

    Hi there,

    I've set the registry key in a GPO, restarted and as per the screenshot it shows it is set to 0. But if I run Get-MpPreference it still thinks it is set to true (see at the bottom of the screen shot) and if I run gpresult it is still set to 1 as per my previous update screenshot.
    42222-disablescriptscanning2.png

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.