Configure the cloud block timeout period
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender Antivirus
When Microsoft Defender Antivirus finds a suspicious file, it can prevent the file from running while it queries the Microsoft Defender Antivirus cloud service.
The default period that the file is blocked is 10 seconds. If you're a security administrator, you can specify more time to wait before the file is allowed to run. Extending the cloud block timeout period can help ensure there is enough time to receive a proper determination from the Microsoft Defender Antivirus cloud service.
Prerequisites to use the extended cloud block timeout
Block at first sight and its prerequisites must be enabled before you can specify an extended timeout period.
Specify the extended timeout period using Microsoft Intune
You can specify the cloud block timeout period with an endpoint security policy in Microsoft Intune.
Go to the Intune admin center (https://endpoint.microsoft.com/) and sign in.
Select Endpoint security, and then under Manage, choose Antivirus.
Select (or create) an antivirus policy.
In the Configuration settings section, expand Cloud protection. Then, in the Microsoft Defender Antivirus Extended Timeout In Seconds box, specify the more time, in seconds, from 1 second to 50 seconds. Whatever you specify is added to the default 10 seconds.
(This step is optional) Make any other changes to your antivirus policy. (Need help? See Settings for Microsoft Defender Antivirus policy in Microsoft Intune.)
Choose Next, and finish configuring your policy.
Specify the extended timeout period using Group Policy
You can use Group Policy to specify an extended timeout for cloud checks.
On your Group Policy management computer, open the Group Policy Management Console
Right-click the Group Policy Object you want to configure and then select Edit.
In the Group Policy Management Editor, go to Computer configuration, and then select Administrative templates.
Expand the tree to Windows components > Microsoft Defender Antivirus > MpEngine.
Double-click Configure extended cloud check and ensure the option is enabled.
Specify the extra amount of time to prevent the file from running while waiting for a cloud determination. Specify the extra time, in seconds, from 1 second to 50 seconds. Whatever you specify is added to the default 10 seconds.
If you're looking for Antivirus related information for other platforms, see:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.