Turn on definition retirement

Applies to:

You can configure definition retirement using Group Policy. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system isn't vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol is retired, then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up to date with all the latest security updates, network protection has no impact on network performance.

Use Group Policy to configure definition retirement

  1. On your Group Policy management endpoint, open the Group Policy Management Console.

  2. Go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Network Inspection System.

  3. Select Turn on definition retirement. By default, this policy is enabled. If set Not configured, definition retirement is enabled.

  4. To edit the policy, select the edit policy setting link.

  5. Select Enabled, and then select OK.

  6. Deploy your updated Group Policy Object. See Group Policy Management Console.


Are you using Group Policy Objects on premises? See how they translate in the cloud. Analyze your on-premises group policy objects using Group Policy analytics in Microsoft Intune.


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.