TrustedImageIdentifier specifies a unique identifier that signals that the files that are installed on the computer have already been scanned, and do not require additional on-access scans by Microsoft Defender. Microsoft Defender is a Microsoft application that can help to prevent, remove, and quarantine malware and spyware.
By default, Microsoft Defender performs a scan of each file on the computer when the computer accesses the file for the first time. This is known as an on-access scan. When Microsoft Defender performs a quick scan or a full scan (also known as on-demand scans), the rest of the files on the system will be marked as safe.
If you set a trusted image identifier, Microsoft Defender does not perform on-access scans of the individual files that belong to the trusted image. This can increase system speed.
Note If you have already deployed a series of computers, and then later determine that there is a potential problem with the security of the image, contact your Depth Project Manager (PM) within the Windows Ecosystem Engagement team, and provide the unique identifier of the image. Microsoft will add this unique identifier into Windows Update. After a computer with that unique identifier receives updates from Windows Update, Microsoft Defender performs scans on all of the files on that computer.
Specifies a Trusted_identifier_ID value. Trusted_identifier_ID is a string.
We recommend that you use a unique identifier, such as a GUID, for the value of this setting. Using a GUID allows you to easily identify the image.
Valid Configuration Passes
Security-Malware-Windows-Defender | TrustedImageIdentifier
For Windows Windows Server 2016 editions, Microsoft Defender is installed with the operating system.
This setting does not apply to Windows Server 2012 editions.
For a full list of the Windows editions and architectures that this component supports, see Security-Malware-Windows-Defender.
The following XML output shows how to signal Microsoft Defender so that it does not scan the current set of files.