Ovaj preglednik više nije podržan.
Prijeđite na Microsoft Edge, gdje vas čekaju najnovije značajke, sigurnosna ažuriranja i tehnička podrška.
To enhance your endpoint security experience, Microsoft is releasing the Microsoft Defender Core service to help with the stability and performance of Microsoft Defender Antivirus.
The Microsoft Defender Core service is releasing with Microsoft Defender Antivirus platform version 4.18.23110.2009.
Rollout is planned to begin as follows:
November 2023 to prerelease customers.
Mid April 2024 to Enterprise customers running Windows clients.
Beginning of July 2024 to U.S. Government customers running Windows clients.
Mid January 2025 to Enterprise customers running Windows Server.
If you're using the Microsoft Defender for Endpoint streamlined device connectivity experience, you don't need to add any other URLs.
If you're using the Microsoft Defender for Endpoint standard device connectivity experience:
Enterprise customers should allow the following URLs:
*.endpoint.security.microsoft.comecs.office.com/config/v1/MicrosoftWindowsDefenderClient*.events.data.microsoft.comIf you don't want to use the wildcards for *.events.data.microsoft.com, you can use:
us-mobile.events.data.microsoft.com/OneCollector/1.0eu-mobile.events.data.microsoft.com/OneCollector/1.0uk-mobile.events.data.microsoft.com/OneCollector/1.0au-mobile.events.data.microsoft.com/OneCollector/1.0mobile.events.data.microsoft.com/OneCollector/1.0Enterprise U.S. Government customers should allow the following URLs:
*.events.data.microsoft.com*.endpoint.security.microsoft.us (GCC-H & DoD)*.gccmod.ecs.office.com (GCC-M)*.config.ecs.gov.teams.microsoft.us (GCC-H)*.config.ecs.dod.teams.microsoft.us (DoD)If you're using Application Control for Windows, or you're running non-Microsoft antivirus or endpoint detection and response software, make sure to add the processes mentioned earlier to your allowlist.
Consumers don't need to take any actions to prepare.
The following table summarizes where you can view Microsoft Defender Antivirus processes and services (MdCoreSvc) using Task Manager on Windows devices.
| Process or service | Where to view its status |
|---|---|
Antimalware Core Service |
Processes tab |
MpDefenderCoreService.exe |
Details tab |
Microsoft Defender Core Service |
Services tab |
To learn more about the Microsoft Defender Core service configurations and experimentation (ECS), see Microsoft Defender Core service configurations and experimentation.
We highly recommend keeping the default settings of the Microsoft Defender Core service running and reporting.
Review Microsoft Defender for Endpoint data storage and privacy.
You can enforce it by using any of these management tools:
Microsoft Configuration Manager has an integrated ability to run PowerShell scripts to update Microsoft Defender Antivirus policy settings across all computers in your network.
######
#ConfigMgr Management of Microsoft Defender Core service enforcement
#"Microsoft Defender Core service is a new service to help keep the reliability and performance of Microsoft Defender Antivirus.
#Check Log File for enforcement status - C:\Windows\temp\ConfigDefenderCoreService-<TimeStamp>.log
######
Function Set-RegistryKeyValue{
param (
$KeyPath,
$ValueName,
$Value,
$PropertyType,
$LogFile
)
Try {
If (!(Test-path $KeyPath)) {
$Path = ($KeyPath.Split(':'))[1].TrimStart("\")
([Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine,$env:COMPUTERNAME)).CreateSubKey($Path)
New-ItemProperty -path $KeyPath -name $ValueName -value $Value -PropertyType $PropertyType -Force | Out-Null
}
Else {
New-ItemProperty -path $KeyPath -name $ValueName -value $Value -PropertyType $PropertyType -Force | Out-Null
}
$TestValue = (Get-ItemProperty -Path $KeyPath)."$ValueName"
If ($TestValue -eq $Value){ Add-Content -Path $LogFile -Value "$KeyPath,$ValueName,$Value,$PropertyType,$TestValue,Success" }
Else { Add-Content -Path $LogFile -Value "$KeyPath,$ValueName,$Value,$PropertyType,$TestValue,Failure" }
}
Catch {
$ExceptionMessage = $($PSItem.ToString()) -replace [Environment]::NewLine,"";
Add-Content -Path $LogFile -Value "$KeyPath,$ValueName,$Value,$PropertyType,$TestValue,Failure - $ExceptionMessage"
}
}
$ExecutionTime = Get-Date
$StartTime = Get-Date $ExecutionTime -Format yyyyMMdd-HHmmss
$LogFile = "C:\Windows\temp\ConfigDevDrive-$StartTime.log"
Add-Content -Path $LogFile -Value "------------------------------------V 1.0
$ExecutionTime - Execution Starts -------------------------------------------"
Add-Content -Path $LogFile -Value "RegistryKeyPath,ValueName,ExpectedValue,PropertyType,CurrentValue,ComparisonResult"
#Set up Microsoft Defender Core service
Set-RegistryKeyValue -KeyPath "HKLM:\Software\Policies\Microsoft\Windows Defender\Features\" -ValueName "DisableCoreService1DSTelemetry" -Value "0" -PropertyType "Dword" -LogFile $LogFile
Set-RegistryKeyValue -KeyPath "HKLM:\Software\Policies\Microsoft\Windows Defender\Features\" -ValueName "DisableCoreServiceECSIntegration" -Value "0" -PropertyType "Dword" -LogFile $LogFile
$ExecutionTime = Get-Date
Add-Content -Path $LogFile -Value "------------------------------------
$ExecutionTime - Execution Ends -------------------------------------------"
When adding a new script, you must select and approve it. The approval state changes from Waiting for approval to Approved. Once approved, right-click a single device or device collection, and select Run script.
On the script page of the Run Script wizard, choose your script from the list (Microsoft Defender Core service enforcement in our example). Only approved scripts are displayed. Select Next and complete the wizard.
Download the latest Microsoft Defender Group Policy Administrative Templates from here.
Set up the Domain Controller Central Repository.
Napomena
Copy the .admx, and separately the .adml to the En-US folder.
Start, GPMC.msc (e.g. Domain Controller or) or GPEdit.msc
Go to Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus
Turn on Experimentation and Configuration Service (ECS) integration for Defender core service
Turn on telemetry for Defender core service
Go to Start, and run PowerShell as an administrator.
Use the Set-MpPreferences -DisableCoreServiceECSIntegration $true or $false command, where $false = enabled and $true = disabled. For example:
Set-MpPreferences -DisableCoreServiceECSIntegration $false
Use the Set-MpPreferences -DisableCoreServiceTelemetry $true or $false command, for example:
Set-MpPreferences -DisableCoreServiceTelemetry $true
Select Start, and then open Regedit.exe as an administrator.
Go to HKLM\Software\Policies\Microsoft\Windows Defender\Features
Set the values:
DisableCoreService1DSTelemetry (dword) 0 (hex)
0 = Not configured, enabled (default)
1 = Disabled
DisableCoreServiceECSIntegration (dword) 0 (hex)
0 = Not configured, enabled (default)
1 = Disabled
Obuka
Modul
MD-102 2-Manage Microsoft Defender for Endpoint - Training
This module explores using Microsoft Defender for Endpoint to provide additional protection and monitor devices against threats.
Certifikacija
Microsoft 365 Certified: Endpoint Administrator Associate - Certifications
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.
Dokumentacija
Microsoft Defender Antivirus in Windows Overview - Microsoft Defender for Endpoint
Learn how to manage, configure, and use Microsoft Defender Antivirus, built-in antimalware and antivirus protection.
Learn about Microsoft Defender Antivirus with other security products and the operating systems.
Microsoft Defender Core service configurations and experimentation - Microsoft Defender for Endpoint
Understand the interaction between Microsoft Defender Core Service and the Experimentation and Configuration Service (ECS).