Information
This setting determines whether hash values are computed for files scanned by Microsoft Defender.
The recommended state for this setting is: Enable
When running an antivirus solution such as Microsoft Defender Antivirus, it is important to ensure that it is configured to monitor for suspicious and known malicious activity. File hashes are a reliable way of detecting changes to files, and can speed up the scan process by skipping files that have not changed since they were last scanned and determined to be safe. A changed file hash can also be cause for additional scrutiny.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enable
Defender\Enable File Hash Computation
Impact:
This setting could cause performance degradation during initial deployment and for users where new executable content is frequently being created (such as software developers), or where applications are frequently installed or updated.
For more information on this setting, please visit
Security baseline (FINAL): Windows 10 and Windows Server, version 2004 - Microsoft Tech Community - 1543631
.
Note: The impact of this setting should be monitored closely during deployment to ensure user and system performance impact is within acceptable limits.