Select cloud protection level

Information

This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files.
If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency.

For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
Note: This feature requires the 'Join Microsoft MAPS' setting enabled in order to function.
Possible options are:
(0x0) Default windows defender blocking level
(0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)
(0x4) High+ blocking level - aggressively block unknowns and apply additional protection measures (may impact client performance)
(0x6) Zero tolerance blocking level - block all unknown executables

Solution

Policy Path: Windows Components\Microsoft Defender Antivirus\MpEngine
Policy Setting Name: Select cloud protection level

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3

Plugin: Windows

Control ID: 5f68370ffbbf15398ecbf2198f0e3f51a502382d2ae7818efd5700ea93bb7fbc