Windows 10: Enable Windows Defender Block at First Sight in Windows 10

Discus and support Enable Windows Defender Block at First Sight in Windows 10 in Windows 10 Tutorials to solve the problem; How to: Enable Windows Defender Block at First Sight in Windows 10 How to Enable or Disable Windows Defender Block at First Sight in Windows 10... Discussion in 'Windows 10 Tutorials' started by Cliff S, Nov 19, 2016.

  1. CLIFF S
    Cliff S New Member

    Enable Windows Defender Block at First Sight in Windows 10


    How to: Enable Windows Defender Block at First Sight in Windows 10

    How to Enable or Disable Windows Defender Block at First Sight in Windows 10


    Windows Defender Antivirus helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC without your knowledge: it might install itself from an email message, when you connect to the Internet, or when you install certain apps using a USB flash drive, CD, DVD, or other removable media. Some malware can also be programmed to run at unexpected times, not only when it's installed.

    version 1607) that provides a way to detect and block new malware within seconds. Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work.

    See also: Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection | Microsoft Docs

    How Block at First Sight works



    When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.

    If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file.

    In many cases this process can reduce the response time to new malware from hours to seconds.

    *note Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files.

    This tutorial will show you how to enable or disable the Block at First Sight cloud protection feature in Windows Defender for all users in Windows 10.

    *Warning You must be signed in as an administrator to be able to enable or disable Block at First Sight.


    CONTENTS:
    • Option One: To Turn On or Off Windows Defender Block at First Sight in Settings
    • Option Two: To Enable Windows Defender Block at First Sight in Group Policy
    • Option Three: To Disable Windows Defender Block at First Sight in Group Policy
    • Option Four: To Enable or Disable Windows Defender Block at First Sight using a REG file




    OPTION ONE [/i] To Turn On or Off Windows Defender Block at First Sight in Settings
    *note You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as Cloud-based protection and Automatic sample submission are both turned on.

    If you enabled Block at First Site using Option Two or Option Four below, then the settings in this option will be grayed out.
    1. Open Windows Security, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    2. Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    3. Do step 4 (on) or step 5 (off) below for what you want to do.


    4. To Turn On Block at First Sight Cloud Protection in Windows Defender
    *note This is the default setting.
    A) Turn on Real-time protection. (see screenshot below)

    B) Turn on Cloud-delivered protection.

    C) Turn on Automatic sample submission, and go to step 6 below.

    5. To Turn Off Block at First Sight Cloud Protection in Windows Defender
    A) Turn off Cloud-delivered protection. (see screenshot below)

    B) Turn off Automatic sample submission, and go to step 6 below.
    6. When finished, you can close Windows Security if you like.


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]






    OPTION TWO [/i] To Enable Windows Defender Block at First Sight in Group Policy
    *note This option will override Option One.

    Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Four below to enable Block at First Sight using a .reg file instead.
    1. Open the Local Group Policy Editor.

    2. Navigate to the location below in the left pane of Local Group Policy Editor. (see screenshot below)
    *Arrow Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus/MAPS


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    3. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Configure the ‘Block at First Sight’ feature policy to edit it. (see screenshot above)
    A) Select (dot) Enabled, and click/tap on OK. (see screenshot below)


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    4. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Join Microsoft MAPS policy to edit it. (see screenshot below)

    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]


    A) Select (dot) Enabled. (see screenshot below)

    B) Select Advanced MAPS under Options, and click/tap on OK.

    *note [B]Advanced MAPS[/B] membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    5. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Send file samples when further analysis is required policy to edit it. (see screenshot below)

    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]


    A) Select (dot) Enabled. (see screenshot below)

    B) Select Send safe samples or Send all samples under Options for what you want, and click/tap on OK.


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    6. Navigate to the location below in the left pane of Local Group Policy Editor. (see screenshot below)
    *Arrow Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus/Real-time Protection


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    7. In the right pane of Real-time Protection in Local Group Policy Editor, double click/tap on the Turn off real-time protection policy to edit it. (see screenshot above)
    A) Select (dot) Disabled, and click/tap on OK. (see screenshot below)


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    8. In the right pane of Real-time Protection in Local Group Policy Editor, double click/tap on the Scan all downloaded files and attachments policy to edit it. (see screenshot below)

    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]


    A) Select (dot) Enabled, and click/tap on OK. (see screenshot below)


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    9. When finished, you can close the Local Group Policy Editor if you like.




    OPTION THREE [/i] To Disable Windows Defender Block at First Sight in Group Policy
    *note You may choose to disable the Block at First Sight feature if you want to retain the pre-requisite settings without using Block at First Sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.

    Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Four below to disable Block at First Sight using a .reg file instead.
    1. Open the Local Group Policy Editor.

    2. Navigate to the location below in the left pane of Local Group Policy Editor. (see screenshot below)
    *Arrow Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus/MAPS


    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    3. In the right pane of MAPS in Local Group Policy Editor, double click/tap on the Configure the ‘Block at First Sight’ feature policy to edit it. (see screenshot above)

    4. Select (dot) Disabled, and click/tap on OK. (see screenshot below)

    Enable Windows Defender Block at First Sight in Windows 10 [​IMG]

    5. When finished, you can close the Local Group Policy Editor if you like.




    OPTION FOUR [/i] To Enable or Disable Windows Defender Block at First Sight using a REG file
    *note The downloadable .reg files below will add and modify the DWORD values in the registry keys.

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
    DisableIOAVProtection DWORD
    • (delete) = Default Not Configured
    • 0 = Enable
    DisableRealtimeMonitoring DWORD
    • (delete) = Default Not Configured
    • 0 = Enable
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet
    DisableBlockAtFirstSeen DWORD
    • (delete) = Default Not Configured
    • 1 = Disable
    • 0 = Enable
    SpynetReporting DWORD
    • (delete) = Default Not Configured
    • 2 = Advanced MAPS
    SubmitSamplesConsent DWORD
    • (delete) = Default Not Configured
    • 1 = Send safe samples
    • 3 = Send all samples

    1. Do step 2 (enable with "Send safe samples"), step 3 (enable with "Send all sample"), step 4 (disable), or step 5 (default Not Configured) below for what you would like to do.


    2. To Enable Block at First Sight with "Send safe samples"
    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    EnableBlockAtFirstSight_AdvancedMAPS_SendSafeSamples.reg

    Download
    3. To Enable Block at First Sight with "Send all samples"
    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    EnableBlockAtFirstSight_AdvancedMAPS_SendAllSamples.reg

    Download
    4. To Disable Block at First Sight
    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Disable_BlockAtFirstSight.reg

    Download
    5. To Set Block at First Sight to Default "Not Configured"

    *note This is the default setting to set all Block at First Sight group polices back to "Not Configured".

    This will have the settings in Option One above to no longer be grayed out.
    A) Click/tap on the Download button below to download the file below, and go to step 6 below.

    Default_NotConfigured_BlockAtFirstSight.reg

    Download
    6. Save the .reg file to your desktop.

    7. Double click/tap on the downloaded .reg file to merge it.

    8. If prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

    9. If you like, you can now delete the downloaded .reg file.

    That's it,
    Shawn


    Related Tutorials

    :)
     
    Cliff S, Nov 19, 2016
    #1
  2. SUMIT DHIMAN2
    Sumit Dhiman2 Win User
    Sumit Dhiman2, Nov 19, 2016
    #2
  3. SUMIT DHIMAN2
    Sumit Dhiman2 Win User
    Sumit Dhiman2, Nov 19, 2016
    #3
Thema:

Enable Windows Defender Block at First Sight in Windows 10

Loading...

  1. Enable Windows Defender Block at First Sight in Windows 10 - Similar Threads - Enable Defender Block

  2. Windows 10 Defender blocking zoominstaller.exe

    in AntiVirus, Firewalls and System Security
    Windows 10 Defender blocking zoominstaller.exe: I would like to download Zoom onto this 2019 Lenovo IdeaPad240 bought at staple store. Windows Defender 10 blocks ALL downloads "… has a virus and was deleted..." I've tried every way I can find to shut off Windows 10 Defender. Upon downloading, I STILL get that same...

  3. Block at First Sight: Windows Defender blocking malware in SECONDS!

    in Windows 10 Ask Insider
    Block at First Sight: Windows Defender blocking malware in SECONDS!: [ATTACH] submitted by /u/TeamsMe [link] [comments] https://www.reddit.com/r/Windows10/comments/gptphp/block_at_first_sight_windows_defender_blocking/

  4. Enabling Ransomware in Windows Defender 10

    in AntiVirus, Firewalls and System Security
    Enabling Ransomware in Windows Defender 10: On trying to enable Ransomware protection I get the following error. Guide corrective action[ATTACH] https://answers.microsoft.com/en-us/windows/forum/all/enabling-ransomware-in-windows-defender-10/4594a130-6920-45b1-acb0-6238b6abd2a3"

  5. Blocking a sight

    in Windows 10 Customization
    Blocking a sight: I am coiming across various advertisement on snapdeal.com Kindly help blocking it in my browser. https://answers.microsoft.com/en-us/windows/forum/all/blocking-a-sight/6e8f5a51-f6e9-4f6e-b1b6-1a3db2d5af0c

  6. Windows Defender is not enabled

    in AntiVirus, Firewalls and System Security
    Windows Defender is not enabled: I have Win 8.1 OS, my Windows Defender is not working. Virus Protection: Windows defender is turned off and is currently being managed by your system administrator. Spyware and unwanted software Protection Windows defender is turned off and is currently being managed by...

  7. Enable block at first sight

    in AntiVirus, Firewalls and System Security
    Enable block at first sight: I just got this popup [img] I was in Firefox preferences at the time. When I clicked on the popup, it took me here Enable Block at First Sight to detect malware in seconds | Microsoft Docs I don't know what setting change caused this. I was coincidentally downloading...

  8. Configure the 'Block at First Sight' feature?

    in AntiVirus, Firewalls and System Security
    Configure the 'Block at First Sight' feature?: Windows Defender has this feature called Block at First Sight. Does this need to be set in Group Policy or could it be set in the Windows Defender Security GUI app? If so, please explain the steps. I know I have the Cloud protection enabled in the Defender app, but I don't...

  9. How to Enable Windows Defender Adware Blocking in Windows 10

    in AntiVirus, Firewalls and System Security
    How to Enable Windows Defender Adware Blocking in Windows 10: Microsoft now allows Windows Defender to detect PUAs [img] Microsoft has recently added a new adware protection system for enterprises, allowing them to detect and block Potentially Unwanted Applications (also known as PUAs) on their computers. But according to...

  10. Redstone RS1 - The first builds were sighted......!

    in Windows 10 News
    Redstone RS1 - The first builds were sighted......!: RS1 - The first builds were sighted......! *Wink 10.0.11073.1000.rs1_release.151120-2022 Source: https://buildfeed.net/build/2b60a5d7...medium=twitter [img] 10.0.11082.1000.rs1_release.151210-2021 [img] (Mobile Build) Source:...

Users found this page by searching for:

  1. Enable block at first sight

    ,

  2. How does one configure - Block-at-first-sight?

    ,

  3. enable block at first sight

    ,
  4. block at first sight,
  5. windows block at first sight and why am i getting notifications now,
  6. block at first sight enable windows 10 1803