Windows 10: Microsoft Defender setup--Is this reasonable and correct?

Im using Microsoft Defender on my workstation running Windows 10 Pro 20H2 19042.662. Could some of you folks please review my Defender settings and let me know if I missed anything? Is anything off that should be on, etc.? Perhaps someone has a "pet" setting or has experience with a trap I've fallen into.

Some of the PowerShell settings dont seem documented very well and some not at all. I think I set things up okay but its kind of hard to be sure without someone else reviewing.

Thanks

1. Turned on all the GUI Defender features
2. Set Powershell parameters shown below
3. Installed the extension for Chrome browser
3. Ran all my applications, allowing in GUI, and added folders for Controlled Folder Access.
4. Scheduled a daily Quick Scan with Task Scheduler (did not alter the task Microsoft includes)
5. Set Update out-of-date notification to 2 days in Group Policy
6. Turned on all 15 Attack Surface Reduction rules in Group Policyaudited at first, but now all 1 (block).

Here is Get-MpPreference and Get-MpComputerStatus output:


Get-MpPreference:

AllowNetworkProtectionOnWinServer: False
AttackSurfaceReductionOnlyExclusions :
AttackSurfaceReductionRules_Actions : {1, 1, 1, 1...}
AttackSurfaceReductionRules_Ids : {01443614-cd74-433a-b99e-2ecdc07bfc25, 26190899-1602-49e8-8b27-eb1d0a1ce869,
3B576869-A4EC-4529-8536-B80A7769E899, 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC...}
CheckForSignaturesBeforeRunningScan : True
CloudBlockLevel : 4
CloudExtendedTimeout : 50
ComputerID : 4729EA54-AF78-2314-AB87-73838390AADD
ControlledFolderAccessAllowedApplications : {C:\Program Files (x86)\Hard Disk Sentinel\hdsentinel.exe, C:\Program Files (x86)\Samsung\Samsung
Magician\SamsungMagician.exe, C:\Program Files (x86)\Seagate\SeaTools for Windows\stxcon.exe}
ControlledFolderAccessProtectedFolders : {H:\Projects, H:\Boards, H:\Documents, H:\Downloads...}
DisableArchiveScanning : False
DisableAutoExclusions : False
DisableBehaviorMonitoring : False
DisableBlockAtFirstSeen : False
DisableCatchupFullScan : False
DisableCatchupQuickScan : False
DisableCpuThrottleOnIdleScans : True
DisableDatagramProcessing : False
DisableEmailScanning : False
DisableIntrusionPreventionSystem :
DisableIOAVProtection : False
DisablePrivacyMode : False
DisableRealtimeMonitoring : False
DisableRemovableDriveScanning : False
DisableRestorePoint : True
DisableScanningMappedNetworkDrivesForFullScan : True
DisableScanningNetworkFiles : False
DisableScriptScanning : False
EnableControlledFolderAccess : 1
EnableFileHashComputation : True
EnableFullScanOnBatteryPower : False
EnableLowCpuPriority : False
EnableNetworkProtection : 1
ExclusionExtension :
ExclusionIpAddress :
ExclusionPath :
ExclusionProcess :
ForceUseProxyOnly : False
HighThreatDefaultAction : 0
LowThreatDefaultAction : 0
MAPSReporting : 2
MeteredConnectionUpdates : False
ModerateThreatDefaultAction : 0
ProxyBypass :
ProxyPacUrl :
ProxyServer :
PUAProtection : 1
QuarantinePurgeItemsAfterDelay : 90
RandomizeScheduleTaskTimes : True
RealTimeScanDirection : 0
RemediationScheduleDay : 0
RemediationScheduleTime : 02:00:00
ReportingAdditionalActionTimeOut : 10080
ReportingCriticalFailureTimeOut : 10080
ReportingNonCriticalTimeOut : 1440
ScanAvgCPULoadFactor : 50
ScanOnlyIfIdleEnabled : False
ScanParameters : 1
ScanPurgeItemsAfterDelay : 15
ScanScheduleDay : 0
ScanScheduleQuickScanTime : 00:00:00
ScanScheduleTime : 02:00:00
SevereThreatDefaultAction : 0
SharedSignaturesPath :
SignatureAuGracePeriod : 0
SignatureBlobFileSharesSources :
SignatureBlobUpdateInterval : 60
SignatureDefinitionUpdateFileSharesSources :
SignatureDisableUpdateOnStartupWithoutEngine : False
SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 120
SignatureScheduleDay : 8
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 1
SubmitSamplesConsent : 1
ThreatIDDefaultAction_Actions :
ThreatIDDefaultAction_Ids :
UILockdown : False
UnknownThreatDefaultAction : 0
PSComputerName :


Get-MpComputerStatus:


AMEngineVersion : 1.1.17600.5
AMProductVersion : 4.18.2011.6
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2011.6
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 12/7/2020 4:45:20 AM
AntispywareSignatureVersion : 1.327.2245.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 12/7/2020 4:45:21 AM
AntivirusSignatureVersion : 1.327.2245.0
BehaviorMonitorEnabled : True
ComputerID : 4729EA54-AF78-2314-AB87-73838390AADD
ComputerState : 0
FullScanAge : 9
FullScanEndTime : 11/28/2020 3:10:22 PM
FullScanStartTime : 11/28/2020 7:05:52 AM
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 1
LastQuickScanSource : 1
NISEnabled : True
NISEngineVersion : 1.1.17600.5
NISSignatureAge : 0
NISSignatureLastUpdated : 12/7/2020 4:45:21 AM
NISSignatureVersion : 1.327.2245.0
OnAccessProtectionEnabled : True
QuickScanAge : 0
QuickScanEndTime : 12/7/2020 4:46:10 AM
QuickScanStartTime : 12/7/2020 4:45:13 AM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
PSComputerName :

:)

 

Windows Defender error: "Not in correct state" on Windows 10

Hi,

Thank you for posting in Microsoft Community and being part of Windows 10.

Provide us the additional information to assist you better:

• What is the complete error message of this issue?
• When exactly are you facing this issue?

I suggest you to refer to the below thread check if your issue matches with the same.

If so, I recommend you to try the troubleshooting steps mentioned by CJ. Eichholz [MSFT]
on December 12, 2015 and check if it helps.

Can't scan- "Windows Defender is not in the correct state to perform the
required operation"

Hope it helps. Get back to us with an updated status of this issue for further assistance.

 

Windows Defender Anitvirus

Hello,

There are multiple reasons why you are having issues, enabling Windows Defender. To assist you with your concern, you can refer to
PrashantKumar96's
Forum Article on how to fix Windows Defender not starting.

We suggest that you try the troubleshooting steps listed there, especially the number six troubleshooting step.

Let us know of the outcome.

Regards.

 

defender scans

Hi Ian,

Thanks for posting your query on Microsoft Community.

This issue might occur if you have set any task scheduler for Windows Defender.

I suggest you to delete the task for Windows defender and check if it helps.

Follow the below steps:

• 
  Search and open Schedule tasks.
  
• 
  In the left-hand menu, open the Task Scheduler Library, then select
  Microsoft >Windows >Windows Defender.
  
• 
  Double-click Windows Defender Scheduled Scan.
  
• 
  Select the Triggers panel, then select Delete.
  

Hope it helps, reply to us with the status of your issue. We will be happy to assist you.