If we click Reputation-based protection settings, we see that Block Apps is enabled, but Block Downloads is not enabled. However, the Windows Security icon is showing an exclamation mark, and if we open Windows Security, under App & browser control, we see a warning that "The setting to block unwanted apps is turned off".
In the Antimalware policy, we enable the option to Block potentially unwanted applications. We use SCCM Endpoint Protection Policies to deploy Antimalware policy to machines. All my research and testing has shown that making changes to PUA (Potentially unwanted Applications) with registry, GPO or powershell only seems to affect the Block Apps setting.We are using Windows 10 (1909 and 20H2) with SCCM 2010 (and a Cloud Management Gateway for remote machines) and are moving to using Defender and managing it with SCCM. The only way I can think of enabling the Block Downloads option on all machines would be to use a group policy (a group policy isn't really a valid option for me, as most of our machines do not have VPN access so I can't reliably use GPOs at the moment), a registry file, or a powershell command.
As we are migrating to Defender on over 4000 machines, it is not practical to login to each machine to remove this warning, especially seeing as 90% of our machines are currently working remotely. The only way to get the exclamation mark warning to go away is to select Block Downloads or click Dismiss, and doing so means having to provide admin credentials (our users do not have local admin rights on their machines). We are using Windows 10 (1909 and 20H2) with SCCM 2010 (and a Cloud Management Gateway for remote machines) and are moving to using Defender and managing it with SCCM.
0 kommentar(er)
