Windows 10 How to prevent popup "Threats found" from Defender? Partial (!) disabling

P

pstein

Extraordinary Member
Joined
Mar 20, 2010
Sometimes when I copy large directory trees a popup from Windows Defender appears in the lower right corner telling me:

Virus & threat protection
Threats found
Windows Defender Antivirus found treats. Get Details

A bell rings and the copy operation of this file is aborted.

How can I limit the warning output/action of Windows Defender?

If a threat is found:

- NO popup should appear
- NO bell should ring
- The copy operation should NOT be aborted

However I DO NOT want to completely disable Windows Defender:

The number of found threats in the tiny icon in SysTray should still be increased by 1.
Furthermore I still want to be able to initiate a manual (!) scan over a dir tree by selecting "Scan with Windows Defender" from context menu of File Explorer.

How can I achieve this?

Thank you
Peter
 
You should be able to disable pop-ups under System Settings > Privacy > Notifications and turn off notifications for Defender. That should also disable the sound since it's tied to notifications. This will disable all notifications for defender as there is no way to disable just threat notifications. Also there is no way to stop the copy operation block.
 
There a number of options you can set via the Powershell command. There maybe a way to change the behavior although I don't use defender.

PS F:\> get-help Set-MpPreference

NAME
Set-MpPreference

SYNOPSIS
Configures preferences for Windows Defender scans and updates.


SYNTAX
Set-MpPreference [-CheckForSignaturesBeforeRunningScan <Boolean>] [-CimSession <CimSession[]>] [-DisableArchiveScanning <Boolean>] [-DisableAutoExclusions <Boolean>] [-DisableBehaviorMonitoring <Boolean>] [-DisableCatchupFullScan <Boolean>]
[-DisableCatchupQuickScan <Boolean>] [-DisableEmailScanning <Boolean>] [-DisableIntrusionPreventionSystem <Boolean>] [-DisableIOAVProtection <Boolean>] [-DisablePrivacyMode <Boolean>] [-DisableRealtimeMonitoring <Boolean>] [-DisableRemovableDriveScanning <Boolean>]
[-DisableRestorePoint <Boolean>] [-DisableScanningMappedNetworkDrivesForFullScan <Boolean>] [-DisableScanningNetworkFiles <Boolean>] [-DisableScriptScanning <Boolean>] [-ExclusionExtension <String[]>] [-ExclusionPath <String[]>] [-ExclusionProcess <String[]>]
[-Force] [-HighThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] [-LowThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] [-MAPSReporting {Disabled | Basic | Advanced}]
[-ModerateThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] [-QuarantinePurgeItemsAfterDelay <UInt32>] [-RandomizeScheduleTaskTimes <Boolean>] [-RealTimeScanDirection {Both | Incoming | Outcoming}] [-RemediationScheduleDay
{Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] [-RemediationScheduleTime <DateTime>] [-ReportingAdditionalActionTimeOut <UInt32>] [-ReportingCriticalFailureTimeOut <UInt32>] [-ReportingNonCriticalTimeOut <UInt32>]
[-ScanAvgCPULoadFactor <Byte>] [-ScanOnlyIfIdleEnabled <Boolean>] [-ScanParameters {QuickScan | FullScan}] [-ScanPurgeItemsAfterDelay <UInt32>] [-ScanScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}]
[-ScanScheduleQuickScanTime <DateTime>] [-ScanScheduleTime <DateTime>] [-SevereThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] [-SignatureAuGracePeriod <UInt32>] [-SignatureDefinitionUpdateFileSharesSources <String>]
[-SignatureDisableUpdateOnStartupWithoutEngine <Boolean>] [-SignatureFallbackOrder <String>] [-SignatureFirstAuGracePeriod <UInt32>] [-SignatureScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}]
[-SignatureScheduleTime <DateTime>] [-SignatureUpdateCatchupInterval <UInt32>] [-SignatureUpdateInterval <UInt32>] [-SubmitSamplesConsent {None | Always | Never}] [-ThreatIDDefaultAction_Actions <ThreatAction[]>] [-ThreatIDDefaultAction_Ids <Int64[]>]
[-ThrottleLimit <Int32>] [-UILockdown <Boolean>] [-UnknownThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] [<CommonParameters>]


DESCRIPTION
The Set-MpPreference cmdlet configures preferences for Windows Defender scans and updates. You can modify exclusion file name extensions, paths, or processes, and specify the default action for high, moderate, and low threat levels.


RELATED LINKS
Online Version: Set-MpPreference
Add-MpPreference
Get-MpPreference
Remove-MpPreference

REMARKS
To see the examples, type: "get-help Set-MpPreference -examples".
For more information, type: "get-help Set-MpPreference -detailed".
For technical information, type: "get-help Set-MpPreference -full".
For online help, type: "get-help Set-MpPreference -online"
 
You must log in or register to reply here.

Similar threads

E
How to prevent "Microsoft defender SmartScreen prevented an unrecognised app" warning for my own python based app
Replies
3
Views
176
ussnorway
ussnorway
Russ Du Preez
Windows 11 Hacked - Fileless Malware : how do I block incoming requests through bluetooth/wifi at the login screen?
Replies
1
Views
1K
ChatGPT
ChatGPT
A
Windows 10 Howto disable Windows Defender periodic auto-scan
Replies
1
Views
493
aboka
A
News
Inspired by challenges in your workday: latest innovations and updates from Microsoft Edge
Replies
0
Views
1K
News
News
News
Announcing Windows 11 Insider Preview Build 22610
Replies
0
Views
2K
News
News
Back
Top Bottom