Forum Discussion

icarionc's avatar
icarionc
Copper Contributor
Sep 30, 2024
Solved

Hide protection history from users

Hi everyone,

 

I am trying to find a way to disable our users ability to release files from quarantine in 'protection history'. For example, if a user downloads a malware or creates an EICAR file, it gets quarantined by Defender. From here, the user has the ability to release the file from 'Protection History'.

 

I am trying to remove this ability.

 

My idea was to remove the whole page through GPO, or maybe find a registry key that enables/disables this view but havent found anything.

 

We already hide the virus threat protection UI. However, the protection history is still accessible to users.

  • am1357's avatar
    am1357
    Oct 07, 2024

    icarionc 

     

    Unfortuntately, it's not possible to just remove the "Protection History" menu.

     

    It is possible though to completely disable the Windows Security Center by disabling all tiles (Account Protection, Device Security, Family UI, ...).

    The user will then see the following notification when opening the Security Center.

     

     

    If the user is a local admin they will still be able to retrieve a file from quarantine via mpcmdrun though.

3 Replies

  • am1357's avatar
    am1357
    Brass Contributor
    Oct 07, 2024

    icarionc 

     

    Unfortuntately, it's not possible to just remove the "Protection History" menu.

     

    It is possible though to completely disable the Windows Security Center by disabling all tiles (Account Protection, Device Security, Family UI, ...).

    The user will then see the following notification when opening the Security Center.

     

     

    If the user is a local admin they will still be able to retrieve a file from quarantine via mpcmdrun though.

    • icarionc's avatar
      icarionc
      Copper Contributor
      Oct 10, 2024
      Hey am1357

      Was afraid that would be the answer.

      Ive checked through GPO and documentations and couldnt find a way to hide the whole security UI. Could you provide how to accomplish this or point me in the direction of documentation please.

      And also, would the UI still be blocked for users with local admin rights?

      Thanks!
      • am1357's avatar
        am1357
        Brass Contributor
        Oct 11, 2024

        icarionc 

         

        Check out the polices under "Computer Configuration\Administrative Templates\Windows Components\Windows Security"

         

         

        You will have to enable every setting under Windows Security that starts with "Hide ...", e.g. "Hide the Account protection area" under "Account protection"

         

        Yes, this will also hide/disable the Security Center for local admins.

         

        Also see https://learn.microsoft.com/en-us/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center

         

         

Resources