SOLVED

Hide protection history from users

Copper Contributor

Hi everyone,

 

I am trying to find a way to disable our users ability to release files from quarantine in 'protection history'. For example, if a user downloads a malware or creates an EICAR file, it gets quarantined by Defender. From here, the user has the ability to release the file from 'Protection History'.

 

I am trying to remove this ability.

 

My idea was to remove the whole page through GPO, or maybe find a registry key that enables/disables this view but havent found anything.

 

We already hide the virus threat protection UI. However, the protection history is still accessible to users.

3 Replies
best response confirmed by icarionc (Copper Contributor)
Solution

@icarionc 

 

Unfortuntately, it's not possible to just remove the "Protection History" menu.

 

It is possible though to completely disable the Windows Security Center by disabling all tiles (Account Protection, Device Security, Family UI, ...).

The user will then see the following notification when opening the Security Center.

 

am1357_0-1728290432537.png

 

If the user is a local admin they will still be able to retrieve a file from quarantine via mpcmdrun though.

Hey @am1357

Was afraid that would be the answer.

Ive checked through GPO and documentations and couldnt find a way to hide the whole security UI. Could you provide how to accomplish this or point me in the direction of documentation please.

And also, would the UI still be blocked for users with local admin rights?

Thanks!

@icarionc 

 

Check out the polices under "Computer Configuration\Administrative Templates\Windows Components\Windows Security"

 

am1357_0-1728628857844.png

 

You will have to enable every setting under Windows Security that starts with "Hide ...", e.g. "Hide the Account protection area" under "Account protection"

 

Yes, this will also hide/disable the Security Center for local admins.

 

Also see https://learn.microsoft.com/en-us/windows/security/operating-system-security/system-security/windows...

 

am1357_1-1728629072127.png

 

1 best response

Accepted Solutions
best response confirmed by icarionc (Copper Contributor)
Solution

@icarionc 

 

Unfortuntately, it's not possible to just remove the "Protection History" menu.

 

It is possible though to completely disable the Windows Security Center by disabling all tiles (Account Protection, Device Security, Family UI, ...).

The user will then see the following notification when opening the Security Center.

 

am1357_0-1728290432537.png

 

If the user is a local admin they will still be able to retrieve a file from quarantine via mpcmdrun though.

View solution in original post