Sep 30 2024 01:13 AM
Hi everyone,
I am trying to find a way to disable our users ability to release files from quarantine in 'protection history'. For example, if a user downloads a malware or creates an EICAR file, it gets quarantined by Defender. From here, the user has the ability to release the file from 'Protection History'.
I am trying to remove this ability.
My idea was to remove the whole page through GPO, or maybe find a registry key that enables/disables this view but havent found anything.
We already hide the virus threat protection UI. However, the protection history is still accessible to users.
Oct 07 2024 01:41 AM
Solution
Unfortuntately, it's not possible to just remove the "Protection History" menu.
It is possible though to completely disable the Windows Security Center by disabling all tiles (Account Protection, Device Security, Family UI, ...).
The user will then see the following notification when opening the Security Center.
If the user is a local admin they will still be able to retrieve a file from quarantine via mpcmdrun though.
Oct 09 2024 10:47 PM
Oct 10 2024 11:44 PM
Check out the polices under "Computer Configuration\Administrative Templates\Windows Components\Windows Security"
You will have to enable every setting under Windows Security that starts with "Hide ...", e.g. "Hide the Account protection area" under "Account protection"
Yes, this will also hide/disable the Security Center for local admins.
Oct 07 2024 01:41 AM
Solution
Unfortuntately, it's not possible to just remove the "Protection History" menu.
It is possible though to completely disable the Windows Security Center by disabling all tiles (Account Protection, Device Security, Family UI, ...).
The user will then see the following notification when opening the Security Center.
If the user is a local admin they will still be able to retrieve a file from quarantine via mpcmdrun though.