<html dir="ltr" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" gpmc_reportInitialized="false">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-16" />
<title>DoD Microsoft Defender Antivirus STIG Computer v2r7</title>
<!-- Styles -->
<style type="text/css">
                body    { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%; font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }

                table   { font-size:100%; table-layout:fixed; width:100%; }

                td,th   { overflow:visible; text-align:left; vertical-align:top; white-space:normal; }

                .title  { background:#FFFFFF; border:none; color:#333333; display:inline-table; height:24px; margin:0px,0px,0px,0px; padding-top:0px; position:relative; table-layout:fixed; z-index:5; }

                .he0_expanded    { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; }

                .he1_expanded    { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; }

                .he0h_expanded   { background-color: #FEF0D0; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 5px; margin-right: 0px; padding-left: 8px; padding-right: 5em; padding-top: 4px; position: relative;  }
                .he1h_expanded   { background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px; padding-right: 5em; padding-top: 4px; position: relative; }

                .he1    { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; }

                .he2    { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; }

                .he3    { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; }

                .he4    { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; }

                .he4h   { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; }

                .he4i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; position:relative; }

                .he2i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:35px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; position:relative;}
                .he5    { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; }

                .he5h   { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px; position:relative; }

                .he5i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top: 4px; position:relative; }

                div .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; position:absolute; right:10px; text-decoration:underline; z-index: 0; }

                .he0 .expando { font-size:100%; }

                .info, .info3, .info4, .disalign  { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; }

                .disalign TD                      { padding-bottom:5px; padding-right:10px; }

                .info TD                          { padding-right:10px; width:50%; }

                .info3 TD                         { padding-right:10px; width:33%; }

                .info4 TD, .info4 TH              { padding-right:10px; width:25%; }

                .info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; }

                .subtable, .subtable3             { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; }

                .subtable TD, .subtable3 TD       { padding-left:10px; padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; }

                .subtable TH, .subtable3 TH       { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em;  }

                .subtable .footnote               { border-top:1px solid #CCCCCC; }

                .subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; }

                .subtable_frame     { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; }

                .subtable_frame TD  { line-height:1.1em; padding-bottom:3px; padding-left:10px; padding-right:15px; padding-top:3px; }

                .subtable_frame TH  { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; }

                .subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; }

                .explainlink            { color:#0000FF; text-decoration:none; cursor:hand; }

                .explainlink:hover      { color:#0000FF; text-decoration:underline; }

                .spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px; margin-left:43px; margin-right:0px; padding-top: 4px; position:relative; }

                .filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; position:relative; }

                .container { display:block; position:relative; }

                .rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; }

                .rsopname { color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }

                .gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }

                .gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px; }

                #uri    { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; }

                #dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; }

                #objshowhide { color:#000000; cursor:hand; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; }

                #gposummary { display:block; }

                #gpoinformation { display:block; }

                @media print {

                    #objshowhide{ display:none; }

                    body    { color:#000000; border:1px solid #000000; }

                    .title  { color:#000000; border:1px solid #000000; }

                    .he0_expanded    { color:#000000; border:1px solid #000000; }

                    .he1h_expanded   { color:#000000; border:1px solid #000000; }

                    .he1_expanded    { color:#000000; border:1px solid #000000; }

                    .he1    { color:#000000; border:1px solid #000000; }

                    .he2    { color:#000000; background:#EEEEEE; border:1px solid #000000; }

                    .he3    { color:#000000; border:1px solid #000000; }

                    .he4    { color:#000000; border:1px solid #000000; }

                    .he4h   { color:#000000; border:1px solid #000000; }

                    .he4i   { color:#000000; border:1px solid #000000; }

                    .he5    { color:#000000; border:1px solid #000000; }

                    .he5h   { color:#000000; border:1px solid #000000; }

                    .he5i   { color:#000000; border:1px solid #000000; }

                    }

</style>
<!-- Scripts -->
<script type="text/javascript" language="javascript">
/*
String "strShowHide(0/1)"
0 = Hide all mode.
1 = Show all mode.
*/

var windowsArray = new Array();
var strShowHide = 1;

//Localized strings

var strShow = "show";
var strHide = "hide";
var strShowAll = "show all";
var strHideAll = "hide all";
var strShown = "shown";
var strHidden = "hidden";
var strExpandoNumPixelsFromEdge = "10px";


function IsSectionHeader(obj) {
    return (obj.className === "he0_expanded") || (obj.className === "he0h_expanded") || (obj.className === "he1h_expanded") || (obj.className === "he1_expanded") || (obj.className === "he1") || (obj.className === "he2") || (obj.className === "he3") || (obj.className === "he4") || (obj.className === "he4h") || (obj.className === "he5") || (obj.className === "he5h");
}

function IsSectionExpandedByDefault(objHeader) {
    if (objHeader === null) {
        return false;
    } else {
        return (objHeader.className.slice(objHeader.className.lastIndexOf("_")) === "_expanded");
    }
}

function SetSectionState(objHeader, strState) {
    var i = 0;
    var j;
    var all = objHeader.parentElement.ownerDocument.all;

    if (all === null) {
        return;
    }

    for (j = 0; j < all.length; j++) {
        if (all[j] === objHeader) {
            break;
        }
        i = i + 1;
    }

    for (j = i; j < all.length; j++) {
        if (all[i].className === "container") {
            break;
        }
        i = i + 1;
    }

    var objContainer = all[i];

    if (strState === "toggle") {
        if (objContainer.style.display === "none") {
            SetSectionState(objHeader, "show");
        }
        else {
            SetSectionState(objHeader, "hide");
        }
    }
    else {
        var objExpando = objHeader.children[1];

        if (strState === "show") {
            objContainer.style.display = "block";
            objExpando.innerText = strHide;
        }
        else if (strState === "hide") {
            objContainer.style.display = "none";
            objExpando.innerText = strShow;
        }
    }
}

function ShowSection(objHeader) {
    SetSectionState(objHeader, "show");
}

function HideSection(objHeader) {
    SetSectionState(objHeader, "hide");
}

function ToggleSection(objHeader) {
    SetSectionState(objHeader, "toggle");
}

/*================================================================================
' link at the top of the page to collapse/expand all collapsable elements
'================================================================================
*/
function objshowhide_onClick() {
    var obji;
    var objBody = document.body.getElementsByTagName("*");

    if (objBody === null) {
        return;
    }
    
    switch (strShowHide) {
        case 0:
            strShowHide = 1;
            window.objshowhide.innerText = strShowAll;
            for (obji = 0; obji < objBody.length; obji++) {
                if (objBody[obji].className !== 'undefined' && IsSectionHeader(objBody[obji])) {
                    HideSection(objBody[obji]);
                }
            }
            break;
        case 1:
            strShowHide = 0;
            window.objshowhide.innerText = strHideAll;
            for (obji = 0; obji < objBody.length; obji++) {
                if (objBody[obji].className !== 'undefined' && IsSectionHeader(objBody[obji])) {
                    ShowSection(objBody[obji]);
                }
            }
            break;
    }
}

/*================================================================================
' onload collapse all except the first two levels of headers (he0, he1)
'================================================================================*/
function window_onload() {
    // Only initialize once.  The UI may reinsert a report into the webbrowser control,
    // firing onLoad multiple times.
    if (document.documentElement.getAttribute("gpmc_reportInitialized").toUpperCase() !== "TRUE") {
        // Set text direction
        fDetDir(document.dir.toUpperCase());

        // Initialize sections to default expanded/collapsed state.
        var objBody = document.body.getElementsByTagName("*");

        if (objBody === null) {
            return;
        }

        for (var obji = 0; obji < objBody.length; obji++) {
            if (IsSectionHeader(objBody[obji])) {
                if (IsSectionExpandedByDefault(objBody[obji])) {
                    ShowSection(objBody[obji]);
                }
                else {
                    HideSection(objBody[obji]);
                }
            }
        }

        objshowhide.innerText = strShowAll;

        document.documentElement.setAttribute("gpmc_reportInitialized", "true");
    }
}

/*'================================================================================
' When direction (LTR/RTL) changes, change adjust for readability
'================================================================================
*/
function document_onPropertyChange() {
    if (window.event.propertyName === "dir") {
        fDetDir(document.dir.toUpperCase());
    }
}

function fDetDir(strDir) {
    var colRules;
    var nug;
    var i;
    var strClass;

    switch (strDir.toUpperCase()) {
        case "LTR":
            colRules = document.styleSheets[0].cssRules;
            if (colRules !== null && colRules !== undefined ) {            
                for (i = 0; i < colRules.length - 1; i++) {
                    nug = colRules[i];
                    strClass = nug.selectorText;
                    if (nug.style.textAlign === "right") {
                        nug.style.textAlign = "left";
                    }
                    switch (strClass) {
                        case "div .expando":
                            nug.style.Left = "";
                            nug.style.Right = strExpandoNumPixelsFromEdge;
                            break;
                        case "#objshowhide":
                            nug.style.textAlign = "right";
                            break;
                    }
                }
            }
            break;
        case "RTL":
            colRules = document.styleSheets[0].cssRules;
            if (colRules !== null && colRules !== undefined ) {            
                for (i = 0; i < colRules.length - 1; i++) {
                    nug = colRules[i];
                    strClass = nug.selectorText;
                    if (nug.style.textAlign === "left") {
                        nug.style.textAlign = "right";
                    }
                    switch (strClass) {
                        case "div .expando":
                            nug.style.Left = strExpandoNumPixelsFromEdge;
                            nug.style.Right = "";
                            break;
                        case "#objshowhide":
                            nug.style.textAlign = "left";
                            break;
                    }
                }
            }
            break;
    }
}

/*'================================================================================
'When printing reports, if a given section is expanded, let's says "shown" (instead of "hide" in the UI).
'================================================================================
*/
function window_onbeforeprint() {
    var obji;
    for (obji in document.all) {
        if (document.all.hasOwnProperty(obji)) {
            if (obji.className === "expando") {
                if (obji.innerText === strHide) {
                    obji.innerText = strShown;
                }
                if (obji.innerText === strShow) {
                    obji.innerText = strHidden;
                }
            }
        }
    }
}

/*================================================================================
'If a section is collapsed, change to "hidden" in the printout (instead of "show").
'================================================================================
*/
function window_onafterprint() {
    var obji;
    for (obji in document.all) {
        if (document.all.hasOwnProperty(obji)) {
            if (obji.className === "expando") {
                if (obji.innerText === strShown) {
                    obji.innerText = strHide;
                }
                if (obji.innerText === strHidden) {
                    obji.innerText = strShow;
                }
            }
        }
    }
}

/*================================================================================
' Adding keypress support for accessibility
'================================================================================
*/
function document_onkeypress(event) {
    var chCode = ('charCode' in event) ? event.charCode : event.keyCode;

    //space bar (32) or carriage return (13) or line feed (10)
    if (chCode == "32" || chCode == "13" || chCode == "10") {
        if (event.srcElement.className === "expando") {
            document_onclick();
            event.returnValue = false;
        }
        if (event.srcElement.className === "sectionTitle") {
            document_onclick();
            event.returnValue = false;
        }
        if (event.srcElement.id === "objshowhide") {
            objshowhide_onClick();
            event.returnValue = false;
        }
    }
}

/*================================================================================
' When user clicks anywhere in the document body, determine if user is clicking
' on a header element.
'================================================================================
*/
function document_onclick() {
    var strsrc = window.event.srcElement;

    while (strsrc.className === "sectionTitle" || strsrc.className === "expando") {
        strsrc = strsrc.parentElement;
    }

    // Only handle clicks on headers.
    if (!IsSectionHeader(strsrc)) {
        return;
    }

    ToggleSection(strsrc);

    window.event.returnValue = false;
}

function ToggleState(e) {
    var objParentDisplayItem;
    var objDisplayItem;
    var i;

    if (e.innerText === strShow) {
        e.innerText = strHide;
        objParentDisplayItem = e.parentNode;
        objDisplayItem = objParentDisplayItem.childNodes;
        for (i = 0; i < objDisplayItem.length; i++) {
            if (objDisplayItem[i].id === "showItem") {
                objDisplayItem[i].style.display = "Block";
            }
        }
    }
    else {
        e.innerText = strShow;
        objParentDisplayItem = e.parentNode;
        objDisplayItem = objParentDisplayItem.childNodes;
        for (i = 0; i < objDisplayItem.length; i++) {
            if (objDisplayItem[i].id === "showItem") {
                objDisplayItem[i].style.display = "None";
            }
        }
    }
}

function traverseToURL(url) {
    if (url != null) {
        var urlInitialSubstr = url.substring(0, 4).toLowerCase();
        if (urlInitialSubstr === "http") {
            window.open(url, "_blank");
        }
    }
}

function getExplainWindowTitle() {
    return document.getElementById("explainText_windowTitle").innerHTML;
}

function getExplainWindowStyles() {
    return document.getElementById("explainText_windowStyles").innerHTML;
}

function getExplainWindowSettingPathLabel() {
    return document.getElementById("explainText_settingPathLabel").innerHTML;
}

function getExplainWindowExplainTextLabel() {
    return document.getElementById("explainText_explainTextLabel").innerHTML;
}

function getExplainWindowPrintButton() {
    return document.getElementById("explainText_printButton").innerHTML;
}

function getExplainWindowCloseButton() {
    return document.getElementById("explainText_closeButton").innerHTML;
}

function getNoExplainTextAvailable() {
    return document.getElementById("explainText_noExplainTextAvailable").innerHTML;
}

function getExplainWindowSupportedLabel() {
    return document.getElementById("explainText_supportedLabel").innerHTML;
}

function getNoSupportedTextAvailable() {
    return document.getElementById("explainText_noSupportedTextAvailable").innerHTML;
}

function showExplainText(srcElement)
{
    var strDiagArgs;

    var strSettingName = srcElement.getAttribute("gpmc_settingName");
    var strSettingPath = srcElement.getAttribute("gpmc_settingPath");
    var strSettingDescription = srcElement.getAttribute("gpmc_settingDescription");

    if (strSettingDescription === "")
    {
        strSettingDescription = getNoExplainTextAvailable();
    }

    var strSupported = srcElement.getAttribute("gpmc_supported");

    if (strSupported === "")
    {
        strSupported = getNoSupportedTextAvailable();
    }

    var strHtml = "<html dir=" + document.dir +  ">\n";
    strHtml += "<head>\n";
    strHtml += "<title>" + getExplainWindowTitle() + "</title>\n";
    strHtml += "<style type='text/css'>\n" + getExplainWindowStyles() + "</style>\n";
    strHtml += "</head>\n";
    strHtml += "<body>\n";
    strHtml += "<div class='head'>" + strSettingName +"</div>\n";
    strHtml += "<div class='path'><b>" + getExplainWindowSettingPathLabel() + "</b><br/>" + strSettingPath +"</div>\n";
    strHtml += "<div class='path'><b>" + getExplainWindowSupportedLabel() + "</b><br/>" + strSupported +"</div>\n";
    strHtml += "<div class='info'>\n";
    strHtml += "<div class='hdr'>" + getExplainWindowExplainTextLabel() + "</div>\n";
    strHtml += "<div class='bdy'>" + strSettingDescription + "</div>\n";
    strHtml += "<div class='btn'>";
    strHtml += getExplainWindowPrintButton();
    strHtml += getExplainWindowCloseButton();
    strHtml += "</div></body></html>";

    // IE specific method for showing the popup.
    if(navigator.userAgent.indexOf("MSIE") > 0 && window.location.toString().indexOf("file:") === -1)
    {
        strDiagArgs = "dialogHeight=360px;dialogWidth=630px;status=no;scroll=yes;resizable=yes;minimize=yes;maximize=yes;";

        var vModeless = window.showModelessDialog("about:blank", window, strDiagArgs);
        vModeless.document.write(strHtml);
        vModeless.document.close();
        vModeless.location.reload(false);
                        
        window.event.returnValue = false;
    }
    else
    {
        strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes ";
        
        var expWin = window.open("", "expWin", strDiagArgs);
        expWin.document.write("");
        expWin.document.close();
        expWin.document.write(strHtml);
        expWin.document.close();
        expWin.focus();
    }
    
    return false;
}

function showEvents(srcElement,bVerbose,bInformational,bWarning,bError)
{
    var strWindowId = "EventDetails_" + srcElement.getAttribute("eventLogActivityId");
    if((windowsArray[strWindowId]) && (windowsArray[strWindowId].closed === false)) {
        windowsArray[strWindowId].focus();
    } else {
        var eventIdLabelNode, eventTimeLabelNode, eventDescriptionLabelNode, eventDetailsLabelNode, eventXmlLabelNode, gpEventsTitleNode;
        var eventIdLabelNodeText, eventTimeLabelNodeText, eventDescriptionLabelNodeText, eventXmlLabelNodeText, gpEventsTitleNodeText, eventDetailsLabelNodeText;
        var singlePassEventsDetailsNode, eventRecordArray;
        var dataNotFoundWarningLabelNode, dataNotFoundWarningLabelNodeText;
        var mainSection;
        var attributeValue;
        var singlePassEventsDetails;
        var singlePassEventsDetailsChildren;
        var node;
        var children;
        var xmlDocumentRoot;
        var xmlDocument;
        var serializer;
        var itemSub;
        var doc;

        if (window.XMLSerializer) 
        {
           serializer = new XMLSerializer();
        }

        if (window.DOMParser) 
        {
           // This browser appears to support DOMParser
           parser = new DOMParser();

           doc = document.getElementById("data-island").textContent;
           xmlDocumentRoot = parser.parseFromString(doc, "application/xml");
           xmlDocument = xmlDocumentRoot.documentElement;
           itemSub = 1;
        } 
        else 
        { 
           // Internet Explorer, create a new XML document using ActiveX 
           // and use loadXML as a DOM parser. 
           try 
           {
              doc = document.getElementById("data-island");

              xmlDocumentRoot = new ActiveXObject("Msxml2.DOMDocument.6.0"); 
              xmlDocumentRoot.async = false; 
              xmlDocumentRoot.loadXML(doc.innerHTML);
              xmlDocument = xmlDocumentRoot.documentElement;
              itemSub = 0;
           } 
           catch(e) 
           {
              // Not supported.
           }
        }

        if (xmlDocument != null) {
            mainSection = xmlDocument.getElementsByTagName("MainSection")[0].childNodes;

            if (mainSection != null) {
                for (children = 0; children < mainSection.length; children++) {
                    node = mainSection[children];
                    if (node.nodeType === 1 && node.nodeName === 'Label') {
                        attributeValue = node.getAttribute("Name");
                        if (attributeValue != null) {
                            if (attributeValue === 'ComponentStatus_EventId') {
                                eventIdLabelNode = node.childNodes[1];
                            }
                            if (attributeValue === 'ComponentStatus_EventTime') {
                                eventTimeLabelNode = node.childNodes[1];
                            }
                            if (attributeValue === 'ComponentStatus_EventDescription') {
                                eventDescriptionLabelNode = node.childNodes[1];
                            }
                            if (attributeValue === 'ComponentStatus_EventXml') {
                                eventXmlLabelNode = node.childNodes[1];
                            }
                            if (attributeValue === 'ComponentStatus_EventDetails') {
                                eventDetailsLabelNode = node.childNodes[1];
                            }
                            if (attributeValue === 'ComponentStatus_GPEvents') {
                                gpEventsTitleNode = node.childNodes[1];
                            }
                            if (attributeValue === 'Warning_DataNotFound') {
                                dataNotFoundWarningLabelNode = node.childNodes[1];
                            }
                        }
                    }
                }
            }

            singlePassEventsDetails = xmlDocument.getElementsByTagName("SinglePassEventsDetails");
            if (singlePassEventsDetails != null) {
                for (singlePassEventsDetailsChildren = 0; singlePassEventsDetailsChildren < singlePassEventsDetails.length; singlePassEventsDetailsChildren++) {
                    node = singlePassEventsDetails[singlePassEventsDetailsChildren];
                    attributeValue = node.getAttribute("ActivityId");
                    if (attributeValue === srcElement.getAttribute("eventLogActivityId")) {
                        singlePassEventsDetailsNode = node;
                    }
                }
            }
        }
        
        eventIdLabelNodeText = null;
        if (eventIdLabelNode != null) {
            if (eventIdLabelNode.childNodes.length > 0) {
                eventIdLabelNodeText = eventIdLabelNode.childNodes[0].nodeValue;
            }
        }
        if (eventIdLabelNodeText == null) {
            eventIdLabelNodeText = "Event ID";
        }

        eventTimeLabelNodeText = null;
        if (eventTimeLabelNode != null) {
            if (eventTimeLabelNode.firstChild.childNodes.length > 0) {
                eventTimeLabelNodeText = eventTimeLabelNode.childNodes[0].nodeValue;
            }
        }
        if (eventTimeLabelNodeText == null) {
            eventTimeLabelNodeText = "Event Time";
        }

        eventDescriptionLabelNodeText = null;
        if (eventDescriptionLabelNode != null) {
            if (eventDescriptionLabelNode.childNodes.length > 0) {
                eventDescriptionLabelNodeText = eventDescriptionLabelNode.childNodes[0].nodeValue;
            }
        }
        if (eventDescriptionLabelNodeText == null) {
            eventDescriptionLabelNodeText = "Event Description";
        }

        eventXmlLabelNodeText = null;
        if (eventXmlLabelNode != null) {
            if (eventXmlLabelNode.childNodes.length > 0) {
                eventXmlLabelNodeText = eventXmlLabelNode.childNodes[0].nodeValue;
            }
        }
        if (eventXmlLabelNodeText == null) {
            eventXmlLabelNodeText = "Event XML";
        }

        gpEventsTitleNodeText = null;
        if (gpEventsTitleNode != null) {
            if (gpEventsTitleNode.childNodes.length > 0) {
                gpEventsTitleNodeText = gpEventsTitleNode.childNodes[0].nodeValue;
            }
        }
        if (gpEventsTitleNodeText == null) {
            gpEventsTitleNodeText = "Group Policy Events";
        }

        eventDetailsLabelNodeText = null;
        if (eventDetailsLabelNode != null) {
            if (eventDetailsLabelNode.childNodes.length > 0) {
                eventDetailsLabelNodeText = eventDetailsLabelNode.childNodes[0].nodeValue;
            }
        }
        if (eventDetailsLabelNodeText == null) {
            eventDetailsLabelNodeText = "Event Details";
        }

        dataNotFoundWarningLabelNodeText = null;
        if (dataNotFoundWarningLabelNode != null) {
            if (dataNotFoundWarningLabelNode.childNodes.length > 0) {
                dataNotFoundWarningLabelNodeText = dataNotFoundWarningLabelNode.childNodes[0].nodeValue;
            }
        }
        if (dataNotFoundWarningLabelNodeText == null) {
            dataNotFoundWarningLabelNodeText = "Data Not Found";
        }
                
        if(singlePassEventsDetailsNode != null)
        {
            eventRecordArray = singlePassEventsDetailsNode.getElementsByTagName("EventRecord");
        }
        
        var htmlText = "<html dir=" + document.dir +  ">";
        htmlText = htmlText + "<head>";
        htmlText = htmlText + "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />";
        htmlText = htmlText + "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-16\" />";
        htmlText = htmlText + "<title>" + gpEventsTitleNodeText + "</title>";
        htmlText = htmlText + "</head><style type=\"text/css\">";
        htmlText = htmlText + "body    { background-color:#FFFFFF; color:#000000; font-size:68%; font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }";
        htmlText = htmlText + "table   { font-size:100%; table-layout:fixed; width:100%; }";
        htmlText = htmlText + "td,th   { overflow:visible; text-align:left; vertical-align:top; white-space:normal; }";
        htmlText = htmlText + ".he1    { text-align: center; vertical-align: middle; background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:4em; position:relative; }";
        htmlText = htmlText + ".centerTxt { text-align: center; }";
        htmlText = htmlText + ".txtFormat1 { text-align: left; vertical-align:top; white-space:pre-line; }";
        htmlText = htmlText + "</style>";
      
        htmlText = htmlText + "<script> function toggle(e) {";
        htmlText = htmlText + "if (e.style.display === \"none\"){ e.style.display = \"\"; }";
        htmlText = htmlText + "else { e.style.display = \"none\"; }";
        htmlText = htmlText + "}</";
        htmlText = htmlText + "script";
        htmlText = htmlText + ">";
      
        htmlText = htmlText + "<body><table border=1><tr>";
        htmlText = htmlText + "<th class=\"he1\"><strong>" + eventIdLabelNodeText + "</strong></th>";
        htmlText = htmlText + "<th class=\"he1\"><strong>" + eventTimeLabelNodeText + "</strong></th>";
        htmlText = htmlText + "<th class=\"he1\"><strong>" + eventDescriptionLabelNodeText + "</strong></th>";
        htmlText = htmlText + "<th class=\"he1\"><strong>" + eventDetailsLabelNodeText + "</strong></th>";

        htmlText = htmlText + "</tr>";
        var i;
        var eventId;
        var eventTime;
        var eventDescription;
        var eventXml;
        var eventType;
        var displayEvent;
        var eventXmlId;
        var displayBgColor;

        if(eventRecordArray != null && eventRecordArray.length > 0)
        {
            for (i=0; i < eventRecordArray.length; i++)
            {
                displayEvent = false;
                var eventIdElements = eventRecordArray[i].getElementsByTagName("EventId");        
                if((eventIdElements != null) && (eventIdElements.length > 0) && (eventIdElements[0].firstChild != null))
                {
                    eventId =  eventIdElements[0].firstChild.nodeValue;
                }
                else
                {
                    eventId =  dataNotFoundWarningLabelNodeText;
                }
                var eventTimeElements = eventRecordArray[i].getElementsByTagName("EventTime");
                if((eventTimeElements != null) && (eventTimeElements.length > 0) && (eventTimeElements[0].firstChild != null))
                {
                    eventTime = eventTimeElements[0].firstChild.nodeValue;
                }
                else
                {
                    eventTime = dataNotFoundWarningLabelNodeText;
                }
                var eventDescriptionElements = eventRecordArray[i].getElementsByTagName("EventDescription");
                if((eventDescriptionElements != null) && (eventDescriptionElements.length > 0) && (eventDescriptionElements[0].firstChild != null))
                {
                        eventDescription = eventDescriptionElements[0].firstChild.nodeValue;
                }
                else
                {
                    eventDescription = dataNotFoundWarningLabelNodeText;
                }
                var eventXmlElements = eventRecordArray[i].getElementsByTagName("EventXml");
                if((eventXmlElements != null) && (eventXmlElements.length > 0) && (eventXmlElements[0].firstChild != null))
                {
                    if (window.XMLSerializer) 
                    {
                       var xml = serializer.serializeToString(eventXmlElements[0].firstChild);
                       eventXml = xml;
                    } 
                    else 
                    {
                       if (typeof eventXmlElements[0].firstChild.xml != "undefined") 
                       {
                          eventXml = eventXmlElements[0].firstChild.xml;
                       }
                    }
                }
                else
                {
                    eventXml = dataNotFoundWarningLabelNodeText;
                }
                var eventLevelElements = eventRecordArray[i].getElementsByTagName("EventLevel");
                if((eventLevelElements != null) && (eventLevelElements.length > 0) && (eventLevelElements[0].firstChild != null))
                {
                    eventType = eventLevelElements[0].firstChild.nodeValue;
                }
                else
                {
                    eventType = 5;
                }
                
                if((bVerbose === true)&&(eventType == 5))
                {
                    displayEvent = true;
                }
                else if((bInformational === true)&&(eventType == 4))
                {
                    displayEvent = true;
                }
                else if((bWarning === true)&&(eventType == 3))
                {
                    displayEvent = true;
                }
                else if((bError === true)&&((eventType == 1)||(eventType == 2)))
                {
                    displayEvent = true;
                }
                
                if (displayEvent === true)
                {
                    eventXmlId = "EventXml" + (i+"");
                    htmlText = htmlText + "<tr>";
                    htmlText = htmlText + "<td class=\"centerTxt\" style=\"background:" + displayBgColor +"\">" + eventId + "</td>";
                    htmlText = htmlText + "<td class=\"centerTxt\" style=\"background:" + displayBgColor +"\">" + eventTime + "</td>";
                    htmlText = htmlText + "<td class=\"txtFormat1\" style=\"background:" + displayBgColor +"\">" + eventDescription + "</td>";
                    htmlText = htmlText + "<td style=\"background:" + displayBgColor +"\"><span style=\"color:blue; cursor:hand\" onclick=\"toggle(" + eventXmlId +");\" onKeyPress=\"toggle(" + eventXmlId + ");\" tabIndex=1 >";
                    htmlText = htmlText + eventXmlLabelNodeText + "</span><br/>";
                    htmlText = htmlText + "<span style=\"display:none\" id=" + eventXmlId +">";
                    htmlText = htmlText + eventXml + "</span>";
                    htmlText = htmlText + "</td>";
                    htmlText = htmlText + "</tr>";
                }
            }
        }
        htmlText = htmlText + "</table></body></html>";

        if(windowsArray[strWindowId])
        {
            delete windowsArray[strWindowId];
        }
        
        // IE specific method for showing the popup.
        if(navigator.userAgent.indexOf("MSIE") > 0 && window.location.toString().indexOf("file:") === -1)
        {
            var strDiagArgs = "dialogHeight=360px;dialogWidth=630px;status=no;scroll=yes;resizable=yes;minimize=yes;maximize=yes;";

            var vModeless = window.showModelessDialog("about:blank", window, strDiagArgs);
            vModeless.document.write(htmlText);
            vModeless.document.close();
            vModeless.location.reload(false);
            windowsArray[strWindowId] = vModeless;            
        }
        else
        {
            var strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes";
        
            windowsArray[strWindowId] = window.open("", "", strDiagArgs);
            windowsArray[strWindowId].document.write(htmlText);
            windowsArray[strWindowId].focus();
        } 
    }

    xmlDocumentRoot = null;
}

function cleanUp() {
    var windowsArray = this.windowsArray;
    for (var currentWindow in windowsArray) {
        if (windowsArray.hasOwnProperty(currentWindow)) {
            windowsArray[currentWindow].close();
        }
    }
}

function getMessageText(messageNode) {
    if (messageNode != null) {
        if (messageNode.firstChild != null) {
            if (messageNode.firstChild.nodeType === 3) {
                for (var i = 0; i < messageNode.childNodes.length; i++) 
                {
                    var curNode = messageNode.childNodes[i];
                    if(curNode.nodeType === 1){
                        return curNode.childNodes[0].nodeValue;
                    }
                }
            } else {
                return messageNode.firstChild.childNodes[0].nodeValue;
            }
        }
    }
    return null;
}

function showComponentProcessingDetails(srcElement) {
    var strWindowId = "ProcessingDetails_" + srcElement.getAttribute("eventLogActivityId");
    if ((windowsArray[strWindowId]) && (windowsArray[strWindowId].closed === false)) {
        windowsArray[strWindowId].focus();
    } else {
        var doc;
        var parser;
        var xmlDocumentRoot;
        var xmlDocument;

        var extensionsProcessedLabelNode, slowLinkThresholdLabelNode, linkSpeedLabelNode, extensionsProcessedTimeTakenNode;
        var domainControllerIpLabelNode, domainControllerNameLabelNode, processingTypeLabelNode, loopbackModeLabelNode;
        var processingTriggerLabelNode, extensionNameLabelNode, timeTakenLabelNode;
        var dataNotFoundWarningLabelNode;
        var singlePassEventsDetailsNode, totalProcessingTimeLabelNode, refreshMessageLabelNode;
        var processingDetailsUserTitleNode, processingDetailsComputerTitleNode;
        var policySectionNode;
        var policyEventsDetailsNode, detailsLabelNode;

        var extensionsProcessedLabelNodeText, slowLinkThresholdLabelNodeText, linkSpeedLabelNodeText, extensionsProcessedTimeTakenNodeText;
        var domainControllerIpLabelNodeText, domainControllerNameLabelNodeText, processingTypeLabelNodeText, loopbackModeLabelNodeText;
        var processingTriggerLabelNodeText, extensionNameLabelNodeText, timeTakenLabelNodeText;
        var dataNotFoundWarningLabelNodeText, totalProcessingTimeLabelNodeText, refreshMessageLabelNodeText;
        var processingDetailsUserTitleNodeText, processingDetailsComputerTitleNodeText;
        var detailsLabelNodeText;

        var slowLinkThresholdValue, linkSpeedValue, domainControllerIpValue, domainControllerNameValue;
        var processingTypeValue, loopbackModeValue, processingTriggerValue, totalPolicyProcessingTime, extensionProcessingTimeArray;
        var cseNameArray = new Array();
        var cseElapsedTimeArray = new Array();
        var policyApplicationFinishedTime;

        var isComputerProcessing;
        var strDiagArgs;
        var mainSection;
        var attributeValue;
        var singlePassEventsDetails;
        var singlePassEventsDetailsChildren;
        var node;
        var children;
        var itemSub;

        if (window.DOMParser) 
        {
           // This browser appears to support DOMParser
           parser = new DOMParser();
           doc = document.getElementById("data-island").textContent;

           xmlDocumentRoot = parser.parseFromString(doc, "application/xml");

           xmlDocument = xmlDocumentRoot.documentElement;

           itemSub = 1;
        } 
        else 
        { 
           // Internet Explorer, create a new XML document using ActiveX 
           // and use loadXML as a DOM parser. 
           try 
           {
              doc = document.getElementById("data-island");

              xmlDocumentRoot = new ActiveXObject("Msxml2.DOMDocument.6.0"); 
              xmlDocumentRoot.async = false; 
              xmlDocumentRoot.loadXML(doc.innerHTML);
              xmlDocument = xmlDocumentRoot.documentElement;
              itemSub = 0;
           } 
           catch(e) 
           {
              // Not supported.
           }
        }

        if (xmlDocument != null) {
            mainSection = xmlDocument.getElementsByTagName("MainSection")[0].childNodes;

            if (mainSection != null) {
                for (children = 0; children < mainSection.length; children++) {
                    node = mainSection[children];
                    if (node.nodeType === 1 && node.nodeName === 'Label') {
                        attributeValue = node.getAttribute("Name")
                        if (attributeValue != null) {
                            if (attributeValue === 'ComponentStatus_ExtensionsProcessed') {
                                extensionsProcessedLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_SlowLinkThreshold') {
                                slowLinkThresholdLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_LinkSpeed') {
                                linkSpeedLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_TimeTaken') {
                                extensionsProcessedTimeTakenNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_DomainControllerIP') {
                                domainControllerIpLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_DomainControllerName') {
                                domainControllerNameLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_ProcessingTrigger') {
                                processingTriggerLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_ExtensionName') {
                                extensionNameLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_TimeTaken') {
                                timeTakenLabelNode = node;
                            }
                            if (attributeValue === 'Warning_DataNotFound') {
                                dataNotFoundWarningLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_TotalProcessingTime') {
                                totalProcessingTimeLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_RefreshMessage') {
                                refreshMessageLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_UserProcessingDetails') {
                                processingDetailsUserTitleNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_ComputerProcessingDetails') {
                                detailsLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_ProcessingType') {
                                processingTypeLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_LoopbackMode') {
                                loopbackModeLabelNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_UserProcessingDetails') {
                                processingDetailsUserTitleNode = node;
                            }
                            if (attributeValue === 'ComponentStatus_ComputerProcessingDetails') {
                                processingDetailsComputerTitleNode = node;
                            }
                        }
                    }
                }
            }

            singlePassEventsDetails = xmlDocument.getElementsByTagName("SinglePassEventsDetails");
            if (singlePassEventsDetails != null) {
                for (singlePassEventsDetailsChildren = 0; singlePassEventsDetailsChildren < singlePassEventsDetails.length; singlePassEventsDetailsChildren++) {
                    node = singlePassEventsDetails[singlePassEventsDetailsChildren];
                    if (node.getAttribute("ActivityId") === srcElement.getAttribute("eventLogActivityId")) {
                        singlePassEventsDetailsNode = node;
                    }
                }
            }

            if (singlePassEventsDetailsNode) {
                policyEventsDetailsNode = singlePassEventsDetailsNode.parentNode;
                if (policyEventsDetailsNode) {
                    policySectionNode = policyEventsDetailsNode.parentNode;
                    if (policySectionNode) {
                        if (policySectionNode.nodeName === 'UserPolicySection') {
                            isComputerProcessing = false;
                        }
                        if (policySectionNode.nodeName === 'ComputerPolicySection') {
                            isComputerProcessing = true;
                        }
                    }
                }
            }
        }

        
        extensionsProcessedLabelNodeText = getMessageText(extensionsProcessedLabelNode);
        slowLinkThresholdLabelNodeText = getMessageText(slowLinkThresholdLabelNode);
        linkSpeedLabelNodeText = getMessageText(linkSpeedLabelNode);
        domainControllerIpLabelNodeText = getMessageText(domainControllerIpLabelNode);
        domainControllerNameLabelNodeText = getMessageText(domainControllerNameLabelNode);
        processingTypeLabelNodeText = getMessageText(processingTypeLabelNode);
        loopbackModeLabelNodeText = getMessageText(loopbackModeLabelNode);
        processingTriggerLabelNodeText = getMessageText(processingTriggerLabelNode);
        extensionNameLabelNodeText = getMessageText(extensionNameLabelNode);
        timeTakenLabelNodeText = getMessageText(timeTakenLabelNode);
        processingDetailsUserTitleNodeText = getMessageText(processingDetailsUserTitleNode);
        processingDetailsComputerTitleNodeText = getMessageText(processingDetailsComputerTitleNode);
        dataNotFoundWarningLabelNodeText = getMessageText(dataNotFoundWarningLabelNode);
        totalProcessingTimeLabelNodeText = getMessageText(totalProcessingTimeLabelNode);
        refreshMessageLabelNodeText = getMessageText(refreshMessageLabelNode);
        detailsLabelNodeText = getMessageText(detailsLabelNode);
     

        slowLinkThresholdValue = null;
        linkSpeedValue = null;
        domainControllerIpValue = null;
        domainControllerNameValue = null;
        processingTypeValue = null;
        loopbackModeValue = null;
        processingTriggerValue = null;

        if (singlePassEventsDetailsNode != null) {
            slowLinkThresholdValue = singlePassEventsDetailsNode.getAttribute("SlowLinkThresholdInKbps");
            linkSpeedValue = singlePassEventsDetailsNode.getAttribute("LinkSpeedInKbps");
            domainControllerIpValue = singlePassEventsDetailsNode.getAttribute("DomainControllerIPAddress");
            domainControllerNameValue = singlePassEventsDetailsNode.getAttribute("DomainControllerName");
            processingTypeValue = singlePassEventsDetailsNode.getAttribute("ProcessingAppMode");
            loopbackModeValue = singlePassEventsDetailsNode.getAttribute("PolicyProcessingMode");
            processingTriggerValue = singlePassEventsDetailsNode.getAttribute("ProcessingTrigger");
            totalPolicyProcessingTime = singlePassEventsDetailsNode.getAttribute("PolicyElapsedTime");
            extensionProcessingTimeArray = singlePassEventsDetailsNode.getElementsByTagName("ExtensionProcessingTime");
        }
        if (slowLinkThresholdValue == null) {
            slowLinkThresholdValue = dataNotFoundWarningLabelNodeText;
        }
        if (linkSpeedValue == null) {
            linkSpeedValue = dataNotFoundWarningLabelNodeText;
        }
        if (domainControllerIpValue == null) {
            domainControllerIpValue = dataNotFoundWarningLabelNodeText;
        }
        else {
            domainControllerIpValue = domainControllerIpValue.replace(/^\\\\/, "");
        }
        if (domainControllerNameValue == null) {
            domainControllerNameValue = dataNotFoundWarningLabelNodeText;
        }
        else {
            domainControllerNameValue = domainControllerNameValue.replace(/^\\\\/, "");
        }
        if (processingTypeValue == null) {
            processingTypeValue = dataNotFoundWarningLabelNodeText;
        }
        if (loopbackModeValue == null) {
            loopbackModeValue = dataNotFoundWarningLabelNodeText;
        }
        if (processingTriggerValue == null) {
            processingTriggerValue = dataNotFoundWarningLabelNodeText;
        }

        if (extensionProcessingTimeArray != null && extensionProcessingTimeArray.length > 0) {
            var cseName;
            var cseElapsedTime;
            var cseProcessedTime;
            var cseId;
            var i;
            var index = 0;
            for (i = 0; i < extensionProcessingTimeArray.length; i++) {
                var cseNameElements = extensionProcessingTimeArray[i].getElementsByTagName("ExtensionName");
                var cseElapsedTimeElements = extensionProcessingTimeArray[i].getElementsByTagName("ElapsedTime");
                var cseProcessedTimeElements = extensionProcessingTimeArray[i].getElementsByTagName("ProcessedTime");
                var cseIdElements = extensionProcessingTimeArray[i].getElementsByTagName("ExtensionGuid");
                if ((cseNameElements.length > 0) && (cseElapsedTimeElements.length > 0) && (cseProcessedTimeElements.length > 0) && (cseIdElements.length > 0)) {
                    if ((cseNameElements[0].firstChild != null) && (cseElapsedTimeElements[0].firstChild != null) && (cseProcessedTimeElements[0].firstChild != null) && (cseIdElements[0].firstChild != null)) {
                        cseName = cseNameElements[0].firstChild.nodeValue;
                        cseElapsedTime = cseElapsedTimeElements[0].firstChild.nodeValue;
                        cseProcessedTime = cseProcessedTimeElements[0].firstChild.nodeValue;
                        cseId = cseIdElements[0].firstChild.nodeValue;
                        if ((cseName != null) && (cseElapsedTime != null) && (cseProcessedTime != null) && (cseId != null)) {
                            cseNameArray[index] = cseName;
                            cseElapsedTimeArray[index] = cseElapsedTime;
                            index = index + 1;
                            if (cseId === '{00000000-0000-0000-0000-000000000000}') {
                                policyApplicationFinishedTime = cseProcessedTime;
                            }
                        }
                    }
                }
            }
        }
          
        var htmlText = "<html dir=" + document.dir +  ">";
        htmlText = htmlText + "<head>";
        htmlText = htmlText + "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />";
        htmlText = htmlText + "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-16\" />";
        if(isComputerProcessing != null)
        {
            if(isComputerProcessing === true)
            {
                htmlText = htmlText + "<title>" + processingDetailsComputerTitleNodeText + "</title>";
            }
            else
            {
                htmlText = htmlText + "<title>" + processingDetailsUserTitleNodeText + "</title>";
            }
        }
        

        htmlText = htmlText + "</head><style type=\"text/css\">";
        htmlText = htmlText + "body    { background-color:#FFFFFF; color:#000000; font-size:68%; font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }";
        htmlText = htmlText + "table   { font-size:100%; table-layout:fixed; width:100%; }";
        htmlText = htmlText + "td,th   { overflow:visible; text-align:left; vertical-align:top; white-space:normal; }";
        htmlText = htmlText + ".he0    { background-color:#FEF7D6; border:1px solid #BBBBBB; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }";
        htmlText = htmlText + ".he1    { color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2em;margin-left: 5 px; margin-top: 5 px; position:relative; width:100%; }";
        htmlText = htmlText + ".tblspecialfmt { border:1px solid black;border-collapse:collapse; }";
        htmlText = htmlText + ".tblfirstcolfmt { border-left-width: 1px;border-top-width: 1px;border-bottom-width: 1px;border-right-width: 0px;border-style: solid; border-color: black; }";
        htmlText = htmlText + ".tblsecondcolfmt { border-left-width: 0px;border-top-width: 1px;border-bottom-width: 1px;border-right-width: 1px;border-style: solid; border-color: black; }";
        htmlText = htmlText + "</style>";
        htmlText = htmlText + "<body>";
        htmlText = htmlText + "<span class=\"he1\">" + refreshMessageLabelNodeText + " " + policyApplicationFinishedTime + "</span>" ;
        htmlText = htmlText + "<div class=\"he0\">" + detailsLabelNodeText + "</div>"
        htmltext = htmlText + "<table><tr>";

        htmlText = htmlText + "<td>";
        htmlText = htmlText + "<table>";
        htmlText = htmlText + "<tr><td colspan=\"2\">&nbsp;</td></tr>";


        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + processingTypeLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + processingTypeValue + "</td></tr>";

        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + loopbackModeLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + loopbackModeValue + "</td></tr>";

        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + linkSpeedLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + linkSpeedValue + "</td></tr>";

        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + slowLinkThresholdLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + slowLinkThresholdValue + "</td></tr>";

        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + domainControllerNameLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + domainControllerNameValue +"</td></tr>";

        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + domainControllerIpLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + domainControllerIpValue +"</td></tr>";

        htmlText = htmlText + "<tr><td style=\"width: 50%\"><strong>" + processingTriggerLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td>" + processingTriggerValue + "</td></tr>";

        htmlText = htmlText + "</table></td></tr>";
        htmlText = htmlText + "<tr ><td ><table>";


        htmlText = htmlText + "<tr><td><span class=\"he1\" >" + extensionsProcessedLabelNodeText +"</span></td></tr>";
        htmlText = htmlText + "<tr><td><table class=\"tblspecialfmt\" >";
        htmlText = htmlText + "<tr><td class=\"tblfirstcolfmt\" style=\"width: 50%;background-color:#FEF7D6;\"><strong>" + extensionNameLabelNodeText + "</strong></td>";
        htmlText = htmlText + "<td class=\"tblsecondcolfmt\" style=\"background-color:#FEF7D6;\" ><strong>" + timeTakenLabelNodeText + "</strong></td></tr>";

        for (var idx in cseNameArray)
        {
            htmlText = htmlText + "<tr><td style=\"width: 50%\">" + cseNameArray[idx] + "</td>";                   
            htmlText = htmlText + "<td>" + cseElapsedTimeArray[idx] + "</td></tr>";
        }

        if (totalPolicyProcessingTime != null)
        {
            htmlText = htmlText + "<tr><td class=\"tblfirstcolfmt\" style=\"width: 50%\" >" + totalProcessingTimeLabelNodeText +":</td>";
            htmlText = htmlText + "<td class=\"tblsecondcolfmt\">" + totalPolicyProcessingTime + "</td></tr>";
        }
        htmlText = htmlText + "</table></td></tr></table></td></tr></table></body></html>";

        if(windowsArray[strWindowId])
        {
            delete windowsArray[strWindowId];
        }
         
        // IE specific method for showing the popup.
        if(navigator.userAgent.indexOf("MSIE") > 0 && window.location.toString().indexOf("file:") === -1)
        {
            strDiagArgs = "dialogHeight=360px;dialogWidth=630px;status=no;scroll=yes;resizable=yes;minimize=yes;maximize=yes;";

            var vModeless = window.showModelessDialog("about:blank", window, strDiagArgs);
            vModeless.document.write(htmlText);
            vModeless.document.close();
            vModeless.location.reload(false);
            windowsArray[strWindowId] = vModeless;                      
        }
        else
        {
            strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes";
        
            windowsArray[strWindowId] = window.open("", "" , strDiagArgs);
            windowsArray[strWindowId].document.write(htmlText);
            windowsArray[strWindowId].focus();
        }
    }

    xmlDocumentRoot = null;
}
</script>
</head>

<body onload="window_onload();" onclick="document_onclick();" onkeypress="document_onkeypress(event);" onunload="cleanUp();">

<!-- HTML resources -->
<div style="display:none;">
        <div id="explainText_windowTitle">Group Policy Management</div>
        <div id="explainText_windowStyles">
        
                            body  { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }

                            .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }

                            .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }

                            .info { padding-left:10px;width:100%; }

                            table { font-size:100%; width:100%; border:1px solid #999999; }

                            th    { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; }

                            td    { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; }

                            .btn  { width:100%; text-align:right; margin-top:16px; }

                            .hdr  { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; }

                            .bdy  { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; }

                            button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; }

                            @media print {

                                .bdy { display:block; overflow:visible; }

                                button { display:none; }

                                .head { color:#000000; background:#FFFFFF; border:1px solid #000000; }

                            }

                
        </div>
        <div id="explainText_settingPathLabel">Setting Path:</div>
        <div id="explainText_explainTextLabel">Explanation</div>
        <div id="explainText_printButton">
        <button name="Print" onClick="window.print()" accesskey="P"><u>P</u>rint</button>

        </div>
        <div id="explainText_closeButton">
        <button name="Close" onClick="window.close()" accesskey="C"><u>C</u>lose</button>
                
        </div>
        <div id="explainText_noExplainTextAvailable">No explanation is available for this setting.</div>
        <div id="explainText_supportedLabel">Supported On:</div>
        <div id="explainText_noSupportedTextAvailable">Not available</div>
</div><table class="title" >
<tr><td colspan="2" class="gponame">DoD Microsoft Defender Antivirus STIG Computer v2r7</td></tr>
<tr>
    <td id="dtstamp">Data collected on: 1/9/2026 11:17:55 AM</td>
    <td><div id="objshowhide" tabindex="0" onclick="objshowhide_onClick();return false;"></div></td>
</tr>
</table>

<div class="gposummary">
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">General</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1"><span class="sectionTitle" tabindex="0">Details</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" >
<tr><td scope="row">Domain</td><td>security.local</td></tr>
<tr><td scope="row">Owner</td><td>SECURITY\Domain Admins</td></tr>
<tr><td scope="row">Created</td><td>1/9/2026 7:42:02 AM</td></tr>
<tr><td scope="row">Modified</td><td>1/9/2026 7:42:34 AM</td></tr>
<tr><td scope="row">User Revisions</td><td>1 (AD), 1 (SYSVOL)</td></tr>
<tr><td scope="row">Computer Revisions</td><td>1 (AD), 1 (SYSVOL)</td></tr>
<tr><td scope="row">Unique ID</td><td>{B300F726-2E7D-46ED-8E9D-928B95C7A0DE}</td></tr>
<tr><td scope="row">GPO Status</td><td>User settings disabled</td></tr>
</table></div></div>
<div class="filler"></div>
<div class="he1"><span class="sectionTitle" tabindex="0">Links</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" ><tr><th scope="col">Location</th><th scope="col">Enforced</th><th scope="col">Link Status</th><th scope="col">Path</th></tr>
    <tr><td colspan="4">None</td></tr>
    </table>
    <br/>This list only includes links in the domain of the GPO.</div></div>
<div class="filler"></div>
<div class="he1"><span class="sectionTitle" tabindex="0">Security Filtering</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><b>The settings in this GPO can only apply to the following groups, users, and computers:</b></div>
<div class="he4i">
<table class="info" ><tr><th scope="col">Name</th></tr><tr><td>NT AUTHORITY\Authenticated Users</td></tr></table>
</div>
</div>
<div class="filler"></div>

<div class="filler"></div>
<div class="he1"><span class="sectionTitle" tabindex="0">Delegation</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><b>These groups and users have the specified permission for this GPO</b></div>
<div class="he4i">
<table class="info3" >
<tr><th scope="col">Name</th><th scope="col">Allowed Permissions</th><th scope="col">Inherited</th></tr>
<tr><td>NT AUTHORITY\Authenticated Users</td><td>Read (from Security Filtering)</td><td>No</td></tr>
<tr><td>NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</td><td>Read</td><td>No</td></tr>
<tr><td>NT AUTHORITY\SYSTEM</td><td>Edit settings, delete, modify security</td><td>No</td></tr>
<tr><td>SECURITY\Domain Admins</td><td>Edit settings, delete, modify security</td><td>No</td></tr>
<tr><td>SECURITY\Enterprise Admins</td><td>Edit settings, delete, modify security</td><td>No</td></tr>
</table>

</div></div></div>
<div class="filler"></div>
</div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">Computer Configuration (Enabled)</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1h_expanded"><span class="sectionTitle" tabindex="0">Policies</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1"><span class="sectionTitle" tabindex="0">Administrative Templates</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">Policy definitions (ADMX files) retrieved from the local computer.</div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure detection for potentially unwanted applications" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus" gpmc_settingDescription="&lt;br/&gt;        Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer.&lt;br/&gt;&lt;br/&gt;        Enabled:&lt;br/&gt;        Specify the mode in the Options section:&lt;br/&gt;        -Block: Potentially unwanted software will be blocked.&lt;br/&gt;        -Audit Mode: Potentially unwanted software will not be blocked, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs.&lt;br/&gt;&lt;br/&gt;        Disabled:&lt;br/&gt;        Potentially unwanted software will not be blocked.&lt;br/&gt;&lt;br/&gt;        Not configured:&lt;br/&gt;        Same as Disabled.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10 Version 1607">Configure detection for potentially unwanted applications</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td></td><td>&nbsp;</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure local administrator merge behavior for lists" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus" gpmc_settingDescription="This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Policy settings. This setting applies to lists such as threats and Exclusions.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, unique items defined in Group Policy and in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will override preference settings.&lt;br/&gt;&lt;br/&gt;    If you enable this setting, only items defined by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local administrator." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Configure local administrator merge behavior for lists</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Control whether or not exclusions are visible to Local Admins" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus" gpmc_settingDescription="&lt;br/&gt;    This policy setting controls whether or not exclusions are visible to Local Admins.  For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled.&lt;br/&gt;    Disabled(Default):&lt;br/&gt;        If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App or via PowerShell.&lt;br/&gt;&lt;br/&gt;    Enabled: &lt;br/&gt;        If you enable this setting, Local Admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell.&lt;br/&gt;        Note: Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in Get-MpPreference." gpmc_supported="At least Windows Server 2016, Windows 10 Version 1607">Control whether or not exclusions are visible to Local Admins</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Randomize scheduled task times" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus" gpmc_settingDescription="This policy setting allows you to configure the randomization of the scheduled scan start time and the scheduled definition update start time.&lt;br/&gt;&lt;br/&gt;        If you enable or do not configure this policy setting, and did not set a randomization window in the Configure scheduled task time randomization window setting , then randomization will be added between 0-4 hours.&lt;br/&gt;        If you enable or do not configure this policy setting, and set a randomization window in the Configure scheduled task time randomization window setting, the configured randomization window will be used.&lt;br/&gt;        If you disable this policy setting, but configured the scheduled task time randomization window, randomization will not be done. &lt;br/&gt;    " gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Randomize scheduled task times</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Exclusions</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Turn off Auto Exclusions" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Exclusions" gpmc_settingDescription="&lt;br/&gt;        Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off.&lt;br/&gt;&lt;br/&gt;        Disabled (Default):&lt;br/&gt;        Microsoft Defender will exclude pre-defined list of paths from the scan to improve performance.&lt;br/&gt;&lt;br/&gt;        Enabled:&lt;br/&gt;        Microsoft Defender will not exclude pre-defined list of paths from scans. This can impact machine performance in some scenarios.&lt;br/&gt;&lt;br/&gt;        Not configured:&lt;br/&gt;        Same as Disabled.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016">Turn off Auto Exclusions</span></td><td>Disabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Features</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Enable EDR in block mode" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Features" gpmc_settingDescription="This policy setting enables or disables EDR in block mode (also known as &amp;quot;passive remediation&amp;quot;). EDR in block mode is recommended for devices running Microsoft Defender Antivirus in passive mode. Available with platform release: 4.18.2202.X&lt;br/&gt;&lt;br/&gt;        The data type is integer&lt;br/&gt;&lt;br/&gt;        Supported values:&lt;br/&gt;&lt;br/&gt;        1: Turn EDR in block mode on&lt;br/&gt;        0: Turn EDR in block mode off" gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Enable EDR in block mode</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/MAPS</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure the &amp;#39;Block at First Sight&amp;#39; feature" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/MAPS" gpmc_settingDescription="This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device.&lt;br/&gt;    Enabled – The Block at First Sight setting is turned on.&lt;br/&gt;    Disabled – The Block at First Sight setting is turned off.&lt;br/&gt;    &lt;br/&gt;    This feature requires these Group Policy settings to be set as follows:&lt;br/&gt;    MAPS -&amp;gt; The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature will not function.&lt;br/&gt;    MAPS -&amp;gt; The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device.  Setting to 2 (Never send) means the “Block at First Sight” feature will not function.&lt;br/&gt;    Real-time Protection -&amp;gt; The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature will not function.&lt;br/&gt;    Real-time Protection -&amp;gt; Do not enable the “Turn off real-time protection” policy or the “Block at First Sight” feature will not function." gpmc_supported="At least Windows Server 2016, Windows 10">Configure the &#39;Block at First Sight&#39; feature</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Join Microsoft MAPS" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/MAPS" gpmc_settingDescription="This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections.&lt;br/&gt;&lt;br/&gt;    You can choose to send basic or additional information about detected software. Additional information helps Microsoft create new security intelligence and help it to protect your computer. This information can include things like location of detected items on your computer if harmful software was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you.&lt;br/&gt;&lt;br/&gt;    Possible options are:&lt;br/&gt;    (0x0) Disabled (default)&lt;br/&gt;    (0x1) Basic membership&lt;br/&gt;    (0x2) Advanced membership&lt;br/&gt;&lt;br/&gt;    Basic membership will send basic information to Microsoft about software that has been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the actions were successful.&lt;br/&gt;&lt;br/&gt;    Advanced membership, in addition to basic information, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer.&lt;br/&gt;&lt;br/&gt;    If you enable this setting, you will join Microsoft MAPS with the membership specified.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, you will not join Microsoft MAPS.&lt;br/&gt;  &lt;br/&gt;    In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership." gpmc_supported="At least Windows Vista">Join Microsoft MAPS</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Join Microsoft MAPS</td><td>Advanced MAPS</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Send file samples when further analysis is required" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/MAPS" gpmc_settingDescription="&lt;br/&gt;        This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set.&lt;br/&gt;&lt;br/&gt;        Possible options are:&lt;br/&gt;        (0x0) Always prompt&lt;br/&gt;        (0x1) Send safe samples automatically&lt;br/&gt;        (0x2) Never send&lt;br/&gt;        (0x3) Send all samples automatically&lt;br/&gt;    " gpmc_supported="At least Windows Vista">Send file samples when further analysis is required</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Send file samples when further analysis is required</td><td>&nbsp;</td></tr>
</table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Attack Surface Reduction</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure Attack Surface Reduction rules" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Attack Surface Reduction" gpmc_settingDescription="&lt;br/&gt;    Set the state for each Attack Surface Reduction (ASR) rule.&lt;br/&gt;&lt;br/&gt;    After enabling this setting, you can set each rule to the following in the Options section:&lt;br/&gt;    - Block: the rule will be applied&lt;br/&gt;    - Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied)&lt;br/&gt;    - Off: the rule will not be applied&lt;br/&gt;    - Not Configured: the rule is enabled with default values&lt;br/&gt;    - Warn: the rule will be applied and the end-user will have the option to bypass the block&lt;br/&gt;&lt;br/&gt;    Unless the ASR rule is disabled, a subsample of audit events are collected for ASR rules will the value of not configured.&lt;br/&gt;&lt;br/&gt;    Enabled:&lt;br/&gt;    Specify the state for each ASR rule under the Options section for this setting.&lt;br/&gt;    Enter each rule on a new line as a name-value pair:&lt;br/&gt;    - Name column: Enter a valid ASR rule ID&lt;br/&gt;    - Value column: Enter the status ID that relates to state you want to specify for the associated rule&lt;br/&gt;&lt;br/&gt;    The following status IDs are permitted under the value column:&lt;br/&gt;    - 1 (Block)&lt;br/&gt;    - 0 (Off)&lt;br/&gt;    - 2 (Audit)&lt;br/&gt;    - 5 (Not Configured)&lt;br/&gt;    - 6 (Warn)&lt;br/&gt;&lt;br/&gt;    &lt;br/&gt;    Example:&lt;br/&gt;    xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx            0&lt;br/&gt;    xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx            1&lt;br/&gt;    xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx            2&lt;br/&gt;&lt;br/&gt;    Disabled:&lt;br/&gt;    No ASR rules will be configured.&lt;br/&gt;&lt;br/&gt;    Not configured:&lt;br/&gt;    Same as Disabled.&lt;br/&gt;&lt;br/&gt;    You can exclude folders or files in the &amp;quot;&amp;quot;Exclude files and paths from Attack Surface Reduction Rules&amp;quot;&amp;quot; GP setting.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10 Version 1709">Configure Attack Surface Reduction rules</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td colspan="2"><table class="subtable" >
<tr><th scope="col">Set the state for each ASR rule:</th><th scope="col">&nbsp;</th></tr>
<tr><td>BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550</td><td>1</td></tr>
<tr><td>D4F940AB-401B-4EFC-AADC-AD5F3C50688A</td><td>1</td></tr>
<tr><td>3B576869-A4EC-4529-8536-B80A7769E899</td><td>1</td></tr>
<tr><td>75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84</td><td>1</td></tr>
<tr><td>D3E037E1-3EB8-44C8-A917-57927947596D</td><td>1</td></tr>
<tr><td>5BEB7EFE-FD9A-4556-801D-275E5FFC04CC</td><td>1</td></tr>
<tr><td>92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B</td><td>1</td></tr>
<tr><td>01443614-cd74-433a-b99e-2ecdc07bfc25</td><td>2</td></tr>
<tr><td>7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c</td><td>1</td></tr>
<tr><td>9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2</td><td>1</td></tr>
<tr><td>b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4</td><td>1</td></tr>
<tr><td>c1db55ab-c21a-4637-bb3f-a12568109d35</td><td>1</td></tr>
<tr><td>d1e49aac-8f56-4280-b9ba-993a6d77406c</td><td>2</td></tr>
<tr><td>e6db77e5-3df2-4cf1-b95a-636979351e5b</td><td>2</td></tr>
<tr><td>26190899-1602-49e8-8b27-eb1d0a1ce869</td><td>1</td></tr>
<tr><td>56a863a9-875e-4185-98a7-b882c64b5ce5</td><td>1</td></tr>
</table></td></tr></table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Network Protection</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Prevent users and apps from accessing dangerous websites" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Network Protection" gpmc_settingDescription="&lt;br/&gt;    Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet.&lt;br/&gt;&lt;br/&gt;    Enabled:&lt;br/&gt;    Specify the mode in the Options section:&lt;br/&gt;    -Block: Users and applications will not be able to access dangerous domains&lt;br/&gt;    -Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs.&lt;br/&gt;&lt;br/&gt;    Disabled:&lt;br/&gt;    Users and applications will not be blocked from connecting to dangerous domains.&lt;br/&gt;&lt;br/&gt;    Not configured:&lt;br/&gt;    Same as Disabled.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10 Version 1709">Prevent users and apps from accessing dangerous websites</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td></td><td>&nbsp;</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server." gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Network Protection" gpmc_settingDescription="&lt;br/&gt;    Disabled (Default): &lt;br/&gt;    If Not Configured or Disabled, network protection is not allowed to be configured into block or audit mode on Windows Server.&lt;br/&gt;&lt;br/&gt;    Enabled: &lt;br/&gt;    If Enabled, administrators can control whether Network Protection is allowed to be configured into block or audit mode on Windows Server.&lt;br/&gt;    Note, that this configuration is dependent on the EnableNetworkProtection configuration. If this configuration is false, EnableNetworkProtection will be ignored, otherwise network protection will start on Windows Server depending on the value of EnableNetworkProtection." gpmc_supported="At least Windows Server 2016, Windows 10 Version 1709">This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server.</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/MpEngine</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure extended cloud check" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/MpEngine" gpmc_settingDescription="&lt;br/&gt;      This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it&amp;#39;s safe.&lt;br/&gt;      &lt;br/&gt;      The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds.&lt;br/&gt;&lt;br/&gt;      For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds.&lt;br/&gt;&lt;br/&gt;      Note: This feature depends on three other MAPS settings - &amp;quot;Configure the &amp;#39;Block at First Sight&amp;#39; feature; &amp;quot;Join Microsoft MAPS&amp;quot;; &amp;quot;Send file samples when further analysis is required&amp;quot; all need to be enabled.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10">Configure extended cloud check</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Specify the extended cloud check time in seconds</td><td>50</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Enable file hash computation feature" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/MpEngine" gpmc_settingDescription="&lt;br/&gt;        Enable or disable file hash computation feature.&lt;br/&gt;&lt;br/&gt;        Enabled:&lt;br/&gt;        When this feature is enabled Microsoft Defender will compute hash value for files it scans.&lt;br/&gt;&lt;br/&gt;        Disabled:&lt;br/&gt;        File hash value is not computed&lt;br/&gt;        &lt;br/&gt;        Not configured:&lt;br/&gt;        Same as Disabled.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10 Version 1909">Enable file hash computation feature</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Select cloud protection level" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/MpEngine" gpmc_settingDescription="&lt;br/&gt;      This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files.&lt;br/&gt;&lt;br/&gt;      If this setting is on, Microsoft Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. &lt;br/&gt;      &lt;br/&gt;      For more information about specific values that are supported, see the Microsoft Defender Antivirus documentation site.&lt;br/&gt;&lt;br/&gt;      Note: This feature requires the &amp;quot;Join Microsoft MAPS&amp;quot; setting enabled in order to function.&lt;br/&gt;&lt;br/&gt;      Possible options are:&lt;br/&gt;      (0x0) Default Microsoft Defender Antivirus blocking level&lt;br/&gt;      (0x1) Moderate Microsoft Defender Antivirus blocking level, delivers verdict only for high confidence detections&lt;br/&gt;      (0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)&lt;br/&gt;      (0x4) High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact  client performance)&lt;br/&gt;      (0x6) Zero tolerance blocking level – block all unknown executables&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10">Select cloud protection level</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Select cloud blocking level</td><td>High blocking level</td></tr>
</table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Network Inspection System</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Convert warn verdict to block" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Network Inspection System" gpmc_settingDescription="&lt;br/&gt;    Network protection inspects network traffic and determines whether it allows or blocks traffic or displays a warning.&lt;br/&gt;    &lt;br/&gt;    Disabled (Default): &lt;br/&gt;    If Not Configured or Disabled, network protection will display a warning for warn verdicts.&lt;br/&gt;&lt;br/&gt;    Enabled: &lt;br/&gt;    If this setting is Enabled, network protection blocks network traffic instead of displaying a warning." gpmc_supported="At least Windows Server 2016, Windows 10 Version 1709">Convert warn verdict to block</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Turn on asynchronous inspection" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Network Inspection System" gpmc_settingDescription="&lt;br/&gt;    Control whether network protection can improve performance by switching from real-time inspection to asynchronous inspection.&lt;br/&gt;&lt;br/&gt;    Disabled (Default): &lt;br/&gt;    If Not Configured or Disabled, asynchronous inspection will not be enabled for network protection.&lt;br/&gt;&lt;br/&gt;    Enabled: &lt;br/&gt;    If Enabled, switching to asynchronous inspection will be allowed for network protection." gpmc_supported="At least Windows Server 2016, Windows 10 Version 1709">Turn on asynchronous inspection</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Real-time Protection</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure real-time protection and Security Intelligence Updates during OOBE" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Real-time Protection" gpmc_settingDescription="This policy setting allows you to configure whether real-time protection and Security Intelligence Updates are enabled during OOBE (Out of Box experience).&lt;br/&gt; &lt;br/&gt;    If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE.&lt;br/&gt; &lt;br/&gt;    If you either disable or do not configure this policy setting, real-time protection and Security Intelligence Updates during OOBE is not enabled." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Configure real-time protection and Security Intelligence Updates during OOBE</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Turn on script scanning" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Real-time Protection" gpmc_settingDescription="This policy setting allows you to configure script scanning.&lt;br/&gt;&lt;br/&gt;    If you enable or do not configure this setting, script scanning will be enabled.&lt;br/&gt;&lt;br/&gt;    If you disable this setting, script scanning will be disabled." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Turn on script scanning</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Reporting</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Configure whether to report Dynamic Signature dropped events" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Reporting" gpmc_settingDescription="This policy setting configures whether to report Dynamic Signature dropped events.&lt;br/&gt;&lt;br/&gt;    If you do not configure this setting, the default value will be applied. The default value is set to disabled (such events are not reported).&lt;br/&gt;    If you configure this setting to enabled, Dynamic Signature dropped events will be reported.&lt;br/&gt;    If you configure this setting to disabled, Dynamic Signature dropped events will not be reported." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Configure whether to report Dynamic Signature dropped events</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Scan</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Scan excluded files and directories during quick scans" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Scan" gpmc_settingDescription="&lt;br/&gt;        This policy setting allows you to scan excluded files and directories during quick scans.&lt;br/&gt;&lt;br/&gt;        If you set this policy setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan.&lt;br/&gt;&lt;br/&gt;        If you set this policy to 0 or do not configure it, exclusions are not scanned during quick scans.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Scan excluded files and directories during quick scans</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td></td><td>&nbsp;</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Scan packed executables" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Scan" gpmc_settingDescription="This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning remain enabled.&lt;br/&gt;&lt;br/&gt;    If you enable or do not configure this setting, packed executables will  be scanned.&lt;br/&gt;&lt;br/&gt;    If you disable this setting, packed executables will not be scanned." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Scan packed executables</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Scan removable drives" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Scan" gpmc_settingDescription="This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.&lt;br/&gt;&lt;br/&gt;    If you enable this setting, removable drives will be scanned during any type of scan.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan and custom scan." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Scan removable drives</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Specify the day of the week to run a scheduled scan" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Scan" gpmc_settingDescription="This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be configured to run every day or to never run at all.&lt;br/&gt;&lt;br/&gt;    This setting can be configured with the following ordinal number values:&lt;br/&gt;    (0x0) Every Day&lt;br/&gt;    (0x1) Sunday &lt;br/&gt;    (0x2) Monday&lt;br/&gt;    (0x3) Tuesday&lt;br/&gt;    (0x4) Wednesday&lt;br/&gt;    (0x5) Thursday&lt;br/&gt;    (0x6) Friday&lt;br/&gt;    (0x7) Saturday&lt;br/&gt;    (0x8) Never (default)&lt;br/&gt;&lt;br/&gt;    If you enable this setting, a scheduled scan will run at the frequency specified.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, a scheduled scan will run at a default frequency." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Specify the day of the week to run a scheduled scan</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Specify the day of the week to run a scheduled scan</td><td>Every Day</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Turn on e-mail scanning" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Scan" gpmc_settingDescription="This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (Outlook), dbx, mbx, mime (Outlook Express), binhex (Mac). Email scanning is not supported on modern email clients.&lt;br/&gt;    &lt;br/&gt;    If you enable this setting, e-mail scanning will be enabled.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, e-mail scanning will be disabled." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Turn on e-mail scanning</span></td><td>Enabled</td><td></td></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Turn on heuristics" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Scan" gpmc_settingDescription="This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the engine client. Turning off heuristics will reduce the capability to flag new threats. It is recommended that you do not turn off heuristics.&lt;br/&gt;&lt;br/&gt;    If you enable or do not configure this setting, heuristics will be enabled.&lt;br/&gt;&lt;br/&gt;    If you disable this setting, heuristics will be disabled." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Turn on heuristics</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Security Intelligence Updates</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Define the number of days before spyware security intelligence is considered out of date" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Security Intelligence Updates" gpmc_settingDescription="This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.&lt;br/&gt;&lt;br/&gt;    If you enable this setting, spyware security intelligence will be considered out of date after the number of days specified have passed without an update.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, spyware security intelligence will be considered out of date after the default number of days have passed without an update." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Define the number of days before spyware security intelligence is considered out of date</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Define the number of days before spyware security intelligence is considered out of date</td><td>7</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Define the number of days before virus security intelligence is considered out of date" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Security Intelligence Updates" gpmc_settingDescription="This policy setting allows you to define the number of days that must pass before virus security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.&lt;br/&gt;&lt;br/&gt;    If you enable this setting, virus security intelligence will be considered out of date after the number of days specified have passed without an update.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, virus security intelligence will be considered out of date after the default number of days have passed without an update." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Define the number of days before virus security intelligence is considered out of date</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Define the number of days before virus security intelligence is considered out of date</td><td>7</td></tr>
</table></td></tr><tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Specify the day of the week to check for security intelligence updates" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Security Intelligence Updates" gpmc_settingDescription="This policy setting allows you to specify the day of the week on which to check for security intelligence updates. The check can also be configured to run every day or to never run at all.&lt;br/&gt;&lt;br/&gt;    This setting can be configured with the following ordinal number values:&lt;br/&gt;    (0x0) Every Day (default)&lt;br/&gt;    (0x1) Sunday &lt;br/&gt;    (0x2) Monday&lt;br/&gt;    (0x3) Tuesday&lt;br/&gt;    (0x4) Wednesday&lt;br/&gt;    (0x5) Thursday&lt;br/&gt;    (0x6) Friday&lt;br/&gt;    (0x7) Saturday&lt;br/&gt;    (0x8) Never&lt;br/&gt;&lt;br/&gt;    If you enable this setting, the check for security intelligence updates will occur at the frequency specified.&lt;br/&gt;&lt;br/&gt;    If you disable or do not configure this setting, the check for security intelligence updates will occur at a default frequency." gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Specify the day of the week to check for security intelligence updates</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td>Specify the day of the week to check for security intelligence updates</td><td>Every Day</td></tr>
</table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Microsoft Defender Antivirus/Threats</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Specify threat alert levels at which default action should not be taken when detected" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Threats" gpmc_settingDescription="This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat alert levels should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a threat alert level. The value contains the action ID for the remediation action that should be taken.&lt;br/&gt;&lt;br/&gt;    Valid threat alert levels are:&lt;br/&gt;    1 = Low&lt;br/&gt;    2 =  Medium&lt;br/&gt;    4 = High&lt;br/&gt;    5 = Severe&lt;br/&gt;&lt;br/&gt;    Valid remediation action values are:&lt;br/&gt;    2 = Quarantine&lt;br/&gt;    3 = Remove&lt;br/&gt;    6 = Ignore" gpmc_supported="At least Windows Server 2012, Windows 8 or Windows RT">Specify threat alert levels at which default action should not be taken when detected</span></td><td>Enabled</td><td></td></tr>
<tr><td colspan="3"><table class="subtable_frame" >
<tr><td colspan="2"><table class="subtable" >
<tr><th scope="col">Specify threat alert levels at which default action should not be taken when detected</th><th scope="col">&nbsp;</th></tr>
<tr><td>5</td><td>2</td></tr>
<tr><td>4</td><td>2</td></tr>
<tr><td>2</td><td>2</td></tr>
<tr><td>1</td><td>2</td></tr>
</table></td></tr></table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Windows Components/Windows Security/Family options</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" >
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Comment</th></tr>
<tr><td><span class="explainlink" tabindex="0" onkeypress="javascript:showExplainText(this); return false;" onclick="javascript:showExplainText(this); return false;" gpmc_settingName="Hide the Family options area" gpmc_settingPath="Computer Configuration/Administrative Templates/Windows Components/Windows Security/Family options" gpmc_settingDescription="&lt;br/&gt;        Hide the Family options area in Windows Security.&lt;br/&gt;&lt;br/&gt;        Enabled:&lt;br/&gt;        The Family options area will be hidden.&lt;br/&gt;&lt;br/&gt;        Disabled:&lt;br/&gt;        The Family options area will be shown.&lt;br/&gt;&lt;br/&gt;        Not configured:&lt;br/&gt;        Same as Disabled.&lt;br/&gt;    " gpmc_supported="At least Windows Server 2016, Windows 10 Version 1709">Hide the Family options area</span></td><td>Enabled</td><td></td></tr>
</table>
</div></div></div></div></div>
<div class="filler"></div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">User Configuration (Disabled)</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">No settings defined.</div></div>
</body></html>