Category: At least Windows Server 2012, Windows 8 or Windows RT

This policy setting allows you to configure definition updates on startup when there is no antimalware engine present. If you enable or do not configure this setting definition updates will be initiated on startup when there is no antimalware engine present. If you disable this setting definition updates will not be initiated on startup when there is no antimalware engine present.

This policy setting allows you to define the order in which different definition update sources should be contacted. The value of this setting should be entered as a pipe-separated string enumerating the definition update sources in order. Possible values are: “InternalDefinitionUpdateServer” “MicrosoftUpdateServer” “MMPC” and “FileShares”For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }If you enable this setting definition update sources will be contacted in the order specified. Once definition updates have been successfully downloaded from one specified source the remaining sources in the list will not be contacted. If you disable or do not configure this setting definition update sources will be contacted in a default order.

This policy setting allows you to enable download of definition updates from Microsoft Update even if the Automatic Updates default server is configured to another download source such as Windows Update. If you enable this setting definition updates will be downloaded from Microsoft Update. If you disable or do not configure this setting definition updates will be downloaded from the configured download source.

This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example 120 (0x78) is equivalent to 02:00 AM. By default this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing. If you enable this setting a daily quick scan will run at the time of day specified. If you disable or do not configure this setting a daily quick scan will run at a default time.

This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example 120 (0x78) is equivalent to 02:00 AM. By default this setting is set to a time value of 2:00 AM. The schedule is based on local time on the computer where the scan is executing. If you enable this setting a scheduled scan will run at the time of day specified. If you disable or do not configure this setting a scheduled scan will run at a default time.

This policy setting allows you to define the number of days that must pass before spyware definitions are considered out of date. If definitions are determined to be out of date this state may trigger several additional actions including falling back to an alternative update source or displaying a warning icon in the user interface. By default this value is set to 14 days. If you enable this setting spyware definitions will be considered out of date after the number of days specified have passed without an update. If you disable or do not configure this setting spyware definitions will be considered out of date after the default number of days have passed without an update.

This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. If definitions are determined to be out of date this state may trigger several additional actions including falling back to an alternative update source or displaying a warning icon in the user interface. By default this value is set to 14 days. If you enable this setting virus definitions will be considered out of date after the number of days specified have passed without an update. If you disable or do not configure this setting virus definitions will be considered out of date after the default number of days have passed without an update.

This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This setting can only be set by Group Policy. If you enable this setting the local preference setting will take priority over Group Policy. If you disable or do not configure this setting Group Policy will take priority over the local preference setting.

This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting can only be set by Group Policy. If you enable this setting the local preference setting will take priority over Group Policy. If you disable or do not configure this setting Group Policy will take priority over the local preference setting.

This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group Policy. If you enable this setting the local preference setting will take priority over Group Policy. If you disable or do not configure this setting Group Policy will take priority over the local preference setting.