> For the complete documentation index, see [llms.txt](https://docs.intunemacadmins.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.intunemacadmins.com/baseline-settings-for-intune/settingsoverview/antivirusconfiguration.md). # Antivirus Configuration {% hint style="info" %} Click on the link to download the JSON file from [GitHub](https://github.com/SkipToTheEndpoint/OpenIntuneBaseline/blob/main/MACOS/NativeImport/MacOS%20-%20OIB%20-%20Defender%20Antivirus%20-%20D%20-%20Antivirus%20Configuration%20-%20v1.0.json) {% endhint %} ## Antivirus engine | Setting | Value | | ---------------------------------------- | ---------------------------------- | | Disallowed threat actions | allow, restore | | Enforcement level | real\_time | | Exclusions merge | admin\_only | | Run a scan after definitions are updated | Enabled | | Scanning inside archive files | True | | Threat type (1) | potentially\_unwanted\_application | | Action to take (1) | block | | Threat type (2) | archive\_bomb | | Action to take (2) | block | | Threat type settings merge | admin\_only | ## Cloud delivered protection preferences | Setting | Value | | --------------------------------------------- | -------- | | Automatic security intelligence updates | Enabled | | Cloud Block Level | normal | | Diagnostic collection level | optional | | Enable / disable automatic sample submissions | Enabled | | Enable / disable cloud delivered protection | Enabled | ## Endpoint Detection and Response (EDR) preferences | Setting | Value | | ------------------------------ | -------- | | Enable / disable early preview | Disabled | ## Features | Setting | Value | | --------------------- | ------- | | Use System Extensions | enabled | ## Network protection | Setting | Value | | ----------------- | ----- | | Enforcement level | block | ## Tamper protection | Setting | Value | | ---------------------------- | ------------------------------------------------------------------------- | | Enforcement level | block | | Process's TeamIdentifier | UBF8T346G9 | | Process path | /Library/Intune/Microsoft Intune Agent.app/Contents/MacOS/IntuneMdmDaemon | | Process's Signing Identifier | IntuneMdmDaemon | ## User interface preferences | Setting | Value | | ----------------------------------- | -------- | | Control sign-in to consumer version | disabled | | Show / hide status menu icon | Disabled | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.intunemacadmins.com/baseline-settings-for-intune/settingsoverview/antivirusconfiguration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.