Hi, I need to change the time that virus notifications are retained. For a number of reasons I want the virus notifications to be saved (temporarily) for at most 1 day.
With PowerShell (as admin) I thought that this command would do it.
>Set-MpPreference -QuarantinePurgeItemsAfterDelay 1
but no, I get this error:
Set-MpPreference : Operation failed with the following error: 0x%1!x!
At line:1 char:2
+ Set-MpPreference -QuarantinePurgeItemsAfterDelay 1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference
Can anyone help me with this change?
Version 23H2 (OS Build 22631.2792)
Set-MpPreference
[-AllowDatagramProcessingOnWinServer <Boolean>]
[-AllowNetworkProtectionDownLevel <Boolean>]
[-AllowNetworkProtectionOnWinServer <Boolean>]
[-AllowSwitchToAsyncInspection <Boolean>]
[-AsJob]
[-AttackSurfaceReductionOnlyExclusions <String[]>]
[-AttackSurfaceReductionRules_Actions <ASRRuleActionType[]>]
[-AttackSurfaceReductionRules_Ids <String[]>]
[-CheckForSignaturesBeforeRunningScan <Boolean>]
[-CimSession <CimSession[]>]
[-CloudBlockLevel <CloudBlockLevelType>]
[-CloudExtendedTimeout <UInt32>]
[-ControlledFolderAccessAllowedApplications <String[]>]
[-ControlledFolderAccessProtectedFolders <String[]>]
[-DefinitionUpdatesChannel <UpdatesChannelType>]
[-DisableArchiveScanning <Boolean>]
[-DisableAutoExclusions <Boolean>]
[-DisableBehaviorMonitoring <Boolean>]
[-DisableBlockAtFirstSeen <Boolean>]
[-DisableCacheMaintenance <UInt32>]
[-DisableCatchupFullScan <Boolean>]
[-DisableCatchupQuickScan <Boolean>]
[-DisableCpuThrottleOnIdleScans <Boolean>]
[-DisableDatagramProcessing <Boolean>]
[-DisableDnsOverTcpParsing <Boolean>]
[-DisableDnsParsing <Boolean>]
[-DisableEmailScanning <Boolean>]
[-DisableFtpParsing <Boolean>]
[-DisableGradualRelease <Boolean>]
[-DisableHttpParsing <Boolean>]
[-DisableIOAVProtection <Boolean>]
[-DisableInboundConnectionFiltering <Boolean>]
[-DisableNetworkProtectionPerfTelemetry <Boolean>]
[-DisablePrivacyMode <Boolean>]
[-DisableRdpParsing <Boolean>]
[-DisableRealtimeMonitoring <Boolean>]
[-DisableRemovableDriveScanning <Boolean>]
[-DisableRestorePoint <Boolean>]
[-DisableScanningMappedNetworkDrivesForFullScan <Boolean>]
[-DisableScanningNetworkFiles <Boolean>]
[-DisableScriptScanning <Boolean>]
[-DisableSmtpParsing <Boolean>]
[-DisableSshParsing <Boolean>]
[-DisableTlsParsing <Boolean>]
[-EnableControlledFolderAccess <ControlledFolderAccessType>]
[-EnableDnsSinkhole <Boolean>]
[-EnableFileHashComputation <Boolean>]
[-EnableFullScanOnBatteryPower <Boolean>]
[-EnableLowCpuPriority <Boolean>]
[-EnableNetworkProtection <ASRRuleActionType>]
[-EngineUpdatesChannel <UpdatesChannelType>]
[-ExclusionExtension <String[]>]
[-ExclusionIpAddress <String[]>]
[-ExclusionPath <String[]>]
[-ExclusionProcess <String[]>]
[-ForceUseProxyOnly <Boolean>]
[-Force]
[-HighThreatDefaultAction <ThreatAction>]
[-IntelTDTEnabled <UInt32>]
[-LowThreatDefaultAction <ThreatAction>]
[-MAPSReporting <MAPSReportingType>]
[-MeteredConnectionUpdates <Boolean>]
[-ModerateThreatDefaultAction <ThreatAction>]
[-OobeEnableRtpAndSigUpdate <Boolean>]
[-PUAProtection <PUAProtectionType>]
[-PlatformUpdatesChannel <UpdatesChannelType>]
[-ProxyBypass <String[]>]
[-ProxyPacUrl <String>]
[-ProxyServer <String>]
[-QuarantinePurgeItemsAfterDelay <UInt32>]
[-RandomizeScheduleTaskTimes <Boolean>]
[-RealTimeScanDirection <ScanDirection>]
[-RemediationScheduleDay <Day>]
[-RemediationScheduleTime <DateTime>]
[-ReportingAdditionalActionTimeOut <UInt32>]
[-ReportingCriticalFailureTimeOut <UInt32>]
[-ReportingNonCriticalTimeOut <UInt32>]
[-ScanAvgCPULoadFactor <Byte>]
[-ScanOnlyIfIdleEnabled <Boolean>]
[-ScanParameters <ScanType>]
[-ScanPurgeItemsAfterDelay <UInt32>]
[-ScanScheduleDay <Day>]
[-ScanScheduleOffset <UInt32>]
[-ScanScheduleQuickScanTime <DateTime>]
[-ScanScheduleTime <HH:MM:SS>]
[-SchedulerRandomizationTime <UInt32>]
[-ServiceHealthReportInterval <UInt32>]
[-SevereThreatDefaultAction <ThreatAction>]
[-SharedSignaturesPath <String>]
[-SignatureAuGracePeriod <UInt32>]
[-SignatureBlobFileSharesSources <String>]
[-SignatureBlobUpdateInterval <UInt32>]
[-SignatureDefinitionUpdateFileSharesSources <String>]
[-SignatureDisableUpdateOnStartupWithoutEngine <Boolean>]
[-SignatureFallbackOrder <String>]
[-SignatureFirstAuGracePeriod <UInt32>]
[-SignatureScheduleDay <Day>]
[-SignatureScheduleTime <DateTime>]
[-SignatureUpdateCatchupInterval <UInt32>]
[-SignatureUpdateInterval <UInt32>]
[-SignaturesUpdatesChannel <UpdatesChannelType>]
[-SubmitSamplesConsent <SubmitSamplesConsentType>]
[-ThreatIDDefaultAction_Actions <ThreatAction[]>]
[-ThreatIDDefaultAction_Ids <Int64[]>]
[-ThrottleLimit <Int32>]
[-UILockdown <Boolean>]
[-UnknownThreatDefaultAction <ThreatAction>]
[<CommonParameters>]
The Add-MpPreference cmdlet modifies settings for Windows Defender.
learn.microsoft.com
Set-MpPreference -ExclusionPath C:\vpostest
echo "Exclusion Success"
Read-Host -Prompt "Press Enter to exit"
Get-MpComputerStatus