[German]Windows 10 users are facing the behavior, that Windows Defender skips items during a scan and reports this. In the meantime the cause is clear and I present a solution in the blog post. Addendum: Microsoft has issued a fix.
What is the Defender scanning problem?
Since several weeks some Windows 10 users have been experiencing a strange effect when scanning their systems using Windows Defender. Although the scan is successful, at the end of the process the virus scanner reports skipped items during the scan. The following message is then displayed.
Windows Defender skipped an item due to exclusions or network protection settings.
I had covered the case in more detail in the blog post Windows 10: Defender skips elements during scan. Since the affected users did not define exclusions for scanning, much indicated a problem with the network scan.
Cause and Workaround
The message from the Defender occurs, because the Defender doesn’t scan network files anymore by default. Something seems to have changed Microsoft’s behavior some time ago.
I feel it’s pity that Microsoft hasn’t documented this somewhere and doesn’t differentiate in its notification. The message is not wrong and makes sense with today’s knowledge (from the following sections) – because it will be displayed when a user-defined exception was found for the scan OR when the standard default of not scanning network files was followed. That’s what I conclude from the hint of Jens in this comment and from the hints given below.
Note: Below are a few hints, given as fixes, to avoid the notification, by allowing network scans. But Microsoft don’t recommend network scans. There is a simple reason: Performance. If multiple clients in a network – and also the AV software on a server, starts to scan (the same) network files, there is a lot of (senseless) traffic. I guess, that’s the reason, why Microsoft disables network scan in defender by default. If you feel in need to scan a NAS, you may use the fixes given below to allow network scans.
Fix #1: Allow network scan via GPO
To get rid of the above message, you can use Group Policy to allow Defender to scan files on the network.
1. On Windows 10 Pro or Enterprise, type the command gpedit.msc and use the context menu command Run as Administrator to launch the group policy editor.
2. Set the following Group Policy and enable it, if necessary, by typing the gpupdate /force command at an administrative prompt window to force the Group Policy to take effect.
Navigate in the left pane of the group policy editor to the following branch:
Computer Configuration –> Administrative Templates –> Windows Components –> Windows Defender Antivirus –> Scan
Select the policy Scan network files in the right pane via double click and set the GPO state for this policy to Enabled.
At least on my test system the message about skipped elements is gone and I get the above status display.
The guidelines for Defender have been described by Microsoft in this document.
Fix 2: Activation via Registry
There is no group policy editor available in Windows 10 Home. To access the registry editor regedit.exe, choose Run as administrator. Then navigate to the following key:
There you create a 32-bit DWORD value DisableScanningNetworkFiles and enter the value 0 to allow scanning of the network files.
In this article DisableScanningMappedNetworkDrivesForFullScan is described, but this does not correspond to the GPO entry mentioned above.
Fix 3: Activation via PowerShell
According to this Microsoft document, the following command can be executed in an administrative PowerShell console:
to allow scanning of network files. The scan is not performed if the value 1 is specified.
By the way: Microsoft says “We do not recommend that you scan network files”. But at least now it is clear where the elements skipped during the scan come from.
Addendum: Read also the analysis from Lawrence Abrams at Bleeping Computer. He found out with an old Win 10 VM, that MS has changed the default settings for defender network scan in March 2020.
My recommendation: Just ignore the toast notification about the skipped elements during scan and don’t activate a network scan by default. See my explanation added to the above text.
Addendum 1: Microsoft has released an update to fix that behavior, see Update KB4052623: Microsoft fixes Defender Scan Skip Bug.
Cookies helps to fund this blog: Cookie settings