Policy
Configure the 'Block at First Sight' feature
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016
This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain content to be run or accessed. If this feature is disabled, the check will not occur, which will lower the protection state of the device. Enabled – The Block at First Sight setting is turned on. Disabled – The Block at First Sight setting is turned off. This feature requires these Group Policy settings to be set as follows: MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature will not function. MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature will not function. Real-time Protection -> The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature will not function. Real-time Protection -> Do not enable the “Turn off real-time protection” policy or the “Block at First Sight” feature will not function.
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| Computer | Path Software\Policies\Microsoft\Windows Defender\Spynet Value name DisableBlockAtFirstSeen | REG_DWORD | HKLM 0 | HKLM 1 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.