Turn on definition retirement

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocal are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. If you enable or do not configure this setting, definition retirement will be enabled. If you disable this setting, definition retirement will be disabled.

This policy has no additional user input fields.

• Computer
  Convert warn verdict to block

  At least Windows Server 2016, Windows 10 Version 1709
• Computer
  Specify additional definition sets for network traffic inspection

  At least Windows Server 2012, Windows 8 or Windows RT
• Computer
  This setting controls datagram processing for network protection.

  At least Windows Server 2016, Windows 10 Version 1709
• Computer
  Turn on asynchronous inspection

  At least Windows Server 2016, Windows 10 Version 1709
• Computer
  Turn on protocol recognition

  At least Windows Server 2012, Windows 8 or Windows RT