Hi Richard and Adam, we had an engineer look into this and this was their response.

"Looked into this and I think there are no changes needed here. Reasoning:

The MSFT documentation for this setting has the name DisableScanningNetworkFiles, which implies you set it to true to disable scanning.

It also has the description If you enable or don't configure this setting, network files will be scanned., which implies the opposite of the above. This contradiction causes the ambiguity.

On a fresh Windows install checking this setting in powershell shows a default of false, which tells us that in the description enable actually means set to false. It follows that the description is misleading, and the setting name is likely accurate.

portal UI currently already inverts this logic

Putting it all together, I believe the current behavior is correct:

Huntress is "Disabled" == MSFT Scan_DisableScanningNetworkFiles is true == Do not scan

Huntress is "Enabled" == MSFT Scan_DisableScanningNetworkFiles is false == Yes please scan"

Let me know if this tracks as your understanding of the functionality as well. Apologies on all the confusion.

As Artur has suggested, I think perhaps there has been a misunderstanding of the Microsoft documentation (https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus#scan_disablescanningnetworkfiles). The policy name is "Scan_DisableScanningNetworkFiles" and the default is "Enabled" which suggests the default is to disable the scanning, but Microsoft clearly state "The default is enabled. Recommended to remain enabled in most cases. If you enable or don't configure this setting, network files WILL BE SCANNED". It seems the policy was previously named "EnableScanningNetworkFiles" and when they renamed it, the description was not updated resulting in a double negative which causes confusion.

Can we either be given the option to enable this setting in Huntress, or can the default be changed to enable scanning as per Microsoft recommendations?