Enable: 'Turn on definition retirement' for DisableSignatureRetirement This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilities. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system is not vulnerable to the exploit detected by a definition, then that definition is "retired". If all definitions for a given protocol are retired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. If you enable or do not configure this setting, definition retirement will be enabled. If you disable this setting, definition retirement will be disabled. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: Depending on configuration, definition retirement will not occur and could impact network performance.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows DefenderNetwork Inspection SystemTurn on definition retirement (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows DefenderNISConsumersIPSDisableSignatureRetirement