Forum Discussion

Nigel_Ward's avatar
Nigel_Ward
Copper Contributor
Apr 03, 2022

Microsoft Defender for Endpoint

I'm currently trying to implement MDE to replace existing EDR solution.  Policies and test group have been created.  MS test powershell does generate the appropriate alert.  But Windows Defender A...
Nigel_Ward's avatar
Nigel_Ward
Copper Contributor
Apr 03, 2022

No errors here

Jonhed's avatar
Jonhed
Iron Contributor
Apr 04, 2022
Do you have any GPO settings that disable defender antivirus?

GPO will take precedence over Intune policies.
  • Nigel_Ward's avatar
    Nigel_Ward
    Copper Contributor
    Apr 09, 2022
    I found this did the job.

    https://www.varonis.com/blog/windows-defender-turned-off-by-group-policy

    Run ‘regedit’

    Navigate through the tree to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.

    Delete DisableAntiSpyware in the right pane.

    Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.

    Delete DisableRealtimeMonitoring in the right pane.

Resources