Forum Discussion
Microsoft Defender for Endpoint
I'm currently trying to implement MDE to replace existing EDR solution. Policies and test group have been created. MS test powershell does generate the appropriate alert. But Windows Defender A...
Do you have any GPO settings that disable defender antivirus?
GPO will take precedence over Intune policies.
GPO will take precedence over Intune policies.
I found this did the job.
https://www.varonis.com/blog/windows-defender-turned-off-by-group-policy
Run ‘regedit’
Navigate through the tree to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.
Delete DisableAntiSpyware in the right pane.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.
Delete DisableRealtimeMonitoring in the right pane.
https://www.varonis.com/blog/windows-defender-turned-off-by-group-policy
Run ‘regedit’
Navigate through the tree to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender.
Delete DisableAntiSpyware in the right pane.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.
Delete DisableRealtimeMonitoring in the right pane.