Forum Discussion

AnuragSrivastava's avatar
AnuragSrivastava
Iron Contributor
Jun 02, 2021

No active antivirus provider

Hello,

 

I have uninstalled 3rd party AV on the endpoints in my organization and have enabled Windows Defender AV by pushing endpoint security (Antivirus) policy through Intune.

 

Still I am getting the message that there is 'No active antivirus provider. Your device is vulnerable' (Refer the attached screenshot).

 

Any suggestions on how to fix it for all the endpoints.

  • Hi Ambarish,

    Thank you for your reply. The issue was due to 'DisableAntiSpyware' registry key under HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender which was set to 1. Now we have the changed the value to 0 and we can see the Microsoft Defender as the active antivirus.
  • If anyone reading this is looking for step-by-step guidance on how to install Microsoft Defender for Endpoint, be sure to review the Defender setup guide in the Microsoft 365 admin center. 


    The guide has a great feature where it can detect settings in your tenant to provide tailored guidance.

     

    Additionally, the setup guide is used to view and configure features as well as save time with automated investigation and response. 


    Note: If you don't have Microsoft 365 admin permissions, open the guide in a test or POC tenant to get instructions.

    • AnuragSrivastava's avatar
      AnuragSrivastava
      Iron Contributor
      Yes , I can see the endpoints on the Intune portal with policy status as successful.
      • ambarishrh's avatar
        ambarishrh
        Iron Contributor

        AnuragSrivastava Could you please share a screenshot of the below registry entry?

         

        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Resources