Forum Discussion
Windows 11 Defender not responding at all - No online solutions working.
Hello all! This is my first post on here, so i am sorry if i maybe mess something up with the formatting or so. But i have been having an issue ever since i got Windows 11 for my Surface Pro 4, whic...
I have finally (!) resolved the issue. However, i was forced to do a reset of my system. It seems to be working reliably now, even after a restart. Hopefully this problem does not reappear. I honestly think ill sell my Surface Pro if it does - It's just not worth spending so much time for.
uhm... well, since I see this post here even shows up detected by Google...
Well, I don't know but I guess more people that use 21390.2025 builds from Windows Insider Builds might find this post here too. Please, delete keys you don't need or know what they are. You will see what I did set, make it the opposite if you rather wanna be protected but have certain things set right. This here is just to show all key setting names, so you can then make your own values. *puts on an insecure smile*
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"ServiceKeepAlive"=dword:00000000
"AllowFastServiceStartup"=dword:00000000
"ProxyBypass"="*"
"RandomizeScheduleTaskTimes"=dword:00000000
"DisableRoutinelyTakingAction"=dword:00000001
"DisableAntiSpyware"=dword:00000001
"ProxyServer"="*"
"DisableLocalAdminMerge"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions]
"DisableAutoExclusions"=dword:00000000
"Exclusions_Extensions"=dword:00000001
"Exclusions_IpAddresses"=dword:00000001
"Exclusions_Paths"=dword:00000001
"Exclusions_Processes"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions]
"exe"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\IpAddresses]
"*"="0"
"192.168.0.2"="0"
"localhost"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes]
"\"C:\\Windows\\System32\\sethc.exe\""="0"
"\"C:\\Windows\\System32\\cmd.exe\""="0"
"\"C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
"EnableFileHashComputation"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000000
"DisableProtocolRecognition"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS]
"DisableSignatureRetirement"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine]
"LocalSettingOverridePurgeItemsAfterDelay"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableIOAVProtection"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableBehaviorMonitoring"=dword:00000001
"DisableScriptScanning"=dword:00000001
"DisableRawWriteNotification"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000
"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
"LocalSettingOverrideRealtimeScanDirection"=dword:00000000
"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000
"RealtimeScanDirection"=dword:00000002
"IOAVMaxSize"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation]
"LocalSettingOverrideScan_ScheduleTime"=dword:00000000
"Scan_ScheduleDay"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting]
"CriticalFailureTimeout"=dword:00000000
"DisableGenericRePorts"=dword:00000001
"DisableEnhancedNotifications"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan]
"DisableArchiveScanning"=dword:00000001
"DisableScanningNetworkFiles"=dword:00000001
"DisableRemovableDriveScanning"=dword:00000001
"DisableRestorePoint"=dword:00000001
"DisableScanningMappedNetworkDrivesForFullScan"=dword:00000001
"AllowPause"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"DisableScanOnUpdate"=dword:00000001
"ScheduleDay"=dword:00000008
"DisableUpdateOnStartupWithoutEngine"=dword:00000001
"UpdateOnStartUp"=dword:00000000
"MeteredConnectionUpdates"=dword:00000000
"DisableScheduledSignatureUpdateOnBattery"=dword:00000001
"ForceUpdateFromMU"=dword:00000000
"RealtimeSignatureDelivery"=dword:00000000
"SignatureDisableNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"LocalSettingOverrideSpynetReporting"=dword:00000000
"DisableBlockAtFirstSeen"=dword:00000001
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration]
"UILockdown"=dword:00000000
"Notification_Suppress"=dword:00000001
"SuppressRebootNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_ASROnlyExclusions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=dword:00000000
"AllowNetworkProtectionOnWinServer"=dword:00000000
#
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"ServiceKeepAlive"=dword:00000000
"AllowFastServiceStartup"=dword:00000000
"ProxyBypass"="*"
"RandomizeScheduleTaskTimes"=dword:00000000
"DisableRoutinelyTakingAction"=dword:00000001
"DisableAntiSpyware"=dword:00000001
"ProxyServer"="*"
"DisableLocalAdminMerge"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions]
"DisableAutoExclusions"=dword:00000000
"Exclusions_Extensions"=dword:00000001
"Exclusions_IpAddresses"=dword:00000001
"Exclusions_Paths"=dword:00000001
"Exclusions_Processes"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions]
"exe"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\IpAddresses]
"*"="0"
"192.168.0.2"="0"
"localhost"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes]
"\"C:\\Windows\\System32\\sethc.exe\""="0"
"\"C:\\Windows\\System32\\cmd.exe\""="0"
"\"C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
"EnableFileHashComputation"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000000
"DisableProtocolRecognition"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS]
"DisableSignatureRetirement"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine]
"LocalSettingOverridePurgeItemsAfterDelay"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableIOAVProtection"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableBehaviorMonitoring"=dword:00000001
"DisableScriptScanning"=dword:00000001
"DisableRawWriteNotification"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000
"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
"LocalSettingOverrideRealtimeScanDirection"=dword:00000000
"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000
"RealtimeScanDirection"=dword:00000002
"IOAVMaxSize"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation]
"LocalSettingOverrideScan_ScheduleTime"=dword:00000000
"Scan_ScheduleDay"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting]
"CriticalFailureTimeout"=dword:00000000
"DisableGenericRePorts"=dword:00000001
"DisableEnhancedNotifications"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan]
"DisableArchiveScanning"=dword:00000001
"DisableScanningNetworkFiles"=dword:00000001
"DisableRemovableDriveScanning"=dword:00000001
"DisableRestorePoint"=dword:00000001
"DisableScanningMappedNetworkDrivesForFullScan"=dword:00000001
"AllowPause"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"DisableScanOnUpdate"=dword:00000001
"ScheduleDay"=dword:00000008
"DisableUpdateOnStartupWithoutEngine"=dword:00000001
"UpdateOnStartUp"=dword:00000000
"MeteredConnectionUpdates"=dword:00000000
"DisableScheduledSignatureUpdateOnBattery"=dword:00000001
"ForceUpdateFromMU"=dword:00000000
"RealtimeSignatureDelivery"=dword:00000000
"SignatureDisableNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"LocalSettingOverrideSpynetReporting"=dword:00000000
"DisableBlockAtFirstSeen"=dword:00000001
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration]
"UILockdown"=dword:00000000
"Notification_Suppress"=dword:00000001
"SuppressRebootNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_ASROnlyExclusions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=dword:00000000
"AllowNetworkProtectionOnWinServer"=dword:00000000
Well, I don't know but I guess more people that use 21390.2025 builds from Windows Insider Builds might find this post here too. Please, delete keys you don't need or know what they are. You will see what I did set, make it the opposite if you rather wanna be protected but have certain things set right. This here is just to show all key setting names, so you can then make your own values. *puts on an insecure smile*
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"ServiceKeepAlive"=dword:00000000
"AllowFastServiceStartup"=dword:00000000
"ProxyBypass"="*"
"RandomizeScheduleTaskTimes"=dword:00000000
"DisableRoutinelyTakingAction"=dword:00000001
"DisableAntiSpyware"=dword:00000001
"ProxyServer"="*"
"DisableLocalAdminMerge"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions]
"DisableAutoExclusions"=dword:00000000
"Exclusions_Extensions"=dword:00000001
"Exclusions_IpAddresses"=dword:00000001
"Exclusions_Paths"=dword:00000001
"Exclusions_Processes"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions]
"exe"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\IpAddresses]
"*"="0"
"192.168.0.2"="0"
"localhost"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes]
"\"C:\\Windows\\System32\\sethc.exe\""="0"
"\"C:\\Windows\\System32\\cmd.exe\""="0"
"\"C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
"EnableFileHashComputation"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000000
"DisableProtocolRecognition"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS]
"DisableSignatureRetirement"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine]
"LocalSettingOverridePurgeItemsAfterDelay"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableIOAVProtection"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableBehaviorMonitoring"=dword:00000001
"DisableScriptScanning"=dword:00000001
"DisableRawWriteNotification"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000
"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
"LocalSettingOverrideRealtimeScanDirection"=dword:00000000
"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000
"RealtimeScanDirection"=dword:00000002
"IOAVMaxSize"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation]
"LocalSettingOverrideScan_ScheduleTime"=dword:00000000
"Scan_ScheduleDay"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting]
"CriticalFailureTimeout"=dword:00000000
"DisableGenericRePorts"=dword:00000001
"DisableEnhancedNotifications"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan]
"DisableArchiveScanning"=dword:00000001
"DisableScanningNetworkFiles"=dword:00000001
"DisableRemovableDriveScanning"=dword:00000001
"DisableRestorePoint"=dword:00000001
"DisableScanningMappedNetworkDrivesForFullScan"=dword:00000001
"AllowPause"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"DisableScanOnUpdate"=dword:00000001
"ScheduleDay"=dword:00000008
"DisableUpdateOnStartupWithoutEngine"=dword:00000001
"UpdateOnStartUp"=dword:00000000
"MeteredConnectionUpdates"=dword:00000000
"DisableScheduledSignatureUpdateOnBattery"=dword:00000001
"ForceUpdateFromMU"=dword:00000000
"RealtimeSignatureDelivery"=dword:00000000
"SignatureDisableNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"LocalSettingOverrideSpynetReporting"=dword:00000000
"DisableBlockAtFirstSeen"=dword:00000001
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration]
"UILockdown"=dword:00000000
"Notification_Suppress"=dword:00000001
"SuppressRebootNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_ASROnlyExclusions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=dword:00000000
"AllowNetworkProtectionOnWinServer"=dword:00000000
#
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"ServiceKeepAlive"=dword:00000000
"AllowFastServiceStartup"=dword:00000000
"ProxyBypass"="*"
"RandomizeScheduleTaskTimes"=dword:00000000
"DisableRoutinelyTakingAction"=dword:00000001
"DisableAntiSpyware"=dword:00000001
"ProxyServer"="*"
"DisableLocalAdminMerge"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions]
"DisableAutoExclusions"=dword:00000000
"Exclusions_Extensions"=dword:00000001
"Exclusions_IpAddresses"=dword:00000001
"Exclusions_Paths"=dword:00000001
"Exclusions_Processes"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions]
"exe"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\IpAddresses]
"*"="0"
"192.168.0.2"="0"
"localhost"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes]
"\"C:\\Windows\\System32\\sethc.exe\""="0"
"\"C:\\Windows\\System32\\cmd.exe\""="0"
"\"C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine]
"EnableFileHashComputation"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS]
"DisableDatagramProcessing"=dword:00000000
"DisableProtocolRecognition"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS]
"DisableSignatureRetirement"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine]
"LocalSettingOverridePurgeItemsAfterDelay"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableIOAVProtection"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableBehaviorMonitoring"=dword:00000001
"DisableScriptScanning"=dword:00000001
"DisableRawWriteNotification"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000
"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
"LocalSettingOverrideRealtimeScanDirection"=dword:00000000
"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000
"RealtimeScanDirection"=dword:00000002
"IOAVMaxSize"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation]
"LocalSettingOverrideScan_ScheduleTime"=dword:00000000
"Scan_ScheduleDay"=dword:00000008
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting]
"CriticalFailureTimeout"=dword:00000000
"DisableGenericRePorts"=dword:00000001
"DisableEnhancedNotifications"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan]
"DisableArchiveScanning"=dword:00000001
"DisableScanningNetworkFiles"=dword:00000001
"DisableRemovableDriveScanning"=dword:00000001
"DisableRestorePoint"=dword:00000001
"DisableScanningMappedNetworkDrivesForFullScan"=dword:00000001
"AllowPause"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"DisableScanOnUpdate"=dword:00000001
"ScheduleDay"=dword:00000008
"DisableUpdateOnStartupWithoutEngine"=dword:00000001
"UpdateOnStartUp"=dword:00000000
"MeteredConnectionUpdates"=dword:00000000
"DisableScheduledSignatureUpdateOnBattery"=dword:00000001
"ForceUpdateFromMU"=dword:00000000
"RealtimeSignatureDelivery"=dword:00000000
"SignatureDisableNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"LocalSettingOverrideSpynetReporting"=dword:00000000
"DisableBlockAtFirstSeen"=dword:00000001
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration]
"UILockdown"=dword:00000000
"Notification_Suppress"=dword:00000001
"SuppressRebootNotification"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_ASROnlyExclusions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions]
"\"C:\\\""="0"
"\"Y:\\\""="0"
"\"Z:\\\""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=dword:00000000
"AllowNetworkProtectionOnWinServer"=dword:00000000
For making policies instantly take action, use command prompt or powershell as admin and start the ~15seconds long command:
gpupdate /force /wait:-1
Several settings but require you to restart the PC. ... as usual, it's a bit unpredictable on Registry edit time of activation. 🙂
gpupdate /force /wait:-1
Several settings but require you to restart the PC. ... as usual, it's a bit unpredictable on Registry edit time of activation. 🙂
- last edit:
I forgot to mention EXPLOIT GUARD feature of WinDefend. It needs an outer configuration file. In my Registry-edits you see I used a file "C:\0\Settings.xml" or in "C:\!\Settings.xml"... create an .XML and put this in there: then turn on what you like, false to true.
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
<SystemConfig>
<DEP Enable="false" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" />
<SystemCalls DisableWin32kSystemCalls="false" />
<ExtensionPoints DisableExtensionPoints="false" />
<DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" />
<ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" />
<SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" />
<Fonts DisableNonSystemFonts="false" AuditOnly="false" />
<ImageLoad BlockRemoteImageLoads="false" AuditRemoteImageLoads="false" BlockLowLabelImageLoads="false" AuditLowLabelImageLoads="false" PreferSystem32="false" AuditPreferSystem32="false" />
<SEHOP Enable="false" TelemetryOnly="false" />
<Heap TerminateOnError="false" />
<UserShadowStack UserShadowStack="false" UserShadowStackStrictMode="false" AuditUserShadowStack="false" />
</SystemConfig>
</MitigationPolicy>
