SOLVED

Defender Antivirus (AV) Passive Mode

%3CLINGO-SUB%20id%3D%22lingo-sub-2509847%22%20slang%3D%22en-US%22%3EDefender%20Antivirus%20(AV)%20Passive%20Mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2509847%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhile%20researching%20how%20to%20set%20Defender%20AV%20to%20passive%20mode%20I%20stumbled%20upon%20two%20registry%20keys%3A%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSTRONG%3EForceDefenderPassiveMode%3C%2FSTRONG%3E%3CBR%20%2F%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmicrosoft-defender-antivirus-compatibility%3Fview%3Do365-worldwide%23microsoft-defender-antivirus-and-non-microsoft-antivirusantimalware-solutions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmicrosoft-defender-antivirus-compatibility%3Fview%3Do365-worldwide%23microsoft-defender-antivirus-and-non-microsoft-antivirusantimalware-solutions%3C%2FA%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22amuellertf_0-1625212129633.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F293086iFCC0051F45EA787F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22amuellertf_0-1625212129633.png%22%20alt%3D%22amuellertf_0-1625212129633.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmicrosoft-defender-antivirus-on-windows-server%3Fview%3Do365-worldwide%23set-microsoft-defender-antivirus-to-passive-mode-using-a-registry-key%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmicrosoft-defender-antivirus-on-windows-server%3Fview%3Do365-worldwide%23set-microsoft-defender-antivirus-to-passive-mode-using-a-registry-key%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22amuellertf_1-1625212166591.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F293087iAD753BCCB6253C48%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22amuellertf_1-1625212166591.png%22%20alt%3D%22amuellertf_1-1625212166591.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSTRONG%3EForcePassiveMode%3C%2FSTRONG%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fswitch-to-microsoft-defender-onboard%3Fview%3Do365-worldwide%23set-microsoft-defender-antivirus-on-windows-server-to-passive-mode-manually%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fswitch-to-microsoft-defender-onboard%3Fview%3Do365-worldwide%23set-microsoft-defender-antivirus-on-windows-server-to-passive-mode-manually%3C%2FA%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22amuellertf_2-1625212206080.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F293088iC22DAB19EC00617F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22amuellertf_2-1625212206080.png%22%20alt%3D%22amuellertf_2-1625212206080.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fswitch-to-microsoft-defender-setup%3Fview%3Do365-worldwide%23set-microsoft-defender-antivirus-to-passive-mode-on-windows-server%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fswitch-to-microsoft-defender-setup%3Fview%3Do365-worldwide%23set-microsoft-defender-antivirus-to-passive-mode-on-windows-server%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22amuellertf_3-1625212237224.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F293089i1A32A6914ADAFAB3%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22amuellertf_3-1625212237224.png%22%20alt%3D%22amuellertf_3-1625212237224.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20either%20of%20you%20know%20which%20one%20is%20the%20correct%20one%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EAndre%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2509847%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eantivirus%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eav%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDefender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epassive%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2517836%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20Antivirus%20(AV)%20Passive%20Mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2517836%22%20slang%3D%22en-US%22%3EGood%20catch!%20Haven't%20been%20utilizing%20the%20passive%20mode%20yet%2C%20but%20this%20sure%20needs%20some%20clear%20statement%20from%20MS.%3CBR%20%2F%3EThis%20article%20describes%20it%20as%20ForceDefenderPassiveMode%3A%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindows-itpro-docs%2Fissues%2F7929%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fwindows-itpro-docs%2Fissues%2F7929%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EHowever%2C%20i%20don't%20get%20my%20Defender%20to%20passive%20mode%20with%20the%20entry%20(most%20likely%20because%20of%20Tamper%20Protection).%3C%2FLINGO-BODY%3E
Occasional Contributor
2 Replies
Good catch! Haven't been utilizing the passive mode yet, but this sure needs some clear statement from MS.
This article describes it as ForceDefenderPassiveMode: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7929

However, i don't get my Defender to passive mode with the entry (most likely because of Tamper Protection).
best response confirmed by amueller-tf (Occasional Contributor)
Solution
It looks like this has been resolved and all four links above now show that "ForceDefenderPassiveMode" puts Defender AV in passive mode.