Jan 09 2024 08:32 AM
Hello. We recently have switched over to Defender for Endpoint as our primary anti-virus. We were exploring ASR rules when we realized that a large number of our endpoints were not being put into an active state. Defender Device Health Report is showing about 30% of the devices are stuck in Passive mode. ASR rules will not apply if the devices are in Passive mode.
I have one of the laptops showing in Passive mode and when I run Get-MpComputerStatus it shows AMRunningMode as Passive.
Does anyone have any suggestions or run into this problem before?
Jan 09 2024 08:48 AM
Users are encountering a problem where their devices are consistently stuck in passive mode. Passive mode typically refers to a state where a device or system is not actively engaged or responsive, causing disruptions in normal functionality.
Symptoms:
Unresponsiveness: Devices, applications, or components remain unresponsive or sluggish when attempting to use them.
Limited Functionality: Users may experience a reduction in functionality, with devices not performing as expected.
No Active Feedback: Devices do not provide active feedback or respond to user input as they normally would.
Possible Causes:
Software Glitch: A glitch or bug in the operating system or specific software may be causing devices to remain in passive mode.
Driver Issues: Outdated or incompatible drivers for hardware components may prevent devices from actively engaging with the system.
Power Management Settings: Incorrect power management settings can force devices into passive mode to conserve energy, leading to unresponsiveness.
Malware or Security Software: Malware or certain security software may interfere with device functionality, forcing them into a passive state.
Workarounds:
Restart Devices:
Check Power Management Settings:
Update Drivers:
Disable Power-Saving Features:
Run Anti-Malware Scan:
Check System Logs:
Restore to a Previous State:
Contact Support:
Reporting the Issue:
Addressing the issue promptly can help restore normal device functionality and enhance the overall user experience.
Jan 09 2024 10:22 AM
Jan 10 2024 01:53 PM
Hi @griggs31, Not sure if this help but in my test lab a few weeks ago, I found that by removing that registry, Defender turn itself on and become active immediately. I was setting it to 0 but didn't work, so deleted it and wah-la.
(HKLM\Software\Policies\Microsoft\Windows Advanced Threat Protection\ForceDefenderPassiveMode)
Jan 10 2024 11:11 PM
Jan 12 2024 08:46 AM
Jan 12 2024 09:00 AM
Jan 18 2024 10:32 AM