May 29 2019 11:13 AM
The following three security detections/recommendations are incorrect --
The stated (although debatable) goal is to disable the notifications so as not to confuse the user since they wouldn't be able to address it properly anyway. The remediation options indicate that Windows Defender ATP is verifying that the HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications REG_DWORD value is set to 0. Instead, it should be checking to make sure it is set to 1 since that is what would disable the notifications.