M365 Defender tells me, that I should Turn on Real Time Protecion

Copper Contributor

Under Security recommendations in M365 Defender we were told to enable RTP on some Win10 Devices.

 

The following remediation setting is configured over Config Manager Antimalware Policy:

Computer Configuration\Administrative Templates\Windows Components\(Windows|Microsoft) Defender Antivirus\Real-time Protection\Turn off real-time protection
To one of the following values: Disabled or Not Configured

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\real-time protection

DisableRealTimeMonitoring is set to 0 

If I check get-mpcomputerstatus I got the following setting:
RealTimeProtectionEnabled : False

If I check get-mppreference I got the following setting:
DisableRealtimeMonitoring : False

We have a few tousand clients in our environment, but just a few houndreds have this issue. They all have the same Antimalware Policy.

 

What can I do to solve this?

 

 

3 Replies
I have the same issue with my client and I haven't found anyting. Also opened several tickets with Microsoft with no help so far. The issue started couple weeks ago and now seems to be resolving by it's self slowly. Were you able to find anyting yet?

@RiikkaR 

 

Thanks for answering.

No, until now we were not able to find a solution on this issue. But we also can confirm, that our number of affected devices is decreasing slowly.

 

Hopefully this issue will disappear in a few days.

Exactly the same problem, we have solved this by running all of the steps of this site: https://softwarekeep.com/help-center/windows-defender-wont-turn-on.

The option when we checked for corrupted system files: CMD > sfc /scannow solved our problem. It actually found some corrupted system files and remediated them automatically. After this process, we checked: Get-MpComputerStatus and realtimeprotectionenabled was True.