Oct 24 2022 04:59 AM
Under Security recommendations in M365 Defender we were told to enable RTP on some Win10 Devices.
The following remediation setting is configured over Config Manager Antimalware Policy:
Computer Configuration\Administrative Templates\Windows Components\(Windows|Microsoft) Defender Antivirus\Real-time Protection\Turn off real-time protection
To one of the following values: Disabled or Not Configured
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\real-time protection
DisableRealTimeMonitoring is set to 0
If I check get-mpcomputerstatus I got the following setting:
RealTimeProtectionEnabled : False
If I check get-mppreference I got the following setting:
DisableRealtimeMonitoring : False
We have a few tousand clients in our environment, but just a few houndreds have this issue. They all have the same Antimalware Policy.
What can I do to solve this?
Oct 27 2022 05:07 AM
Oct 28 2022 12:01 AM
Thanks for answering.
No, until now we were not able to find a solution on this issue. But we also can confirm, that our number of affected devices is decreasing slowly.
Hopefully this issue will disappear in a few days.
Aug 11 2023 03:04 AM - edited Aug 11 2023 03:06 AM
Exactly the same problem, we have solved this by running all of the steps of this site: https://softwarekeep.com/help-center/windows-defender-wont-turn-on.
The option when we checked for corrupted system files: CMD > sfc /scannow solved our problem. It actually found some corrupted system files and remediated them automatically. After this process, we checked: Get-MpComputerStatus and realtimeprotectionenabled was True.