User Profile
ashadyllia
Copper Contributor
Joined 5 years ago
IT-Specialist of System-Integration
User Widgets
Recent Discussions
Re: Windows 11 Defender not responding at all - No online solutions working.
**bleep** it. The ExploitGuard key was wrong pathed. Just noticed it. This here is correct: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection] "ExploitProtectionSettings"="C:\\0\\Settings.xml" this one is wrong ... delete this full tab: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard]8KViews0likes0CommentsRe: Windows 11 Defender not responding at all - No online solutions working.
https://techcommunity.microsoft.com/t5/windows-11/windows-11-defender-not-responding-at-all-no-online-solutions/m-p/3277042#M3211 please check my uploaded solution that is possible. It enforces it by Registry and Policy privilege. More is mentioned.8.1KViews0likes1CommentRe: Windows 11 Defender not responding at all - No online solutions working.
last edit: I forgot to mention EXPLOIT GUARD feature of WinDefend. It needs an outer configuration file. In my Registry-edits you see I used a file "C:\0\Settings.xml" or in "C:\!\Settings.xml"... create an .XML and put this in there: then turn on what you like, false to true. <?xml version="1.0" encoding="UTF-8"?> <MitigationPolicy> <SystemConfig> <DEP Enable="false" EmulateAtlThunks="false" /> <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" /> <SystemCalls DisableWin32kSystemCalls="false" /> <ExtensionPoints DisableExtensionPoints="false" /> <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" /> <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" /> <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" /> <Fonts DisableNonSystemFonts="false" AuditOnly="false" /> <ImageLoad BlockRemoteImageLoads="false" AuditRemoteImageLoads="false" BlockLowLabelImageLoads="false" AuditLowLabelImageLoads="false" PreferSystem32="false" AuditPreferSystem32="false" /> <SEHOP Enable="false" TelemetryOnly="false" /> <Heap TerminateOnError="false" /> <UserShadowStack UserShadowStack="false" UserShadowStackStrictMode="false" AuditUserShadowStack="false" /> </SystemConfig> </MitigationPolicy>8KViews0likes0CommentsRe: Windows 11 Defender not responding at all - No online solutions working.
For making policies instantly take action, use command prompt or powershell as admin and start the ~15seconds long command: gpupdate /force /wait:-1 Several settings but require you to restart the PC. ... as usual, it's a bit unpredictable on Registry edit time of activation. 🙂8.1KViews0likes1CommentRe: Windows 11 Defender not responding at all - No online solutions working.
uhm... well, since I see this post here even shows up detected by Google... Well, I don't know but I guess more people that use 21390.2025 builds from Windows Insider Builds might find this post here too. Please, delete keys you don't need or know what they are. You will see what I did set, make it the opposite if you rather wanna be protected but have certain things set right. This here is just to show all key setting names, so you can then make your own values. *puts on an insecure smile* Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "ServiceKeepAlive"=dword:00000000 "AllowFastServiceStartup"=dword:00000000 "ProxyBypass"="*" "RandomizeScheduleTaskTimes"=dword:00000000 "DisableRoutinelyTakingAction"=dword:00000001 "DisableAntiSpyware"=dword:00000001 "ProxyServer"="*" "DisableLocalAdminMerge"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions] "DisableAutoExclusions"=dword:00000000 "Exclusions_Extensions"=dword:00000001 "Exclusions_IpAddresses"=dword:00000001 "Exclusions_Paths"=dword:00000001 "Exclusions_Processes"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions] "exe"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\IpAddresses] "*"="0" "192.168.0.2"="0" "localhost"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] "\"C:\\\""="0" "\"Y:\\\""="0" "\"Z:\\\""="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes] "\"C:\\Windows\\System32\\sethc.exe\""="0" "\"C:\\Windows\\System32\\cmd.exe\""="0" "\"C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe\""="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine] "EnableFileHashComputation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS] "DisableDatagramProcessing"=dword:00000000 "DisableProtocolRecognition"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS] "DisableSignatureRetirement"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine] "LocalSettingOverridePurgeItemsAfterDelay"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableIOAVProtection"=dword:00000001 "DisableOnAccessProtection"=dword:00000001 "DisableBehaviorMonitoring"=dword:00000001 "DisableScriptScanning"=dword:00000001 "DisableRawWriteNotification"=dword:00000001 "DisableScanOnRealtimeEnable"=dword:00000001 "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 "RealtimeScanDirection"=dword:00000002 "IOAVMaxSize"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation] "LocalSettingOverrideScan_ScheduleTime"=dword:00000000 "Scan_ScheduleDay"=dword:00000008 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting] "CriticalFailureTimeout"=dword:00000000 "DisableGenericRePorts"=dword:00000001 "DisableEnhancedNotifications"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan] "DisableArchiveScanning"=dword:00000001 "DisableScanningNetworkFiles"=dword:00000001 "DisableRemovableDriveScanning"=dword:00000001 "DisableRestorePoint"=dword:00000001 "DisableScanningMappedNetworkDrivesForFullScan"=dword:00000001 "AllowPause"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] "DisableScanOnUpdate"=dword:00000001 "ScheduleDay"=dword:00000008 "DisableUpdateOnStartupWithoutEngine"=dword:00000001 "UpdateOnStartUp"=dword:00000000 "MeteredConnectionUpdates"=dword:00000000 "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 "ForceUpdateFromMU"=dword:00000000 "RealtimeSignatureDelivery"=dword:00000000 "SignatureDisableNotification"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] "LocalSettingOverrideSpynetReporting"=dword:00000000 "DisableBlockAtFirstSeen"=dword:00000001 "SpynetReporting"=dword:00000000 "SubmitSamplesConsent"=dword:00000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration] "UILockdown"=dword:00000000 "Notification_Suppress"=dword:00000001 "SuppressRebootNotification"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] "ExploitGuard_ASR_ASROnlyExclusions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions] "\"C:\\\""="0" "\"Y:\\\""="0" "\"Z:\\\""="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access] "EnableControlledFolderAccess"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] "EnableNetworkProtection"=dword:00000000 "AllowNetworkProtectionOnWinServer"=dword:00000000 # Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "ServiceKeepAlive"=dword:00000000 "AllowFastServiceStartup"=dword:00000000 "ProxyBypass"="*" "RandomizeScheduleTaskTimes"=dword:00000000 "DisableRoutinelyTakingAction"=dword:00000001 "DisableAntiSpyware"=dword:00000001 "ProxyServer"="*" "DisableLocalAdminMerge"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions] "DisableAutoExclusions"=dword:00000000 "Exclusions_Extensions"=dword:00000001 "Exclusions_IpAddresses"=dword:00000001 "Exclusions_Paths"=dword:00000001 "Exclusions_Processes"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions] "exe"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\IpAddresses] "*"="0" "192.168.0.2"="0" "localhost"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] "\"C:\\\""="0" "\"Y:\\\""="0" "\"Z:\\\""="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes] "\"C:\\Windows\\System32\\sethc.exe\""="0" "\"C:\\Windows\\System32\\cmd.exe\""="0" "\"C:\\Program Files\\PowerShell\\7-preview\\pwsh.exe\""="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine] "EnableFileHashComputation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS] "DisableDatagramProcessing"=dword:00000000 "DisableProtocolRecognition"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS] "DisableSignatureRetirement"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine] "LocalSettingOverridePurgeItemsAfterDelay"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableIOAVProtection"=dword:00000001 "DisableOnAccessProtection"=dword:00000001 "DisableBehaviorMonitoring"=dword:00000001 "DisableScriptScanning"=dword:00000001 "DisableRawWriteNotification"=dword:00000001 "DisableScanOnRealtimeEnable"=dword:00000001 "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 "RealtimeScanDirection"=dword:00000002 "IOAVMaxSize"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation] "LocalSettingOverrideScan_ScheduleTime"=dword:00000000 "Scan_ScheduleDay"=dword:00000008 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting] "CriticalFailureTimeout"=dword:00000000 "DisableGenericRePorts"=dword:00000001 "DisableEnhancedNotifications"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan] "DisableArchiveScanning"=dword:00000001 "DisableScanningNetworkFiles"=dword:00000001 "DisableRemovableDriveScanning"=dword:00000001 "DisableRestorePoint"=dword:00000001 "DisableScanningMappedNetworkDrivesForFullScan"=dword:00000001 "AllowPause"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] "DisableScanOnUpdate"=dword:00000001 "ScheduleDay"=dword:00000008 "DisableUpdateOnStartupWithoutEngine"=dword:00000001 "UpdateOnStartUp"=dword:00000000 "MeteredConnectionUpdates"=dword:00000000 "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 "ForceUpdateFromMU"=dword:00000000 "RealtimeSignatureDelivery"=dword:00000000 "SignatureDisableNotification"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] "LocalSettingOverrideSpynetReporting"=dword:00000000 "DisableBlockAtFirstSeen"=dword:00000001 "SpynetReporting"=dword:00000000 "SubmitSamplesConsent"=dword:00000002 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration] "UILockdown"=dword:00000000 "Notification_Suppress"=dword:00000001 "SuppressRebootNotification"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] "ExploitGuard_ASR_ASROnlyExclusions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions] "\"C:\\\""="0" "\"Y:\\\""="0" "\"Z:\\\""="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access] "EnableControlledFolderAccess"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] "EnableNetworkProtection"=dword:00000000 "AllowNetworkProtectionOnWinServer"=dword:000000007.9KViews0likes2CommentsRe: Windows 11 Defender not responding at all - No online solutions working.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender That's the Registry-Editor's path of control by Group Policy. If not already there, select on Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft and rightclick on it, select NEW, select KEY and name it Windows Defender. What you put in there as config, will be enforced without the need of opening the Windows Defender itself. I don't know how familiar you are with Registry, but I give you here a compilation of settings that I use on an extreme turning off configuration. Uhm. I will delete as many keys possible that are not required for your intention. Please always look up what a key does, Google or check the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender values in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender coz that's the exact path for your Windows Defender on currently active settings. So, this is what I enforced for real time protection: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableIOAVProtection"=dword:00000001 "DisableOnAccessProtection"=dword:00000001 "DisableBehaviorMonitoring"=dword:00000001 "DisableScriptScanning"=dword:00000001 "DisableRawWriteNotification"=dword:00000001 "DisableScanOnRealtimeEnable"=dword:00000001 "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 "RealtimeScanDirection"=dword:00000002 "IOAVMaxSize"=dword:000000018KViews0likes3Comments
Recent Blog Articles
No content to show