The Huntress Agent cannot enable Microsoft Defender if it is explicitly disabled. This is because Microsoft Defender is enabled by default in Windows 8.1+ (and Server 2016+) and will even re-enable itself if it's disabled and detects no 3rd party AV. Take caution when running these commands to enable Defender as you may have another issue present.
Please be aware that these commands provide no error checking, installation validation, etc. PowerShell errors can be terse. If you are not familiar with troubleshooting PowerShell errors please enable defender through the GUI.
Before running the following commands, please note that this will not work if the machine doesn't have Windows Defender installed and if you run these while having another AV installed it could cause conflicts between the two.
We recommend setting this up as a script on your RMM for easier enablement.
If running these manually, they must be run line by line in order to function properly.
Set-MpPreference -DisableRealtimeMonitoring $false Set-MpPreference -DisableIOAVProtection $false New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "Real-Time Protection" -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableBehaviorMonitoring" -Value 0 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableOnAccessProtection" -Value 0 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" -Name "DisableScanOnRealtimeEnable" -Value 0 -PropertyType DWORD -Force New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 0 -PropertyType DWORD -Force start-service WinDefend start-service WdNisSvc
Support Limitations
If you are having issues with Defender not being enabled even after attempting the steps found in the following Huntress and Microsoft articles, please reach out to Microsoft Support as they will be best equipped to help you:
Enabling Microsoft Defender (using Powershell)
Enable and update Defender Antivirus to the latest version on Windows Server
Comments
2 comments
In some cases the third party AV seems to uninstall the Defender Antivirus feature.
It needs to be reinstalled prior for this to work.
See:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-update-mdav-to-latest-ws?view=o365-worldwide#re-enable-microsoft-defender-antivirus-on-windows-server-if-it-was-uninstalled
nice 123
Please sign in to leave a comment.