Why does WIn10 start with "Realtime Protection" disabled?


  1. mmo
    Posts : 136
    Windows 10
       New #1

    Why does Win10 start with "Realtime Protection" disabled?


    I have it pretty frequently lately that somewhen between 15 and 30 minutes after a system restart I get an warning-popup telling me that my system's real-time protection is off and that this leaves my system vulnerable.
    I then typically go into the security settings and enable the real time protection after which things seem to be fine again.

    But WHY does Windows start with this setting disabled??? That leaves me pretty puzzled and slightly disturbed. :-(

    This is on WIn10 (1903) with all available patches/updates a applied, i.e. I am "up-to-date" - at least according to Windows' update mechanism.

    And - yes - "sfc /scannow" reports "Windows Resource Protection found corrupt files but was unable to fix some of them.." but it does so since the installation. In fact, back then (3 years?) I even did a full, barebone system re-install and then as very first operation ran an "sfc ..." on the newly installed system and it already came back with exactly that very same result. And continued to report the very same after each system update. So, this is absolutely "normal" and doesn't indicate anything.
    So far to the usefulness of MS' system checks...
    Last edited by mmo; 27 Sep 2019 at 09:07.
      My Computer
    Quote Quote

  3. FreeBooter
    Posts : 4,554
    Windows 11 Pro 64-bit
       New #2

    Execute following commands:

    Code:
    Dism /Online /Cleanup-image /RestoreHealth

Sfc  /Scannow
    Execute SFC command after Dism command finished.
      My Computer
    Quote Quote

  4. ThrashZone
    Posts : 7,711
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       New #3

    Hi,
    Are you using a MS account or local user account ?

    Defender has quite a few new features most only applying to ms account users like account protection/ folder protection/.....
    Frankly all these new features only added more annoyances than anything else for local account users.
      My Computers
    Quote Quote

  6. mmo
    Posts : 136
    Windows 10
    Thread Starter
       New #4

    ThrashZone said:
    Are you using a MS account or local user account ?
    It's a local account.

    Could that be the reason for that? Or is there anything I need to change or adjust to have Realtime Protection enabled immediately after reboot with such an account?
      My Computer
    Quote Quote

  7. ThrashZone
    Posts : 7,711
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       New #5

    mmo said:
    It's a local account.

    Could that be the reason for that? Or is there anything I need to change or adjust to have Realtime Protection enabled immediately after reboot with such an account?
    Yes you and I are screwed ms is annoying us so we might switch to a ms account
    If take close attention the message will change if not already to switch to a ms account for optimum security blah.....

    I installed mbam premium and wd still pulled that stupid message up that mbam is disabled on restart or cold startup when in fact mbam shows all good
    BS win-10 bug.

    I finally turned wd and action center off it was such a freaking pest.

    But yes this is a account protection bug.
      My Computers
    Quote Quote

  8. ThrashZone
    Posts : 7,711
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       New #6

    FreeBooter said:
    Execute following commands:

    Code:
    Dism /Online /Cleanup-image /RestoreHealth

Sfc  /Scannow
    Execute SFC command after Dism command finished.
    Hi,
    Above in cmd as admin should fix the sfc errors though doubt it will fix anything else wd related.
      My Computers
    Quote Quote

  9. TairikuOkami
    Posts : 5,202
    Windows 11 Home
       New #7

    You might be already infected with malware, which disables WD. Scan with other AV is recommended.

    Free Virus Scan | Online Virus Scan from ESET | ESET

    Free Virus Removal Tool | Free Virus Scanner and Cleaner | Kaspersky

    Download Dr.Web CureIt! free of charge
      My Computer
    Quote Quote

  10. FreeBooter
    Posts : 4,554
    Windows 11 Pro 64-bit
       New #8

    Op with this batch script you can enable or disable Windows Defender.


    Code:
    @Echo Off

net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)

:_Start
Cls & Mode CON  LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
Echo.
Echo       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
Echo       Ί Type (D) letter to Disable Windows Defender Ί  
Echo       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
Echo.
Echo.
Echo       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»  
Echo       Ί Type (E) letter to Enable Windows Defender  Ί  
Echo       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ  



Set /p input= RESPONSE: 
If /i  Not %input%==D (Goto :_Ex) Else (Goto :_Disbale)

:_Ex
If /i  Not %input%==E  (Goto :_Start) Else (Goto :_Enable)





:_Disbale
:: Disable Windows Defender with  Group Policy. 
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f  > Nul

Cls & Mode CON  LINES=5 COLS=49 & Color 0E & Title - WARNING -
 Echo.
 Echo. 
 Echo            Windows Defender Disabled
Ping -n 5  localhost > Nul
Cls
Goto :Reboot


:_Enable
:: Enable Windows Defender with  Group Policy. 
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "0" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "0" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "0" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "0" /f > Nul
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /f > Nul


Cls & Mode CON  LINES=5 COLS=49 & Color 0E & Title - WARNING -
 Echo.
 Echo. 
 Echo            Windows Defender Enabled

Ping -n 5  localhost > Nul
Cls



:Reboot 
CHOICE /C YN /M "Press Y to Reboot, N for exiting script."


If %errorlevel% == 1 ( Shutdown /r /t 0) Else (Exit)
      My Computer
    Quote Quote

 

  Related Discussions
AVG says "Protection is disabled" when auto updates are turned off
in AntiVirus, Firewalls and System Security

I just installed AVG today, which is owned by Avast (many of the same settings and the same engine), but there's something really annoying that I can't seem to solve. It insists that you set automatic virus definition updates to enabled. If you set...
Hi All ! I am using Windows 10 Pro v1903 Build 18362.175 I have in my Start menu, 3 bad lines "ms-resources" that appeared at the bottom of the menu in the "Others" section. (see my screenshot, in French :party:) and it does not correspond to...
If I ask Windows to display a desktop icon for "User's Files" 235090 an icon named "Andrey" will appear on my desktop, which will open a "virtual" folder containing all of my special folders (Documents, Pictures etc.) 235091 In reality...
The Run history is not retained a search led me to a post which informed that "Show most used apps" in Settings\Personalization should be enabled. In my case, this slider is greyed out and is not accessible.
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:11.
Find Us




Windows 10 Forums