Why does WIn10 start with "Realtime Protection" disabled?


  1. mmo
    Posts : 136
    Windows 10
       #1

    Why does Win10 start with "Realtime Protection" disabled?


    I have it pretty frequently lately that somewhen between 15 and 30 minutes after a system restart I get an warning-popup telling me that my system's real-time protection is off and that this leaves my system vulnerable.
    I then typically go into the security settings and enable the real time protection after which things seem to be fine again.

    But WHY does Windows start with this setting disabled??? That leaves me pretty puzzled and slightly disturbed. :-(

    This is on WIn10 (1903) with all available patches/updates a applied, i.e. I am "up-to-date" - at least according to Windows' update mechanism.

    And - yes - "sfc /scannow" reports "Windows Resource Protection found corrupt files but was unable to fix some of them.." but it does so since the installation. In fact, back then (3 years?) I even did a full, barebone system re-install and then as very first operation ran an "sfc ..." on the newly installed system and it already came back with exactly that very same result. And continued to report the very same after each system update. So, this is absolutely "normal" and doesn't indicate anything.
    So far to the usefulness of MS' system checks...
    Last edited by mmo; 27 Sep 2019 at 09:07.
      My Computer


  2. Posts : 4,554
    Windows 11 Pro 64-bit
       #2

    Execute following commands:

    Code:
    Dism /Online /Cleanup-image /RestoreHealth
    
    Sfc  /Scannow
    Execute SFC command after Dism command finished.
      My Computer


  3. Posts : 7,711
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       #3

    Hi,
    Are you using a MS account or local user account ?

    Defender has quite a few new features most only applying to ms account users like account protection/ folder protection/.....
    Frankly all these new features only added more annoyances than anything else for local account users.
      My Computers


  4. mmo
    Posts : 136
    Windows 10
    Thread Starter
       #4

    ThrashZone said:
    Are you using a MS account or local user account ?
    It's a local account.

    Could that be the reason for that? Or is there anything I need to change or adjust to have Realtime Protection enabled immediately after reboot with such an account?
      My Computer


  5. Posts : 7,711
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       #5

    mmo said:
    It's a local account.

    Could that be the reason for that? Or is there anything I need to change or adjust to have Realtime Protection enabled immediately after reboot with such an account?
    Yes you and I are screwed ms is annoying us so we might switch to a ms account
    If take close attention the message will change if not already to switch to a ms account for optimum security blah.....

    I installed mbam premium and wd still pulled that stupid message up that mbam is disabled on restart or cold startup when in fact mbam shows all good
    BS win-10 bug.

    I finally turned wd and action center off it was such a freaking pest.

    But yes this is a account protection bug.
      My Computers


  6. Posts : 7,711
    3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
       #6

    FreeBooter said:
    Execute following commands:

    Code:
    Dism /Online /Cleanup-image /RestoreHealth
    
    Sfc  /Scannow
    Execute SFC command after Dism command finished.
    Hi,
    Above in cmd as admin should fix the sfc errors though doubt it will fix anything else wd related.
      My Computers


  7. Posts : 5,202
    Windows 11 Home
       #7
      My Computer


  8. Posts : 4,554
    Windows 11 Pro 64-bit
       #8

    Op with this batch script you can enable or disable Windows Defender.


    Code:
    @Echo Off
    
    net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)
    
    :_Start
    Cls & Mode CON  LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
    Echo.
    Echo       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»
    Echo       Ί Type (D) letter to Disable Windows Defender Ί  
    Echo       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ
    Echo.
    Echo.
    Echo       ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ»  
    Echo       Ί Type (E) letter to Enable Windows Defender  Ί  
    Echo       ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ  
    
    
    
    Set /p input= RESPONSE: 
    If /i  Not %input%==D (Goto :_Ex) Else (Goto :_Disbale)
    
    :_Ex
    If /i  Not %input%==E  (Goto :_Start) Else (Goto :_Enable)
    
    
    
    
    
    :_Disbale
    :: Disable Windows Defender with  Group Policy. 
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f  > Nul
    
    Cls & Mode CON  LINES=5 COLS=49 & Color 0E & Title - WARNING -
     Echo.
     Echo. 
     Echo            Windows Defender Disabled
    Ping -n 5  localhost > Nul
    Cls
    Goto :Reboot
    
    
    :_Enable
    :: Enable Windows Defender with  Group Policy. 
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "0" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "0" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "0" /f > Nul
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "0" /f > Nul
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /f > Nul
    
    
    Cls & Mode CON  LINES=5 COLS=49 & Color 0E & Title - WARNING -
     Echo.
     Echo. 
     Echo            Windows Defender Enabled
    
    Ping -n 5  localhost > Nul
    Cls
    
    
    
    :Reboot 
    CHOICE /C YN /M "Press Y to Reboot, N for exiting script."
    
    
    If %errorlevel% == 1 ( Shutdown /r /t 0) Else (Exit)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:11.
Find Us




Windows 10 Forums