Turn On Windows Defender Block Suspicious Behaviors in Windows 10  

Page 1 of 2 12 LastLast
    Turn On Windows Defender Block Suspicious Behaviors in Windows 10

    Turn On Windows Defender Block Suspicious Behaviors in Windows 10

    How to Turn On or Off Windows Defender Block Suspicious Behaviors in Windows 10
    Published by Category: Security System
    23 Jun 2020
    Designer Media Ltd


    How to Turn On or Off Windows Defender Block Suspicious Behaviors in Windows 10


    Starting with Windows 10 build 17704, you can enable a new protection setting, Block suspicious behaviors, which brings the Windows Defender Exploit Guard attack surface reduction technology to all users.

    You can turn on Block suspicious behaviors to prevent behavior by an app or file that might infect your device.

    This tutorial will show you how to turn on or off the Block suspicious behaviors feature of Windows Defender Exploit Guard attack surface reduction for all users in Windows 10.

    You must be signed in as an administrator to turn on or off "Block suspicious behaviors".

    Note   Note
    From Microsoft:

    Thank you everyone who has given us feedback on the “Block Suspicious Behaviors” feature that was recently added to Windows Security. For the time being we’re removing it from the build while we work on addressing some of the things you shared with us.

    Announcing Windows 10 Insider Preview Build 17730 - Windows Experience Blog





    Here's How:

    1. Open Windows Security, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Turn On Windows Defender Block Suspicious Behaviors in Windows 10-windows_defender_block_suspicious_behaviors-1.jpg

    2. Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

    Turn On Windows Defender Block Suspicious Behaviors in Windows 10-windows_defender_block_suspicious_behaviors-2.jpg

    3. Turn on or off (default) Block suspicious behaviors for what you want. (see screenshot below)
    Note   Note
    This setting is stored in the ASR registry key below, but requires you to change the owner to Administrators, and set permissions to "Allow" Administrators "Full Control" before being able to modify the DWORD value below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR

    EnableASRConsumers DWORD

    0 = Off
    1 = On


    Turn On Windows Defender Block Suspicious Behaviors in Windows 10-windows_defender_block_suspicious_behaviors-3.jpg

    4. If prompted by UAC, click/tap on Yes to approve.

    5. You can now close Windows Security if you like.


    That's it,
    Shawn



  1. Plankton's Avatar
    Posts : 1,722
    Windows 10 Pro
       #1

    I don't have that toggle to turn on/off.....it's missing.

    Turn On Windows Defender Block Suspicious Behaviors in Windows 10-av.png
      My Computer

  2. Brink's Avatar
    Posts : 49,705
    64-bit Windows 10 Pro for Workstations build 20161
    Thread Starter
       #2

    Hey mate,

    This setting would only be available starting with build 17704.
      My Computers


  3. Posts : 132
    Windows 10 Pro Insider
       #3

    Build 17713, "Block Suspicious Behaviors" check to enable still not sticking when activated and the NOTE in the tutorial also no longer appears to be work with noted build to solve the check not sticking.
      My Computer

  4. Brink's Avatar
    Posts : 49,705
    64-bit Windows 10 Pro for Workstations build 20161
    Thread Starter
       #4

    Hello Reidel,

    I'm seeing the same issue in my build 17713 for it not showing correctly as on/off in Windows Security app.

    The DWORD in the note box under step 3 will confirm whether it is actually turned on or off though.
      My Computers


  5. Posts : 132
    Windows 10 Pro Insider
       #5

    Brink said:
    Hello Reidel,



    The DWORD in the note box under step 3 will confirm whether it is actually turned on or off though.
    The DWORD is set to 0 and I cannot get the process you suggested in the "NOTE" portion of the tutorial to work. Two attached screen shoots will show the before and after attempts to change the Permissions necessary for access to the DWORD change.Turn On Windows Defender Block Suspicious Behaviors in Windows 10-capture.png1.pngTurn On Windows Defender Block Suspicious Behaviors in Windows 10-capture.png2.png
    Access is denied. (Note-Protected folder in Defender is turned off)
      My Computer

  6. Brink's Avatar
    Posts : 49,705
    64-bit Windows 10 Pro for Workstations build 20161
    Thread Starter
       #6

    That's ok.

    All I had to do was toggle the setting again to change the DWORD.
      My Computers



  7. Posts : 132
    Windows 10 Pro Insider
       #7

    Brink said:
    That's ok.

    All I had to do was toggle the setting again to change the DWORD.
    True, but REGEDIT will not allow me to change the Administrator to full control, see the pop up box, "Unable to save permission changes on ASR"

    Note, does not matter whether the toggle is set to on or off in Windows Security, Administrative permission of ASR cannot be accomplished in REGEDIT.
      My Computer

  8. Brink's Avatar
    Posts : 49,705
    64-bit Windows 10 Pro for Workstations build 20161
    Thread Starter
       #8

    Correct. The registry key is protected and will not allow you to change the DWORD by default.

    You would have to change the owner of the ASR registry key to "Administrators" first to be able to set its permissions to "Allow" "Administrators" "Full control". Afterwards, you should be able to modify the DWORD.
      My Computers


  9. Posts : 132
    Windows 10 Pro Insider
       #9

    Brink said:
    Correct. The registry key is protected and will not allow you to change the DWORD by default.

    You would have to change the owner of the ASR registry key to "Administrators" first to be able to set its permissions to "Allow" "Administrators" "Full control". Afterwards, you should be able to modify the DWORD.
    Thanks, I've come to the conclusion just to wait on using Windows Security to "Block Suspicious Behaviors" at this time. Pretty obvious Microsoft has not completed the development of this feature. Most likely similar effect can be found using gpedit/Administrative templates/ and then enabling Block at First Site and Behavior Monitoring within Defender settings. No regediting necessary. Hey it's just Insider.
      My Computer


 

Tutorial Categories

Turn On Windows Defender Block Suspicious Behaviors in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:26.
Find Us




Windows 10 Forums