Windows 10: Turn On Windows Defender Block Suspicious Behaviors in Windows 10  

Page 1 of 2 12 LastLast
    Turn On Windows Defender Block Suspicious Behaviors in Windows 10

    Turn On Windows Defender Block Suspicious Behaviors in Windows 10

    How to Turn On or Off Windows Defender Block Suspicious Behaviors in Windows 10
    Published by Category: Security System
    03 Jul 2018
    Designer Media Ltd

    Published by


    Brink's Avatar
    Administrator

    Posts: 32,329

    Show Printable Version 


    How to Turn On or Off Windows Defender Block Suspicious Behaviors in Windows 10


    Starting with Windows 10 build 17704, you can enable a new protection setting, Block suspicious behaviors, which brings the Windows Defender Exploit Guard attack surface reduction technology to all users.

    You can turn on Block suspicious behaviors to prevent behavior by an app or file that might infect your device.

    This tutorial will show you how to turn on or off the Block suspicious behaviors feature of Windows Defender Exploit Guard attack surface reduction for all users in Windows 10.

    You must be signed in as an administrator to turn on or off "Block suspicious behaviors".



    Here's How:

    1. Open Windows Security, and click/tap on the Virus & threat protection icon. (see screenshot below)

    Name:  Windows_Defender_block_suspicious_behaviors-1.jpg
Views: 814
Size:  41.5 KB

    2. Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

    Name:  Windows_Defender_block_suspicious_behaviors-2.jpg
Views: 802
Size:  44.1 KB

    3. Turn on or off (default) Block suspicious behaviors for what you want. (see screenshot below)
    Note   Note
    This setting is stored in the ASR registry key below, but requires you to change the owner to Administrators, and set permissions to "Allow" Administrators "Full Control" before being able to modify the DWORD value below.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR

    EnableASRConsumers DWORD

    0 = Off
    1 = On


    Name:  Windows_Defender_block_suspicious_behaviors-3.jpg
Views: 814
Size:  62.7 KB

    4. If prompted by UAC, click/tap on Yes to approve.

    5. You can now close Windows Security if you like.


    That's it,
    Shawn





  1.    27 Jun 2018 #1

    I don't have that toggle to turn on/off.....it's missing.

    Click image for larger version. 

Name:	AV.PNG 
Views:	36 
Size:	185.4 KB 
ID:	193741
      My ComputerSystem Spec

  2. Brink's Avatar
    Posts : 32,329
    64-bit Windows 10 Pro build 18242
    Thread Starter
       27 Jun 2018 #2

    Hey mate,

    This setting would only be available starting with build 17704.
      My ComputersSystem Spec


  3. Posts : 104
    Windows 10 Duel booting with Windows 10 Insider
       11 Jul 2018 #3

    Build 17713, "Block Suspicious Behaviors" check to enable still not sticking when activated and the NOTE in the tutorial also no longer appears to be work with noted build to solve the check not sticking.
      My ComputerSystem Spec

  4. Brink's Avatar
    Posts : 32,329
    64-bit Windows 10 Pro build 18242
    Thread Starter
       11 Jul 2018 #4

    Hello Reidel,

    I'm seeing the same issue in my build 17713 for it not showing correctly as on/off in Windows Security app.

    The DWORD in the note box under step 3 will confirm whether it is actually turned on or off though.
      My ComputersSystem Spec


  5. Posts : 104
    Windows 10 Duel booting with Windows 10 Insider
       12 Jul 2018 #5

    Brink said: View Post
    Hello Reidel,



    The DWORD in the note box under step 3 will confirm whether it is actually turned on or off though.
    The DWORD is set to 0 and I cannot get the process you suggested in the "NOTE" portion of the tutorial to work. Two attached screen shoots will show the before and after attempts to change the Permissions necessary for access to the DWORD change.Click image for larger version. 

Name:	Capture.PNG1.PNG 
Views:	25 
Size:	67.7 KB 
ID:	195431Click image for larger version. 

Name:	Capture.PNG2.PNG 
Views:	27 
Size:	95.0 KB 
ID:	195432
    Access is denied. (Note-Protected folder in Defender is turned off)
      My ComputerSystem Spec

  6. Brink's Avatar
    Posts : 32,329
    64-bit Windows 10 Pro build 18242
    Thread Starter
       12 Jul 2018 #6

    That's ok.

    All I had to do was toggle the setting again to change the DWORD.
      My ComputersSystem Spec


  7. Posts : 104
    Windows 10 Duel booting with Windows 10 Insider
       12 Jul 2018 #7

    Brink said: View Post
    That's ok.

    All I had to do was toggle the setting again to change the DWORD.
    True, but REGEDIT will not allow me to change the Administrator to full control, see the pop up box, "Unable to save permission changes on ASR"

    Note, does not matter whether the toggle is set to on or off in Windows Security, Administrative permission of ASR cannot be accomplished in REGEDIT.
      My ComputerSystem Spec

  8. Brink's Avatar
    Posts : 32,329
    64-bit Windows 10 Pro build 18242
    Thread Starter
       12 Jul 2018 #8

    Correct. The registry key is protected and will not allow you to change the DWORD by default.

    You would have to change the owner of the ASR registry key to "Administrators" first to be able to set its permissions to "Allow" "Administrators" "Full control". Afterwards, you should be able to modify the DWORD.
      My ComputersSystem Spec


  9. Posts : 104
    Windows 10 Duel booting with Windows 10 Insider
       12 Jul 2018 #9

    Brink said: View Post
    Correct. The registry key is protected and will not allow you to change the DWORD by default.

    You would have to change the owner of the ASR registry key to "Administrators" first to be able to set its permissions to "Allow" "Administrators" "Full control". Afterwards, you should be able to modify the DWORD.
    Thanks, I've come to the conclusion just to wait on using Windows Security to "Block Suspicious Behaviors" at this time. Pretty obvious Microsoft has not completed the development of this feature. Most likely similar effect can be found using gpedit/Administrative templates/ and then enabling Block at First Site and Behavior Monitoring within Defender settings. No regediting necessary. Hey it's just Insider.
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Tutorial Categories

Turn On Windows Defender Block Suspicious Behaviors in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Xbox Windows Phone


Related Threads
Solved Windows Defender Won't Turn On in AntiVirus, Firewalls and System Security
O.k....Out of curiosity I installed Avast free AV.....then decided to stay with Windows Defender, and so uninstalled Avast......now, Defender won't turn on, it tells me that "another anti virus programme" is running...... any help to turn it back on...
Can not turn on Windows Defender.. in AntiVirus, Firewalls and System Security
Hi Gang, I am on Windows 10 Home version. this is a 2 week old install of Windows 10.. I am all uipto date with my drivers besides my Video card drivers.. I installed Kaspersky AV and then I uninstalled it with Control Panel add remove. I am...
How to Enable or Disable Windows Defender Block at First Sight in Windows 10 Windows Defender helps protect your PC against malware (malicious software) like viruses, spyware, and other potentially unwanted software. Malware can infect your PC...
Will Windows Defender turn itself on in AntiVirus, Firewalls and System Security
My laptop has Norton anti virus which expires in 2 weeks and I plan on using Windows Defender. OS is Windows 10- will Windows Defender turn on automatically when Norton expires or will I have to turn it on. If so how is Defender turned on.
Windows 10 : Is Defender capable to block all internet threats? in AntiVirus, Firewalls and System Security
Hello everybody, IS DEFENDER CAPABLE TO BLOCK ALL VIRUS THREATS AND ALLOW ME SAFE INTERNET BROWSING AND NET BANKING? ------------------------------------------------------------------------------------------------------------------------- My...

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:08.
Find Us