From 04d258141c93f1a160c95a76fd39dbae89b4a988 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Mon, 27 Jul 2020 13:01:03 -0400 Subject: [PATCH] updating formating, removing outdated info --- ...to-security-settings-with-tamper-protection.md | 7 ------- .../troubleshoot-onboarding.md | 15 ++++++++------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index d57ba6176b..3d02a2e006 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -183,13 +183,6 @@ To avoid any potential delays, we recommend that you remove settings that contro Some sample Microsoft Defender Antivirus settings: -- *Turn off Microsoft Defender Antivirus*
- Computer Configuration\Administrative Templates\Windows Components\Windows Defender\\
-Value `DisableAntiSpyware` = 0 - - > [!IMPORTANT] - > The `DisableAntiSpyware` setting above is ignored in devices that have received the August 2020 update to Microsoft Defender Antivirus. - - *Turn off real-time protection*
Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Real-time Protection\\
Value `DisableRealtimeMonitoring` = 0 diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md index fd1dd42ea2..89d71da554 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md @@ -249,16 +249,16 @@ If the verification fails and your environment is using a proxy to connect to th ### Ensure that Microsoft Defender Antivirus is not disabled by a policy -> [!TIP] +> [!IMPORTANT] > The following only applies to devices that have **not** yet received the August 2020 update to Microsoft Defender Antivirus. > -> The August 2020 update ensures that Microsoft Defender Antivirus cannot be disabled via a policy. +> The update ensures that Microsoft Defender Antivirus cannot be disabled via a policy. **Problem**: The Microsoft Defender ATP service does not start after onboarding. **Symptom**: Onboarding successfully completes, but you see error 577 or error 1058 when trying to start the service. -**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy. +**Solution**: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy. - Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared: @@ -269,12 +269,13 @@ If the verification fails and your environment is using a proxy to connect to th - `` - `` + +> [!IMPORTANT] +> The `disableAntiSpyware` setting is discontinued and will be ignored, as of the August 2020 update to Microsoft Defender Antivirus. + - After clearing the policy, run the onboarding steps again. -- You can also check the following registry key values to verify that the policy is disabled: - - 1. Open the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`. - 2. Ensure that the value `DisableAntiSpyware` is not present. +- You can also check the previous registry key values to verify that the policy is disabled, by opening the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`. ![Image of registry key for Microsoft Defender Antivirus](images/atp-disableantispyware-regkey.png)