deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-wiprs2

Browse Source
This commit is contained in:
LizRoss
2017-03-28 10:31:14 -07:00
parent e0f58566e1 4739eb9efd
commit 20e3ff15ee
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/keep-secure/images/atp-disableantispyware-regkey.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 49 KiB

After

Width:  |  Height:  |  Size: 38 KiB

17
windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -229,22 +229,21 @@ If the verification fails and your environment is using a proxy to connect to th
**Solution**: If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are set to ```0``` or that the settings are cleared:
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
- ```DisableAntiSpyware```
- ```DisableAntiVirus```
- DisableAntiSpyware
- DisableAntiVirus
For example, in Group Policy:
For example, in Group Policy there should be no entries such as the following values:
```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>
```
- ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
- ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
- After clearing the policy, run the onboarding steps again on the endpoint.
- You can also check the following registry key values to verify that the policy is disabled:
1. Open the registry ```key HKEY_LOCAL_MACHINE\ SOFTWARE\Policies\Microsoft\Windows Defender```.
2. Find the value ```DisableAntiSpyware```.
3. Ensure that the value is set to 0.
1. Open the registry ```key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender```.
2. Ensure that the value ```DisableAntiSpyware``` is not present.
![Image of registry key for Windows Defender](images/atp-disableantispyware-regkey.png)