search

AndyFul / ConfigureDefender

Utility for configuring Windows 10 built-in Defender antivirus settings.
Other
1.13k stars 100 forks source link

Can't get around this error message #10

Open BlohoJo opened 3 years ago

BlohoJo commented 3 years ago

ConfigureDefender 3.0.0.1 Windows 10 Pro x64 Update 2004

Signed on as admin. User Account Control disabled. Running ConfigureDefender as admin.

Tried disabling "Scan all downloaded files and attachments." Restart ConfigureDefender and it's back on. Tried setting it to disabled again and hitting "Refresh" button, get this error:

win10_error (Using classic themes)

Not sure where to look as to what could be causing PowerShell from changing registry settings. I have other programs that use PowerShell to change the registry and they work without issue.

I don't have any other security programs installed, just Windows Defender.

BlohoJo commented 3 years ago

I was able to configure this setting using the Local Group Policy Editor (C:\Windows\System32\gpedit.msc):

Local Computer Policy -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus -> Real-time Protection -> Scan all downloaded files and attachments -> Disabled

I can close and restart gpedit.msc and see the setting is retained. I checked the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection, and DisableIOAVProtection is set to 1.

But when I run ConfigureDefender, it still shows that this setting is "ON".

???

BlohoJo commented 3 years ago

I looked into this some more. It appears that ConfigureDefender is trying to change this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection -> set Dword DisableIOAVProtection to 1

If Windows Defender real time protection is turned on, it disallows writing to this registry key, even if permissions & ownership of the key is set to Administrator. If you disable real time protection, you can then write this value to the key. But if real time protection is re-enabled, the DisableIOAVProtection Dword will be completely erased.

Looks like ConfigureDefender is going to have to instead use the policy key (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection) to set this value... I haven't checked other settings yet.

AndyFul commented 3 years ago

Hi BlohoJo, Two ConfigureDefender settings are prevented from changes by Windows Defender Tamper Protection:

When trying to change them you get the alert you posted about.

mikhoul commented 3 years ago

Maybe if runned as Trusted Installer it could work ?

https://winaero.com/execti-run-programs-trustedinstaller/

AndyFul commented 3 years ago

Nothing will help when Tamper Protection is enabled. Anyway, there is no reason to disable the options that are protected by Tamper Protection.