Defender yellow triangle icon keeps coming back

I shut off cloud updates and automatic sample submissions by dismissing them. Green check mark comes on the icon. Later, I get the yellow triangle, to turn these two back on. Is there a little reg hack script or some way to not have the yellow triangle come back?

@probe7
Why would you shut off cloud and samples? You don't want daily Defender database updates?

Wisewiz said:

@probe7
Why would you shut off cloud and samples? You don't want daily Defender database updates?

Click to expand...

I think I still get Defender updates, even if cloud is off. I want the least amount of info being exchanged with MS. They're all about collecting data. A comment in another forum said they are vague about what info is sent with sample submission.

I found this from MS website on what is sent with Auto Sample Submission.... doesn't this seem like a lot??
------------
The following table lists examples of metadata sent for analysis by cloud protection:

The yellow exclamation is by design, warning the user that Defender is not working 100% as it is designed to work. These days, it is the nature of the beast that is AV software to have certain components that are cloud based. I do not know of any AV software where this does not hold true.

If the yellow exclamation bothers you, you might try changing it to always prompt to see if that gets rid of it. I can't verify that it will as I always have Defender doing all that it can do.

glasskuter said:

The yellow exclamation is by design, warning the user that Defender is not working 100% as it is designed to work. These days, it is the nature of the beast that is AV software to have certain components that are cloud based. I do not know of any AV software where this does not hold true.

If the yellow exclamation bothers you, you might try changing it to always prompt to see if that gets rid of it. I can't verify that it will as I always have Defender doing all that it can do.

Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Windows 11 Tutorial

This tutorial will show you how to enable or disable automatic sample submission for Microsoft Defender Antivirus in Windows 11. Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats...

www.elevenforum.com

Click to expand...

Ah, that's what I was looking for. However, using CMD as Admin, I get this when telling to never send samples:

Set-MpPreference : Cannot process argument transformation on parameter 'SubmitSamplesConsent'. Cannot convert value
"2" to type "Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType". Error: "Unable
to match the identifier name 2 to a valid enumerator name. Specify one of the following enumerator names and try
again:
AlwaysPrompt, SendSafeSamples, NeverSend, SendAllSamples"
At line:1 char:40
+ Set-MpPreference -SubmitSamplesConsent 2

I suggest within the defender app you turn everything ON first before using the commands. No matter whether you turn off sample submission within the app or with a successful command, you will STILL see the exclamation point. That is why I suggested to try using the "always prompt" setting to see if it would get rid of the yellow warning symbol. Maybe it will. Maybe it won't.

glasskuter said:

I suggest within the defender app you turn everything ON first before using the commands. No matter whether you turn off sample submission within the app or with a successful command, you will STILL see the exclamation point. That is why I suggested to try using the "always prompt" setting to see if it would get rid of the yellow warning symbol. Maybe it will. Maybe it won't.

Click to expand...

Okay, that worked, thx. I'm not seeing the "always prompt" however. I see "submit a sample manually", but no "always prompt"

I tried this in PowerShell for you, and it was accepted, but it turned the yellow warning back on and Defender indicated that it was not running. I turned Defender back on, but I can't tell whether the accepted PS command is still operative.

PS C:\Users\<username> Set-MpPreference -SubmitSamplesConsent AlwaysPrompt

probe7 said:

not seeing the "always prompt" however. I see "submit a sample manually",

Click to expand...

According to Brink's tutorial, first screenshot in Option 1 step 4, that is what you are supposed to see. If defender detects anything that needs further analysis, you will be prompted to send the file to MS.
What about the yellow warning. Do you still see it?

Just a short follow-up to my last: I wanted to make sure that my "AlwaysPrompt" command hadn't stuck, so I went back in to PS and ran Set-MpPreference -SubmitSamplesConsent SendSafeSamples (that's the default) and that command was again accepted. I don't know why it's not accepting numbers.

The PS command worked for me, but you cant get rid of the dang yellow triangle. Its back. I still dont see "Always prompt", but thats no biggie. Sample sub is off at least. I may be wrong, but I dont think the PS command is doing anymore than just turning off the toggle button to Sample submission.