VirTool:Win32/DefenderTamperingRestore - "DisableAntiSpyware" registry value turned off

Hello! Does anybody have any idea regarding this ms defender's and msert's detection? It's been 3 days since I first saw this message. I do not know what's in fault but as I can read via internet search it has to do with 3rd party antivirus (malwarebytes and kaspersky as well).. The defender quarantined the file, despite msert tool said that it was partially removed. I have already run kaspersky virus removal tool and full scan as well, mbam threat and deep scan, msert and mrt quick scan and windows defender full offline scan! All are clean now and without any detections!! There is only this threat shown in history as quarantined, but I am seeing that if I will try to remove this detection from defender's history it will disappear, but if I rerun the full offline defender's and msert's scan as well it will reappear again in both of the aforementioned scanners (full offline defender's and msert's scan).. Another weird thing is that there is no log in the event viewer regarding action against this threat and in addition 2 registry keys from the windows defender (disableantispyware and disableantivirus as well) were automatically deleted!! So for the time being both of these 2 keys are missing from the registry key..
I don't know what caused this but I have done some things before seeing this relative notification:

a) used fling trainer for RE9 and reframework nexus mode (which I am pretty sure that there is nothing to worry about as I have already used them both to another machine to which everything is fine)
b) ran sfc (all went fine here) and dism restore health which failed after 100% completed with the classic error 0x800f0915 (after the latest MAY preview update)
c) changed a registry value (by using " ") regarding bluestacks services (after updating my bluestacks desktop app) that was shown in startup apps in the windows settings as file LARY (blank icon) and there was also the same LARY blank file inside C/users which I deleted...

So after restarting my dektop PC I noticed that defender periodic scanning was off (i turned it back to on again and it works fine now) and then I saw this weird quarantined notification. Should I worry about something? Will it be automatically deleted and if so what about:
a) these 2 registry keys that were deleted?
b) after the automatic delete (as shown in the screenshot below in the details provided) will this threat reappear if I rerun msert or defender offline full scan (because I can see that if I try to clean the history now, it will reappear to both of these scans)?
The last screenshot is before defender's action to quarantine the threat above.. The first screenshot is the right image of my registry now..
Defender automatically took this action to quarantine the threat, without letting me have any option to do sth for the time being..

VirTool:Win32/DefenderTamperingRestore is not a traditional virus. It is an alert triggered by Windows Defender when it detects that the DisableAntiSpyware registry key has been modified—a setting used to turn off or cripple Microsoft Defender.

If a script or third-party program is repeatedly trying to disable Defender, you can manually delete the key:


Press the Windows Key + R to open the Run box.

Type cmd and press Ctrl + Shift + Enter to open the Command Prompt as an administrator.


Copy, paste, and run this exact command:


Restart your PC.

If you previously installed or uninstalled an antivirus like McAfee, Norton, or Malwarebytes, remnants of that software might still be turning off Defender. Ensure the old program is completely uninstalled using the software's official removal tool.


To prevent malware or unauthorized software from disabling Defender in the future, ensure Tamper Protection is turned on.

Search for Windows Security in your Start menu.

Go to Virus & threat protection, and click Manage settings.

Scroll down to Tamper Protection and toggle it ON.

FreeBooter said:

VirTool:Win32/DefenderTamperingRestore is not a traditional virus. It is an alert triggered by Windows Defender when it detects that the DisableAntiSpyware registry key has been modified—a setting used to turn off or cripple Microsoft Defender.

If a script or third-party program is repeatedly trying to disable Defender, you can manually delete the key:


Press the Windows Key + R to open the Run box.

Type cmd and press Ctrl + Shift + Enter to open the Command Prompt as an administrator.


Copy, paste, and run this exact command:

Code:

REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware

Restart your PC.

If you previously installed or uninstalled an antivirus like McAfee, Norton, or Malwarebytes, remnants of that software might still be turning off Defender. Ensure the old program is completely uninstalled using the software's official removal tool.


To prevent malware or unauthorized software from disabling Defender in the future, ensure Tamper Protection is turned on.

Search for Windows Security in your Start menu.

Go to Virus & threat protection, and click Manage settings.

Scroll down to Tamper Protection and toggle it ON.

Click to expand...

Yes I agree with you! I have already looked into different sites and all of them say that another antivirus triggers it. I use Kaspersky and Malwarebytes. I don't trust windows defender. After receiving this threat notification (it happened after a pc restart after the execution of dism restore health command), I went into windows security settings and turned defender to scan periodically to on (because it was automatically for some reason turned off). Tamper protection is on. I changed nothing else in windows security settings except from this periodic scan.
On the other hand, I own a dell ALIENWARE laptop that run exactly the same antiviruses without showing this annoying threat blocked notification.
It's been 16 years of using them together without any issues. (by putting exceptions of course among them) . It's very weird that only one of my machines detected it.
So. Will this notification be cleared by itself (as it is shown in the picture above) and will not be scanned by msert again (after the automatic cleaning of protection history)? And what about these 2 registry deleted keys?

If you deleted those two disable Defender and disable antivirus you will be okay.

FreeBooter said:

If you deleted those two disable Defender and disable antivirus you will be okay.

Click to expand...

Thank you all for your advice I did not delete anything by myself. Defender automatically quarantined this "threat" and deleted these 2 registry keys by itself...What do you mean disable defender and antivirus as well?
I think that I will have to wait for this automatic delete (as it is mentioned to the defender's message) and of course for the upcoming June's windows update (next week). If the dism restore health and this threat are to be fixed till then, I will be ok.
If not, I will format my pc.