Virus and Threat Protection turns off when I restart computer

Win11_user

Member
Local time
8:55 PM
Posts
4
If you noticed that your Virus and Threat Protection turns off when you restart computer

Do this and it will stay on.

Hit WINKEY, and type Regedit, and open as Administrator.

Go to the Register entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet

Right-click on Windows Defender
create new Key entry name Spynet
Right-click on Spynet
creating 3 new separate 32bit Dword
and name them with the names from list below
Right click on each Dword you created and add the values below.

(Key to add)

DisableBlockAtFirstSeen = 0 (Removed this one for fear of False positives)
SpynetReporting = 1
SubmitSamplesConsent = 1

Should look like this:
Screenshot of the Registry Entries

I'm on Windows!! Version 21H2 (OS Build 22000.100)
 
Last edited:

My Computer

System One

  • Operating System
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    AMD PRO A10-8770 R7, 10 COMPUTE CORES 4C+6G, 3500 Mhz, 4 Core(s), 4 Logical Processor(s)
    Motherboard
    Gigabyte Technology Co., Ltd. A320M-S2H-CF
    Memory
    16.0 GB DDR4-2134 (1067 MHz)
    Graphics Card(s)
    Radeon RX 580 Series 8GB GDDR5
    Sound Card
    AMD Streaming Audio Device
    Monitor(s) Displays
    Hanns-G HL272HPB 27" and Samsung S27E310 27-Inch FHD Monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    Sata, HHD,
    PSU
    Corsair RM850x

maurice naggar

New member
Local time
8:55 PM
Posts
26
One caution about
Code:
DisableBlockAtFirstSeen = 0
That makes Blockatfirstseen ENABLED. The value of 0 on this means "enable" since this is a "disable" value-setting.
Defender is known to have false positives with that setting enabled.
I would leave out that whole line. Otherwise, I would have the value set to 1 ( meaning in effect 'disabled').
Let the normal engine & its definitions determine what is a real threat.
 

My Computer

System One

  • Operating System
    win10

Win11_user

Member
Local time
8:55 PM
Posts
4
Thanks for the information. with the research I did, I found these 3 entrys, but it didn't click about the false positives for DisableBlockAtFirstSeen =0 line.

I have removed it from my registry and tested it. and works fine without that line.

Thanks again Maurice.
 

My Computer

System One

  • Operating System
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    AMD PRO A10-8770 R7, 10 COMPUTE CORES 4C+6G, 3500 Mhz, 4 Core(s), 4 Logical Processor(s)
    Motherboard
    Gigabyte Technology Co., Ltd. A320M-S2H-CF
    Memory
    16.0 GB DDR4-2134 (1067 MHz)
    Graphics Card(s)
    Radeon RX 580 Series 8GB GDDR5
    Sound Card
    AMD Streaming Audio Device
    Monitor(s) Displays
    Hanns-G HL272HPB 27" and Samsung S27E310 27-Inch FHD Monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    Sata, HHD,
    PSU
    Corsair RM850x

Bree

Well-known member
Power User
VIP
Local time
2:55 AM
Posts
844
If you noticed that your Virus and Threat Protection turns off when you restart computer

Do this and it will stay on.
Actually the protection is turned on, it's only the automatic sample submission that's turned off - and if then turned on manually should stay that way until the next restart. This is listed as a 'known issue' for the current 22000.100 build, and hopefully should be fixed shortly.

The reg fix you give does work, but also has the side effect of making that setting 'managed by your administrator' and greyed out so it's no longer possible to turn it off.

1627148345125.png
 

My Computers

System One System Two

  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB HDD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. Now 11 has been released it has been re-imaged back to 10 and awaits the upgrade to be offered in Windows Update.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

maurice naggar

New member
Local time
8:55 PM
Posts
26
Hi @Bree Can you export out the whole reg-key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
It would help to review it in its entirety.
 

My Computer

System One

  • Operating System
    win10

Fabler2

Well-known member
Member
VIP
Local time
2:55 AM
Posts
549
I'll just wait for the fix. It's only a couple of mouse clicks to turn on.
 

My Computers

System One System Two

  • Operating System
    Win 10 Home
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

maurice naggar

New member
Local time
8:55 PM
Posts
26
As concerns enabling automatic sample submission, applying this pair of Powershell cmdlets should take care if that.
Code:
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent SendAllSamples
 

My Computer

System One

  • Operating System
    win10

Bree

Well-known member
Power User
VIP
Local time
2:55 AM
Posts
844
Hi @Bree Can you export out the whole reg-key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
It would help to review it in its entirety.
Not really much help, by default there is no Spynet key. I created it myself.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001

This Spynet key has been around since at least Windows 7. More on its use here....

 

My Computers

System One System Two

  • Operating System
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB HDD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. Now 11 has been released it has been re-imaged back to 10 and awaits the upgrade to be offered in Windows Update.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

bobkn

Well-known member
Member
VIP
Local time
9:55 PM
Posts
417
Location
Danbury, CT, USA
Not really much help, by default there is no Spynet key. I created it myself.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001

This Spynet key has been around since at least Windows 7. More on its use here....


First I've heard of that.

Seriously unfortunate name, for a legitimate service.
 

My Computers

System One System Two

  • Operating System
    Windows 11 22000.194
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 9 5950X
    Motherboard
    Asus Tuf X570 Plus Gaming
    Memory
    32GB Gskill DDR4 2800
    Graphics Card(s)
    Radeon RX 6900 XT
    Sound Card
    onboard
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3940 X 2160
    Hard Drives
    WB Black SN850 1TB M.2 NVME SSD
    Seagate Iron Wolf 8TB
    PSU
    Seasonic SS-1250XM
    Case
    Corsair Obsidian 750D
    Cooling
    Corsair H100i RGB Pro XT
    Internet Speed
    1200 Mbps
  • Operating System
    windows 10 19044.1151
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 9 3900X
    Motherboard
    MSI MPG X570 Gaming Plus
    Memory
    32GB
    Graphics card(s)
    Gigabyte RTX 2080 Super
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Samsung LU28R550UQNXZA
    Screen Resolution
    3840 X 2160
    Hard Drives
    Sabrent 1 TB PCI-E 4.0 X4 NVME M.2
    4 GB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 750 G1+
    Case
    Phanteks ENTHOO Pro M
    Cooling
    Corsair H100i RGB Pro XT
    Internet Speed
    400 Mbps
Top Bottom