Virus and Threat Protection turns off when I restart computer


Win11_user

Member
Local time
6:01 AM
Posts
4
OS
Windows 11 Enterprise
If you noticed that your Virus and Threat Protection turns off when you restart computer

Do this and it will stay on.

Hit WINKEY, and type Regedit, and open as Administrator.

Go to the Register entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet

Right-click on Windows Defender
create new Key entry name Spynet
Right-click on Spynet
creating 3 new separate 32bit Dword
and name them with the names from list below
Right click on each Dword you created and add the values below.

(Key to add)

DisableBlockAtFirstSeen = 0 (Removed this one for fear of False positives)
SpynetReporting = 1
SubmitSamplesConsent = 1

Should look like this:
Screenshot of the Registry Entries

I'm on Windows!! Version 21H2 (OS Build 22000.100)
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    AMD PRO A10-8770 R7, 10 COMPUTE CORES 4C+6G, 3500 Mhz, 4 Core(s), 4 Logical Processor(s)
    Motherboard
    Gigabyte Technology Co., Ltd. A320M-S2H-CF
    Memory
    16.0 GB DDR4-2134 (1067 MHz)
    Graphics Card(s)
    Radeon RX 580 Series 8GB GDDR5
    Sound Card
    AMD Streaming Audio Device
    Monitor(s) Displays
    Hanns-G HL272HPB 27" and Samsung S27E310 27-Inch FHD Monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    Sata, HHD,
    PSU
    Corsair RM850x

maurice naggar

New member
Local time
6:01 AM
Posts
26
OS
win10
One caution about
Code:
DisableBlockAtFirstSeen = 0
That makes Blockatfirstseen ENABLED. The value of 0 on this means "enable" since this is a "disable" value-setting.
Defender is known to have false positives with that setting enabled.
I would leave out that whole line. Otherwise, I would have the value set to 1 ( meaning in effect 'disabled').
Let the normal engine & its definitions determine what is a real threat.
 

My Computer

System One

  • OS
    win10

Win11_user

Member
Thread Starter
Local time
6:01 AM
Posts
4
OS
Windows 11 Enterprise
Thanks for the information. with the research I did, I found these 3 entrys, but it didn't click about the false positives for DisableBlockAtFirstSeen =0 line.

I have removed it from my registry and tested it. and works fine without that line.

Thanks again Maurice.
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    AMD PRO A10-8770 R7, 10 COMPUTE CORES 4C+6G, 3500 Mhz, 4 Core(s), 4 Logical Processor(s)
    Motherboard
    Gigabyte Technology Co., Ltd. A320M-S2H-CF
    Memory
    16.0 GB DDR4-2134 (1067 MHz)
    Graphics Card(s)
    Radeon RX 580 Series 8GB GDDR5
    Sound Card
    AMD Streaming Audio Device
    Monitor(s) Displays
    Hanns-G HL272HPB 27" and Samsung S27E310 27-Inch FHD Monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    Sata, HHD,
    PSU
    Corsair RM850x

Bree

Well-known member
Pro User
VIP
Local time
12:01 PM
Posts
2,387
Location
S/E England, UK
OS
Windows 11 Home
If you noticed that your Virus and Threat Protection turns off when you restart computer

Do this and it will stay on.
Actually the protection is turned on, it's only the automatic sample submission that's turned off - and if then turned on manually should stay that way until the next restart. This is listed as a 'known issue' for the current 22000.100 build, and hopefully should be fixed shortly.

The reg fix you give does work, but also has the side effect of making that setting 'managed by your administrator' and greyed out so it's no longer possible to turn it off.

1627148345125.png
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB HDD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

maurice naggar

New member
Local time
6:01 AM
Posts
26
OS
win10
Hi @Bree Can you export out the whole reg-key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
It would help to review it in its entirety.
 

My Computer

System One

  • OS
    win10

Fabler2

Well-known member
Power User
VIP
Local time
12:01 PM
Posts
1,447
OS
Win 11 Pro & Dev.
I'll just wait for the fix. It's only a couple of mouse clicks to turn on.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & Dev.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

maurice naggar

New member
Local time
6:01 AM
Posts
26
OS
win10
As concerns enabling automatic sample submission, applying this pair of Powershell cmdlets should take care if that.
Code:
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent SendAllSamples
 

My Computer

System One

  • OS
    win10

Bree

Well-known member
Pro User
VIP
Local time
12:01 PM
Posts
2,387
Location
S/E England, UK
OS
Windows 11 Home
Hi @Bree Can you export out the whole reg-key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
It would help to review it in its entirety.
Not really much help, by default there is no Spynet key. I created it myself.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001

This Spynet key has been around since at least Windows 7. More on its use here....

 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB HDD
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    i5 M 520
    Motherboard
    0T6M8G
    Memory
    4GB
    Screen Resolution
    1366x768
    Hard Drives
    500GB HDD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround.


    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, Windows 11 Pro.

bobkn

Well-known member
Power User
VIP
Local time
7:01 AM
Posts
712
Location
Danbury, CT, USA
OS
Windows 11 22000.652
Not really much help, by default there is no Spynet key. I created it myself.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001

This Spynet key has been around since at least Windows 7. More on its use here....


First I've heard of that.

Seriously unfortunate name, for a legitimate service.
 

My Computers

System One System Two

  • OS
    Windows 11 22000.652
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-12900K
    Motherboard
    Asus Prime Z690-A
    Memory
    16 GB Gskill F5-5600U3636C16G X2 (32GB)
    Graphics Card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3840 X 2160
    Hard Drives
    WB Black SN850 1TB M.2 NVME SSD
    Seagate Iron Wolf 8TB
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Corsair 5000D AIrflow
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Internet Speed
    1200 Mbps
  • Operating System
    windows 11 22000.652
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 9 5950X
    Motherboard
    Asus Tuf Gaming X570-Plus
    Memory
    64GB DDR4 3800 (@ 3600)
    Graphics card(s)
    Zotac RTX 3080
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Samsung LU28R55
    Screen Resolution
    3840 X 2160
    Hard Drives
    Sabrent 1 TB PCI-E 4.0 X4 NVME M.2
    4 GB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 850 G6
    Case
    Phanteks ENTHOO Pro M
    Cooling
    iCUE H115i RGB PRO XT Liquid CPU Cooler
Top Bottom