Virus and Threat Protection turns off when I restart computer


Win11_user

Well-known member
Local time
2:10 PM
Posts
6
OS
Windows 11 Enterprise
If you noticed that your Virus and Threat Protection turns off when you restart computer

Do this and it will stay on.

Hit WINKEY, and type Regedit, and open as Administrator.

Go to the Register entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet

Right-click on Windows Defender
create new Key entry name Spynet
Right-click on Spynet
creating 3 new separate 32bit Dword
and name them with the names from list below
Right click on each Dword you created and add the values below.

(Key to add)

DisableBlockAtFirstSeen = 0 (Removed this one for fear of False positives)
SpynetReporting = 1
SubmitSamplesConsent = 1

Should look like this:
Screenshot of the Registry Entries

I'm on Windows!! Version 21H2 (OS Build 22000.100)
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    AMD PRO A10-8770 R7, 10 COMPUTE CORES 4C+6G, 3500 Mhz, 4 Core(s), 4 Logical Processor(s)
    Motherboard
    Gigabyte Technology Co., Ltd. A320M-S2H-CF
    Memory
    16.0 GB DDR4-2134 (1067 MHz)
    Graphics Card(s)
    Radeon RX 580 Series 8GB GDDR5
    Sound Card
    AMD Streaming Audio Device
    Monitor(s) Displays
    Hanns-G HL272HPB 27" and Samsung S27E310 27-Inch FHD Monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    Sata, HHD,
    PSU
    Corsair RM850x
One caution about
Code:
DisableBlockAtFirstSeen = 0
That makes Blockatfirstseen ENABLED. The value of 0 on this means "enable" since this is a "disable" value-setting.
Defender is known to have false positives with that setting enabled.
I would leave out that whole line. Otherwise, I would have the value set to 1 ( meaning in effect 'disabled').
Let the normal engine & its definitions determine what is a real threat.
 

My Computer

System One

  • OS
    win10
Thanks for the information. with the research I did, I found these 3 entrys, but it didn't click about the false positives for DisableBlockAtFirstSeen =0 line.

I have removed it from my registry and tested it. and works fine without that line.

Thanks again Maurice.
 

My Computer

System One

  • OS
    Windows 11 Enterprise
    Computer type
    PC/Desktop
    CPU
    AMD PRO A10-8770 R7, 10 COMPUTE CORES 4C+6G, 3500 Mhz, 4 Core(s), 4 Logical Processor(s)
    Motherboard
    Gigabyte Technology Co., Ltd. A320M-S2H-CF
    Memory
    16.0 GB DDR4-2134 (1067 MHz)
    Graphics Card(s)
    Radeon RX 580 Series 8GB GDDR5
    Sound Card
    AMD Streaming Audio Device
    Monitor(s) Displays
    Hanns-G HL272HPB 27" and Samsung S27E310 27-Inch FHD Monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    Sata, HHD,
    PSU
    Corsair RM850x
If you noticed that your Virus and Threat Protection turns off when you restart computer

Do this and it will stay on.
Actually the protection is turned on, it's only the automatic sample submission that's turned off - and if then turned on manually should stay that way until the next restart. This is listed as a 'known issue' for the current 22000.100 build, and hopefully should be fixed shortly.

The reg fix you give does work, but also has the side effect of making that setting 'managed by your administrator' and greyed out so it's no longer possible to turn it off.

1627148345125.png
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
Hi @Bree Can you export out the whole reg-key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
It would help to review it in its entirety.
 

My Computer

System One

  • OS
    win10
I'll just wait for the fix. It's only a couple of mouse clicks to turn on.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
As concerns enabling automatic sample submission, applying this pair of Powershell cmdlets should take care if that.
Code:
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent SendAllSamples
 

My Computer

System One

  • OS
    win10
Hi @Bree Can you export out the whole reg-key "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"
It would help to review it in its entirety.
Not really much help, by default there is no Spynet key. I created it myself.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001

This Spynet key has been around since at least Windows 7. More on its use here....

 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 8GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
Not really much help, by default there is no Spynet key. I created it myself.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001

This Spynet key has been around since at least Windows 7. More on its use here....


First I've heard of that.

Seriously unfortunate name, for a legitimate service.
 

My Computers

System One System Two

  • OS
    Windows 11 22631.2861
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Amd Threadripper 7970X
    Motherboard
    Gigabyte TRX50 Aero D
    Memory
    128GB (4 X 32) Kingston DDR5 5200 (RDIMM)
    Graphics Card(s)
    Gigabyte RTX 4090 OC
    Sound Card
    none (USB to speakers), Realtek
    Monitor(s) Displays
    Philips 27E1N8900 OLED
    Screen Resolution
    3840 X 2160 @ 60Hz
    Hard Drives
    Crucial T700 2TB M.2 NVME SSD
    WD 4TB Blue SATA SSD
    Seagate 18TB IronWolf Pro
    PSU
    eVGA SuperNOVA 1600 GT
    Case
    Lian Li 011 Dynamic Evo XL
    Cooling
    Alphacool Eisbaer Pro Aurora 360, with 3 Phanteks T30 fans
    Keyboard
    Logitech K120 (wired)
    Mouse
    Logitech M500s (wired)
    Internet Speed
    1200 Mbps
  • Operating System
    windows 11 22631.2861
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Intel I9-13900K
    Motherboard
    Asus RoG Strix Z690-E
    Memory
    64GB G.Skill DDR5-6000
    Graphics card(s)
    Gigabyte RTX 3090 ti
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3840 X 2160 @60Hz
    Hard Drives
    WDC SN850 1TB
    8 TB Seagate Ironwolf
    4TB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 1300 GT
    Case
    Lian Li 011 Dynamic Evo
    Cooling
    Corsair iCUE H150i ELITE CAPELLIX Liquid CPU Cooler
    Mouse
    Logitech M500s (wired)
    Keyboard
    Logitech K120 (wired)
Back
Top Bottom