Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Powershell Set-MpPreference -DisableRealtimeMonitoring $true not working correctly

Tags:

security

powershell

cmd

windows-defender

I must warn you I don't use powershell much. I am trying to turn off windows defender real time protection via powershell I found the command Set-MpPreference -DisableRealtimeMonitoring $true and tried it in admin privileges only to get this

Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target: DisableRealtimeMonitoring. At line:1 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft...FT_MpPreference)
[Set-MpPreference], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference

Any thoughts?

like image 396
Zach Generic Name Avatar asked Feb 24 '18 06:02

Zach Generic Name

1 Answers

The problem is that the Windows Defender antivirus services seem to be persistently disabled on your machine.

It's unfortunate that the Set-MpPreference cmdlet reports this in such an obscure fashion.

To fix this problem, re-enable the Windows Defender antivirus services:

The easiest way to do this is the following, but note that it involves a reboot:

Set-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' DisableAntiSpyware 0
Restart-Computer

  • You may instead use the Local Group Policy Editor-based method described in this windowscentral.com article or use regedit.exe's GUI or us the reg.exe CLI utility.

    • Note that the linked instructions are slightly outdated - instead of node Windows Defender, setting Turn off Windows Defender, target node Windows Defender Antivirus, setting Turn off Windows Defender Antivirus).

    • While using the Local Group Policy Editor (gpedit.msc) to turn the antivirus services off takes effect immediately, turning them back on can take minutes before the services are actually restarted (on the plus side, no reboot is required, unlike what the linked instructions say).

  • Note that if you reenable via the registry, such as via the above PowerShell command whereas disabling was originally performed via [local] group policy, that policy will continue to reflect the disabling (however, it is the registry setting that matters).

like image 191
mklement0 Avatar answered Sep 29 '22 08:09

mklement0
Sign in to Comment

Related questions

String replacement in a file using PowerShell
How to find the name of the IIS features
PowerShell AST Modification and Extents
Use PowerShell as the WebStorm terminal and open in current project folder
How to access body of Outlook email messages from Powershell script?
Preserve color from piped output
Positional Parameter error in powershell script
How to use wget in PowerShell console with username and password
Parsing PowerShell script with AST
Converting a partial IP address string to an IP address object
PowerShell -split on Pipe Character
Format [pscustomobject] instances returned by Invoke-RestMethod or ConvertFrom-Json
Powershell parameter sets and optional parameters
Windows equivalent to efibootmgr?
Python Popen fails in compound command (PowerShell)
How to start PowerShell in WiX with proper access to Windows Registry?
clip and display result in same time
Does powershell 5 class have access modifiers?
Powershell Scheduled Task At Startup Repeating
RUN Powershell Script in Docker Container From Host Powershell Script

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!