MicrosoftHi Rick_Munck
Would appreciate some help here as we are hitting a confusing situation.
If I check Get-MpPreference on my PC, I see
DisableRealtimeMonitoring : False
This is normal as we want to have real-time monitoring enabled.
If I check the registry, I see
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
This is also normal as we want to prevent user interaction (as defined in the setting explanation "If you enable this policy setting, Microsoft Defender Antivirus will not prompt users to take actions on malware detections.")
#1 : can you please confirm that both settings though having the same name do manage different aspects (protection vs user interaction). If so, using the same name was not the best decision ...
The baseline defines
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = 0
#2 : is this a mistake linked to the naming or is there really a security benefit in allowing "prompt users to take actions on malware detections"?
Thanks
