This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 28.000000000000004%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVT%3C/text%3E%3C/svg%3E)
Hello, seems like on some of our servers the Virus & threat protection and App & browser control were switched off. I didn't find eventid 1121 in security eventlog because it's too short unfortunately, so I have no clue if someone clicked in Windows Security and switched it off or how it happened.
I have seen it off only on w2k22 servers but I didn't check all yet.
I was asked to see if there is a way to prevent this from happening so these controls remain ON.
Seems like there is no such settings in GPO. Is there another way?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Yes, there is policy, if you navigate to:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
And then select Turn off Microsoft Defender Antivirus and set it as Disabled and this disable the turn off option which mean it will be forced to be on and user couldn't turn it off.
Have a look at:
https://learn.microsoft.com/en-us/mem/intune/user-help/turn-on-defender-windows
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more