Hi, @Duchemin, Dominique
Thank you for posting in Microsoft Q&A forum.
What is the difference between the "Unchecked"/Checked" from the top and the "No/Yes" just above?
If we "Unchecked" from the top, the users can configure the "Real-time protection" by themselves.
If we "Checked" from the top and set "No" to "Enable real-time protection" and "No" to "Allow users on client computers to configure real-time protection settings", the real-time protection will be disabled by default and the user cannot modify it.
If we "Checked" from the top and set "No" to "Enable real-time protection" and "Yes" to "Allow users on client computers to configure real-time protection settings", the real-time protection will be disabled by default and the user can modify it.
We can use the powershell to get the RealTimeProtection status:
Get-MpComputerStatus | select RealTimeProtectionEnabled
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".