Unable to set Server 2019 1809 Defender passive mode

A S 1 Reputation point
2021-09-08T09:45:25.077+00:00

I've to set a Windows Server 2019 1809 Defender into passive mode.
I followed the instructions on microsoft-defender-antivirus-on-windows-server and set Defender into passive mode using a registry key. I also did a reboot of the server.

Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
Name: ForceDefenderPassiveMode
Type: REG_DWORD
Value: 1

To check Defender mode I run the powershell commad "Get-MpComputerStatus" to get the AMRunningMode, as discribed here:
edr-in-block-mode - How do I confirm Microsoft Defender Antivirus is in active or passive mode?.

As result, AMRunningMode is still "Normal" instead "Passive Mode".

I'm wondering, why the registry key isn't working.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,555 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Leon Laude 85,701 Reputation points
    2021-09-08T09:56:05.533+00:00

    Hi @A S ,

    Have you made sure you meet all the requirements to run Microsoft Defender Antivirus in passive mode?

    Requirements for Microsoft Defender Antivirus to run in passive mode

    In order for Microsoft Defender Antivirus to run in passive mode, endpoints must meet the following requirements:

    • Operating system: Windows 10 or later; Windows Server, version 1803, or newer; or Windows Server 2019
    • Microsoft Defender Antivirus must be installed
    • Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution
    • Endpoints must be onboarded to Defender for Endpoint

    Reference:
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode

    ----------

    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,
    Leon


  2. Sebastian Cerazy 306 Reputation points
    2023-04-10T11:24:05.5466667+00:00

    The last condition is as vital as other 3 - Endpoints must be onboarded to Defender for Endpoint https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide Without it there is no way to nake it Passive, as soon as it is onboarded, it becomes Passive instantly Seb

    0 comments No comments