Confifure windows defender to only alert but not block

Question

Hi,

I am trying to configure Windows Defender on a Machine (not connected to the internet, high availability) so that it only alerts (via EventViewer\WindowsDefender\Oparational log file) when found a threat but doesn't block, delete or quarantine it (or otherwise makes the file unusable). I already changed the "default threat action" for all alert levels to 6 (NoAction) via the Powershell Commands:

Set-MpPreference -UnknownThreatDefaultAction NoAction -verbose

Set-MpPreference -LowThreatDefaultAction NoAction -verbose

Set-MpPreference -ModerateThreatDefaultAction NoAction -verbose

Set-MpPreference -HighThreatDefaultAction NoAction -verbose

Set-MpPreference -SevereThreatDefaultAction NoAction -verbose

->after setting this Win Def doesn't delete the files or move them to quarantine but i also cant access them - like if copy it somewhere or use the type command, i always get the error "Operation did not complete successfully because the file contains a virus or potentially unwanted software."

I also tried the threat action "ignore" but this means i get no alerts in event viewer.

Some more infos on the machines:
windows 1607

Win Def Version: 4.18.2203.5

Signature Version: 1.367.1569.0

please help,

greetings

Answer 1

Hi RobinSchmied-5364,

First of all, your version of Windows 10 is very old and reached end of life in April 2019. I suggest that you should upgrade ASAP as the latest version of Windows 10 may have already resolved this issue. If this doesn’t resolve the issue, please reach back out to us.

I hope this answers your question.

----------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

i made an official Microsoft case through their services hub and sadly the technician told me what we wanted to achieve is not possible.