I am trying to configure Windows Defender on a Machine (not connected to the internet, high availability) so that it only alerts (via EventViewer\WindowsDefender\Oparational log file) when found a threat but doesn't block, delete or quarantine it (or otherwise makes the file unusable). I already changed the "default threat action" for all alert levels to 6 (NoAction) via the Powershell Commands:
Set-MpPreference -UnknownThreatDefaultAction NoAction -verbose
Set-MpPreference -LowThreatDefaultAction NoAction -verbose
Set-MpPreference -ModerateThreatDefaultAction NoAction -verbose
Set-MpPreference -HighThreatDefaultAction NoAction -verbose
Set-MpPreference -SevereThreatDefaultAction NoAction -verbose
->after setting this Win Def doesn't delete the files or move them to quarantine but i also cant access them - like if copy it somewhere or use the type command, i always get the error "Operation did not complete successfully because the file contains a virus or potentially unwanted software."
I also tried the threat action "ignore" but this means i get no alerts in event viewer.
Some more infos on the machines:
Win Def Version: 4.18.2203.5
Signature Version: 1.367.1569.0