Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

My pc was infected and I can't get rid of it.

Started by Jarbon , Feb 26 2024 09:51 AM

  • This topic is locked This topic is locked
36 replies to this topic

#16 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 28 February 2024 - 01:07 PM

Please do this.

===================================================

Farbar Recovery Scan Tool Registry Search

--------------------
  • Launch FRST
  • Type the following in the Search: box
DisableAntiSpyware
  • Click Search Registry button
  • When completed click OK and a SearchReg.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • SearchReg report

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

BC AdBot (Login to Remove)

 

#17 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 28 February 2024 - 01:21 PM

Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (28-02-2024 13:20:29)
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
 
================== Search Registry: "DisableAntiSpyware" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender]
"RegValueNameRedirect"="DisableAntiSpyware"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"="1"
 
====== End of Search ======

#18 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 28 February 2024 - 09:33 PM

Before providing the next step I would like to see the contents of a registry key.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlist

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#19 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 29 February 2024 - 08:13 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Owner (29-02-2024 08:13:23) Run:5
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender
End::
*****************
 
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
"RegValueNameRedirect"="DisableAntiSpyware"
 
=== End of ExportKey ===
 
==== End of Fixlog 08:13:23 ====

#20 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 29 February 2024 - 10:52 AM

Thank you.

That registry key is related to Group Polices usually applied by an Administrator in order to restrict manipulation of some Windows Defender settings. Typically that is done in a corporate setting but in your case it doesn't look like that applies. Is that correct?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#21 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 29 February 2024 - 11:00 AM

I believe that's correct, yeah.

#22 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 29 February 2024 - 04:15 PM

Thank you.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix From Recovery Partition

--------------------
  • If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Download Attached File  Fixlist.txt   2.62KB   3 downloads and save it in the same USB device
  • Attach the USB to the compromised computer
  • Holding down the Shift Key click Start, click the power icon, then select Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Command Prompt
  • Choose an account to continue
  • If necessary, enter the password then hit Continue
  • In the command window type in Notepad and press Enter
  • Under File menu select Open
  • Select This PC and double click on your USB drive letter
  • Next to Files of type: select All Files
  • Right click on the FRST icon and select Run as administrator
  • Click Yes to disclaimer that may appear
  • Press Fix button
  • A fixlog.txt file will be saved on the USB drive
  • At the Command Prompt type Exit then hit Enter
  • Select Continue - Exit and continue to Windows 10
  • Copy and paste the contents of Fixlog.txt your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#23 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 01 March 2024 - 01:41 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01

Ran by SYSTEM (01-03-2024 01:47:58) Run:6
Running from E:\FRST64bit
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender|DisableAntiSpyware
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\*
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\*
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
*****************
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAntiSpywareDefender => removed successfully
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\\DisableAntiSpyware" => removed successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log => moved successfully
"C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log" => not found
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db => moved successfully
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\30EBE0E2-B9BA-43BD-AEF9-1FFD24F27A2B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\59018AC2-2595-478D-ABEF-6D3DE4692A30 => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\056FAA23-2C26-407B-AEF2-3E6C0EF3810C => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\AD931CF3-DE27-4797-9AEA-A7E56A379B50 => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\B0CC118B-278E-4934-818A-F95F99E07ED4 => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\D9B18A59-E606-4EAB-BFAA-B991C3920CB3 => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\01857AC7-A239-4EB0-8050-EB00352EBFAE => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\A126A38A-293E-4DE9-9EAB-AEB56B72D4FB => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\AA32380E-B1A7-4AFA-8A97-36F0EB19E70F => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\DF427336-EDBD-4D8C-9652-6FC8AF0081BF => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\20\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\*" ==========
 
not found
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\*" ========
 
 
=========== "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\*" ==========
 
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\3003D024-D151-48BA-83D1-BE7FF6EB23F2 => moved successfully
 
========= End -> "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\*" ========
 
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus]
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\AllowFastServiceStartup]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
"RegValueNameRedirect"="AllowFastServiceStartup"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableAutoExclusions]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Exclusions"
"RegValueNameRedirect"="DisableAutoExclusions"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableBlockAtFirstSeen]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Spynet"
"RegValueNameRedirect"="DisableBlockAtFirstSeen"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableLocalAdminMerge]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
"RegValueNameRedirect"="DisableLocalAdminMerge"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableRealtimeMonitoring]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="DisableRealtimeMonitoring"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\DisableRoutinelyTakingAction]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
"RegValueNameRedirect"="DisableRoutinelyTakingAction"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Exclusions_Extensions]
"admxMetadataDevice"="30374f45190000004578636c7573696f6e735f457874656e73696f6e734c6973743f42000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e6465725c4578636c7573696f6e735c457874656e73 (the data entry has 22 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Exclusions"
"RegValueNameRedirect"="Exclusions_Extensions"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Exclusions_Paths]
"admxMetadataDevice"="30374f45140000004578636c7573696f6e735f50617468734c6973743f3d000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e6465725c4578636c7573696f6e735c5061746873510150010000 (the data entry has 2 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Exclusions"
"RegValueNameRedirect"="Exclusions_Paths"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Exclusions_Processes]
"admxMetadataDevice"="30374f45180000004578636c7573696f6e735f50726f6365737365734c6973743f41000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e6465725c4578636c7573696f6e735c50726f63657373 (the data entry has 18 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Exclusions"
"RegValueNameRedirect"="Exclusions_Processes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ExploitGuard_ASR_ASROnlyExclusions]
"admxMetadataDevice"="30374f45220000004578706c6f697447756172645f4153525f4153524f6e6c794578636c7573696f6e733f61000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e6465725c57696e646f777320 (the data entry has 102 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR"
"RegValueNameRedirect"="ExploitGuard_ASR_ASROnlyExclusions"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ExploitGuard_ASR_Rules]
"admxMetadataDevice"="30374f45160000004578706c6f697447756172645f4153525f52756c65733f55000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e6465725c57696e646f777320446566656e64657220457870 (the data entry has 54 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR"
"RegValueNameRedirect"="ExploitGuard_ASR_Rules"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ExploitGuard_ControlledFolderAccess_AllowedApplications]
"admxMetadataDevice"="30374f45370000004578706c6f697447756172645f436f6e74726f6c6c6564466f6c6465724163636573735f416c6c6f7765644170706c69636174696f6e733f78000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e64 (the data entry has 190 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
"RegValueNameRedirect"="ExploitGuard_ControlledFolderAccess_AllowedApplications"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ExploitGuard_ControlledFolderAccess_ProtectedFolders]
"admxMetadataDevice"="30374f45340000004578706c6f697447756172645f436f6e74726f6c6c6564466f6c6465724163636573735f50726f746563746564466f6c646572733f75000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f7773 (the data entry has 178 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access"
"RegValueNameRedirect"="ExploitGuard_ControlledFolderAccess_ProtectedFolders"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\MpEngine_EnableFileHashComputation]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\MpEngine"
"RegValueNameRedirect"="EnableFileHashComputation"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Nis_Consumers_IPS_DisableSignatureRetirement]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS"
"RegValueNameRedirect"="DisableSignatureRetirement"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid]
"admxMetadataDevice"="30374f453c0000004e69735f436f6e73756d6572735f4950535f736b755f646966666572656e74696174696f6e5f5369676e61747572655f5365745f477569644c6973743f65000000536f6674776172655c506f6c69636965735c4d6963726f736f6674 (the data entry has 162 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation"
"RegValueNameRedirect"="Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Nis_DisableProtocolRecognition]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\NIS"
"RegValueNameRedirect"="DisableProtocolRecognition"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ProxyBypass]
"admxMetadataDevice"="30373e450b00000050726f78794279706173734c01400b00000050726f7879427970617373000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ProxyPacUrl]
"admxMetadataDevice"="30373e450b00000050726f787950616355726c4c01400b00000050726f787950616355726c000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ProxyServer]
"admxMetadataDevice"="30373e450b00000050726f78795365727665724c01400b00000050726f7879536572766572000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Quarantine_LocalSettingOverridePurgeItemsAfterDelay]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Quarantine"
"RegValueNameRedirect"="LocalSettingOverridePurgeItemsAfterDelay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Quarantine_PurgeItemsAfterDelay]
"admxMetadataDevice"="30373d451f00000051756172616e74696e655f50757267654974656d73416674657244656c6179401400000050757267654974656d73416674657244656c617946000000004780969800000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Quarantine"
"RegValueNameRedirect"="PurgeItemsAfterDelay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RandomizeScheduleTaskTimes]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
"RegValueNameRedirect"="RandomizeScheduleTaskTimes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_DisableBehaviorMonitoring]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="DisableBehaviorMonitoring"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_DisableIOAVProtection]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="DisableIOAVProtection"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_DisableOnAccessProtection]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="DisableOnAccessProtection"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_DisableRawWriteNotification]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="DisableRawWriteNotification"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_DisableScanOnRealtimeEnable]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="DisableScanOnRealtimeEnable"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_IOAVMaxSize]
"admxMetadataDevice"="30373d451e0000005265616c74696d6550726f74656374696f6e5f494f41564d617853697a65400b000000494f41564d617853697a6546000000004780969800000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="IOAVMaxSize"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="LocalSettingOverrideDisableBehaviorMonitoring"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_LocalSettingOverrideDisableIOAVProtection]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="LocalSettingOverrideDisableIOAVProtection"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="LocalSettingOverrideDisableOnAccessProtection"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="LocalSettingOverrideDisableRealtimeMonitoring"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\RealtimeProtection_LocalSettingOverrideRealtimeScanDirection]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Real-Time Protection"
"RegValueNameRedirect"="LocalSettingOverrideRealtimeScanDirection"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Remediation_LocalSettingOverrideScan_ScheduleTime]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Remediation"
"RegValueNameRedirect"="LocalSettingOverrideScan_ScheduleTime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Remediation_Scan_ScheduleDay]
"admxMetadataDevice"="30374e451c00000052656d6564696174696f6e5f5363616e5f5363686564756c6544617940100000005363616e5f5363686564756c654461794c0135363d08000000000035363d00000000000035363d01000000000035363d02000000000035363d0300 (the data entry has 86 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Remediation"
"RegValueNameRedirect"="Scan_ScheduleDay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Remediation_Scan_ScheduleTime]
"admxMetadataDevice"="30373d451d00000052656d6564696174696f6e5f5363616e5f5363686564756c6554696d6540110000005363616e5f5363686564756c6554696d65460000000047a0050000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Remediation"
"RegValueNameRedirect"="Scan_ScheduleTime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_AdditionalActionTimeout]
"admxMetadataDevice"="30373d45210000005265706f7274696e675f4164646974696f6e616c416374696f6e54696d656f757440170000004164646974696f6e616c416374696f6e54696d656f7574460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="AdditionalActionTimeout"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_CriticalFailureTimeout]
"admxMetadataDevice"="30373d45200000005265706f7274696e675f437269746963616c4661696c75726554696d656f75744016000000437269746963616c4661696c75726554696d656f7574460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="CriticalFailureTimeout"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_DisableEnhancedNotifications]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="DisableEnhancedNotifications"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_DisablegenericrePorts]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="DisableGenericRePorts"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_NonCriticalTimeout]
"admxMetadataDevice"="30373d451c0000005265706f7274696e675f4e6f6e437269746963616c54696d656f757440120000004e6f6e437269746963616c54696d656f7574460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="NonCriticalTimeout"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_RecentlyCleanedTimeout]
"admxMetadataDevice"="30373d45200000005265706f7274696e675f526563656e746c79436c65616e656454696d656f75744016000000526563656e746c79436c65616e656454696d656f7574460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="RecentlyCleanedTimeout"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_WppTracingComponents]
"admxMetadataDevice"="30373d451e0000005265706f7274696e675f57707054726163696e67436f6d706f6e656e7473401400000057707054726163696e67436f6d706f6e656e7473460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="WppTracingComponents"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Reporting_WppTracingLevel]
"admxMetadataDevice"="30373d45190000005265706f7274696e675f57707054726163696e674c6576656c400f00000057707054726163696e674c6576656c460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Reporting"
"RegValueNameRedirect"="WppTracingLevel"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_AllowPause]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="AllowPause"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_ArchiveMaxDepth]
"admxMetadataDevice"="30373d45140000005363616e5f417263686976654d61784465707468400f000000417263686976654d61784465707468460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="ArchiveMaxDepth"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_ArchiveMaxSize]
"admxMetadataDevice"="30373d45130000005363616e5f417263686976654d617853697a65400e000000417263686976654d617853697a65460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="ArchiveMaxSize"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableArchiveScanning]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableArchiveScanning"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableEmailScanning]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableEmailScanning"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableHeuristics]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableHeuristics"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisablePackedExeScanning]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisablePackedExeScanning"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableRemovableDriveScanning]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableRemovableDriveScanning"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableReparsePointScanning]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableReparsePointScanning"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableRestorePoint]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableRestorePoint"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableScanningMappedNetworkDrivesForFullScan]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableScanningMappedNetworkDrivesForFullScan"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_DisableScanningNetworkFiles]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="DisableScanningNetworkFiles"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_LocalSettingOverrideAvgCPULoadFactor]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="LocalSettingOverrideAvgCPULoadFactor"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_LocalSettingOverrideScanParameters]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="LocalSettingOverrideScanParameters"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_LocalSettingOverrideScheduleDay]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="LocalSettingOverrideScheduleDay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_LocalSettingOverrideScheduleQuickScantime]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="LocalSettingOverrideScheduleQuickScanTime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_LocalSettingOverrideScheduleTime]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="LocalSettingOverrideScheduleTime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_LowCpuPriority]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="LowCpuPriority"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_MissedScheduledScanCountBeforeCatchup]
"admxMetadataDevice"="30373d452a0000005363616e5f4d69737365645363686564756c65645363616e436f756e744265666f72654361746368757040250000004d69737365645363686564756c65645363616e436f756e744265666f7265436174636875704602000000471400 (the data entry has 10 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="MissedScheduledScanCountBeforeCatchup"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_PurgeItemsAfterDelay]
"admxMetadataDevice"="30373d45190000005363616e5f50757267654974656d73416674657244656c6179401400000050757267654974656d73416674657244656c6179460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="PurgeItemsAfterDelay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_QuickScanInterval]
"admxMetadataDevice"="30373d45160000005363616e5f517569636b5363616e496e74657276616c4011000000517569636b5363616e496e74657276616c46000000004718000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="QuickScanInterval"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_ScanOnlyIfIdle]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="ScanOnlyIfIdle"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_ScheduleDay]
"admxMetadataDevice"="30374e45100000005363616e5f5363686564756c65446179400b0000005363686564756c654461794c0135363d08000000000035363d00000000000035363d01000000000035363d02000000000035363d03000000000035363d04000000000035363d05 (the data entry has 52 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="ScheduleDay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Scan_ScheduleTime]
"admxMetadataDevice"="30373d45110000005363616e5f5363686564756c6554696d65400c0000005363686564756c6554696d65460000000047a0050000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Scan"
"RegValueNameRedirect"="ScheduleTime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\ServiceKeepAlive]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender"
"RegValueNameRedirect"="ServiceKeepAlive"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_ASSignatureDue]
"admxMetadataDevice"="30373d451e0000005369676e61747572655570646174655f41535369676e6174757265447565400e00000041535369676e6174757265447565460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="ASSignatureDue"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_AVSignatureDue]
"admxMetadataDevice"="30373d451e0000005369676e61747572655570646174655f41565369676e6174757265447565400e00000041565369676e6174757265447565460000000047ffffffff000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="AVSignatureDue"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_DefinitionUpdateFileSharesSources]
"admxMetadataDevice"="30373e45310000005369676e61747572655570646174655f446566696e6974696f6e55706461746546696c65536861726573536f75726365734c014021000000446566696e6974696f6e55706461746546696c65536861726573536f7572636573000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_DisableScanOnUpdate]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="DisableScanOnUpdate"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_DisableScheduledSignatureUpdateonBattery]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="DisableScheduledSignatureUpdateOnBattery"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_DisableUpdateOnStartupWithoutEngine]
"admxMetadataDevice"="30313d0000000000323d010000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="DisableUpdateOnStartupWithoutEngine"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_FallbackOrder]
"admxMetadataDevice"="30373e451d0000005369676e61747572655570646174655f46616c6c6261636b4f726465724c01400d00000046616c6c6261636b4f72646572000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_ForceUpdateFromMU]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="ForceUpdateFromMU"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_RealtimeSignatureDelivery]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="RealtimeSignatureDelivery"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_ScheduleDay]
"admxMetadataDevice"="30374e451b0000005369676e61747572655570646174655f5363686564756c65446179400b0000005363686564756c654461794c0135363d08000000000035363d00000000000035363d01000000000035363d02000000000035363d0300000000003536 (the data entry has 74 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="ScheduleDay"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_ScheduleTime]
"admxMetadataDevice"="30373d451c0000005369676e61747572655570646174655f5363686564756c6554696d65400c0000005363686564756c6554696d65460000000047a0050000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="ScheduleTime"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_SharedSignaturesLocation]
"admxMetadataDevice"="30373e45280000005369676e61747572655570646174655f5368617265645369676e6174757265734c6f636174696f6e4c0140130000005368617265645369676e6174757265526f6f74000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_SignatureDisableNotification]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="SignatureDisableNotification"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_SignatureUpdateCatchupInterval]
"admxMetadataDevice"="30373d452e0000005369676e61747572655570646174655f5369676e617475726555706461746543617463687570496e74657276616c401e0000005369676e617475726555706461746543617463687570496e74657276616c460000000047ffffffff00 (the data entry has 4 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="SignatureUpdateCatchupInterval"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SignatureUpdate_UpdateOnStartup]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Signature Updates"
"RegValueNameRedirect"="UpdateOnStartUp"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\SpynetReporting]
"admxMetadataDevice"="30374e450f0000005370796e65745265706f7274696e67400f0000005370796e65745265706f7274696e674c0135363d00000000000035363d01000000000035363d020000000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Spynet"
"RegValueNameRedirect"="SpynetReporting"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Spynet_LocalSettingOverrideSpynetReporting]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Spynet"
"RegValueNameRedirect"="LocalSettingOverrideSpynetReporting"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\Threats_ThreatIdDefaultAction]
"admxMetadataDevice"="30374f4521000000546872656174735f546872656174496444656661756c74416374696f6e4c6973743f4a000000536f6674776172655c506f6c69636965735c4d6963726f736f66745c57696e646f777320446566656e6465725c546872656174735c54 (the data entry has 54 more characters)."
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\Threats"
"RegValueNameRedirect"="Threats_ThreatIdDefaultAction"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\UX_Configuration_CustomDefaultActionToastString]
"admxMetadataDevice"="30373e452f00000055585f436f6e66696775726174696f6e5f437573746f6d44656661756c74416374696f6e546f617374537472696e674c01401e000000437573746f6d44656661756c74416374696f6e546f617374537472696e67000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\UX Configuration"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\UX_Configuration_Notification_Suppress]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\UX Configuration"
"RegValueNameRedirect"="Notification_Suppress"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\UX_Configuration_SuppressRebootNotification]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\UX Configuration"
"RegValueNameRedirect"="SuppressRebootNotification"
[HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\ADMX_MicrosoftDefenderAntivirus\UX_Configuration_UILockdown]
"admxMetadataDevice"="30313d0100000000323d000000000000"
"Behavior"="96"
"mergealgorithm"="3"
"policytype"="1"
"RegKeyPathRedirect"="Software\Policies\Microsoft\Windows Defender\UX Configuration"
"RegValueNameRedirect"="UILockdown"
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"="C:\ProgramData\Microsoft\Windows Defender"
"ProductIcon"="@%ProgramFiles%\Windows Defender\EppManifest.dll,-100"
"ProductLocalizedName"="@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000"
"RemediationExe"="windowsdefender://"
"ProductType"="2"
"InstallTime"="b1778dec6e48d501"
"InstallLocation"="C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\"
"ManagedDefenderProductType"="0"
"OOBEInstallTime"="dd8b1f3d5c33d701"
"ProductStatus"="0"
"LastEnabledTime"="1c16788fa36bda01"
"BackupLocation"="C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0"
"PUAProtection"="0"
"HybridModeEnabled"="0"
"VerifiedAndReputableTrustModeEnabled"="0"
"PassiveMode"="0"
"RpcServerUseEndpointMapper"="0"
"PreviousRunningMode"="2"
"DisableAntiVirus"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\CoreService]
"MdTrustedRootCertThumbPrints"="CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F|4348A0E9444C78CB265E058D5E8944B4D84F9662BD26DB257F8934A443C70161"
"MdTrustedSubjectOrgs"="Microsoft Corporation|DigiCert Inc"
"WdTimerInitalDelay"="300002"
"WdTimerMonitorInterval"="300000"
"WdConfigHash"="1370359201"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\CoreService\CpuSensor]
"MonitoredTargets"="mpdefendercoreservice|msmpeng|nissrv"
"LowThresholds"="10|10|10"
"HighThresholds"="45|90|90"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\CoreService\CrashSensor]
"MonitoredTargets"="mpdefendercoreservice|msmpeng|nissrv"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\CoreService\DiskSensor]
"MonitoredTargets"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\CoreService\MemorySensor]
"MonitoredTargets"="mpdefendercoreservice|msmpeng|nissrv"
"LowThresholds"="20|600|128"
"HighThresholds"="30|1024|500"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Device Control]
"PoliciesLastUpdated"="4df0b788c52ad901"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Device Control\Policy Groups]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Device Control\Policy Rules]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Diagnostics]
"LastKnownGoodEngineCandidate"="0200bc4d01000100"
"LastKnownGoodPlatformLocation"="C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0"
"InitializingComponentProgress"="ServiceStartedSuccessfully"
"CleanupComponentProgress"="CleanupCompleted"
"LatestPlatformVersionOnDevice"="0300465a12000400"
"PlatformHealthData"="0300000030010000a803b3c22468da010ae19d3d0169da0104000000000000000a00000001000000000000000200000004000000000000000a00000001000000000000000200000003000000000000000a00000000000000000000000200000003000000 (the data entry has 408 more characters)."
"CloudBadListVersion"="0500000000000000"
"LastSignatureUpdateResult"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Diagnostics\BlockedVersions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Diagnostics\BlockedVersions\Engine]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Diagnostics\BlockedVersions\Platform]
"4.18.2303.123"="7b00ff0812000400"
"4.18.23060.1004"="ec03145a12000400"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Diagnostics\BlockedVersions\Signatures]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\DLP Configs]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\DLP Configs\Tag]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\DLP Websites]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\DLP Websites\Rules]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\Extensions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\IpAddresses]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\Paths]
"374320"="0"
"C:\Users\Owner\Downloads"="0"
"C:\Program Files (x86)\Fluxus"="0"
"C:\Users\Owner\Downloads\Fluxus"="0"
"C:\Users\Owner\Downloads\Fluxus\bin"="0"
"C:\Users\Owner\Desktop"="0"
"C:\Users\Owner\Desktop\Fluxus"="0"
"C:\Users\Owner\Desktop\Fluxus\bin"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\Processes]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features]
"TamperProtection"="1"
"MpPlatformKillbitsFromEngine"="0000000400000000"
"MpCapability"="ff01000000000000"
"TamperProtectionSource"="5"
"ChangedDefaults"="0100000000000000"
"TPExclusions"="0"
"DlpAppEnlightenmentSettings"="0"
"DlpDisablePrintDetours"="0"
"MpPlatformKillbitsExFromEngine"="20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (the data entry has 56 more characters)."
"EnableCACS"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\Controls]
"7"="1"
"9"="1"
"10"="1"
"13"="1"
"15"="1"
"22"="62"
"31"="2305"
"32"="14000"
"48"="1"
"69"="1"
"_4"="1"
"_7"="1"
"_9"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\EcsConfigs]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\EcsConfigs\ETag]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\Troubleshooting]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features\UpdateControl]
"LastHeartbeatSystime"="40b69e3d0169da01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Miscellaneous Configuration]
"DeltaUpdateFailure"="0"
"BddUpdateFailure"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\MpEngine]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\NIS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\NIS\ActiveSignatures]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\NIS\Consumers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\NIS\Consumers\IPS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Quarantine]
"PurgeItemsAfterDelay"="90"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Real-Time Protection]
"DpaDisabled"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Remediation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Reporting]
"LastRtpAndScanConfigsCollectedInHeartbeatTime"="b729a0e98763da01"
"SigUpdateTimestampsSinceLastHB"=""
"LastRebootTime"="d9c2a4105e6ada01"
"LastDefenderDisableHeartbeatReportTime"="8884ce98a06bda01"
"LastHeartbeatReportTime"="bfe78e2ea569da01"
"ScansSinceLastRecap"="6"
"LastRecapTime"="c5f167772568da01"
"LastPaidHeartbeatReportTime"="3ad97a801868da01"
"LastExclusionsHeartbeatReportTime"="22bc46edb023d901"
"LastRtpHeartbeatReportTime"="d16fb97ca669da01"
"LastRtpTurnedOffTime"="6b0579c9b023d901"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Scan]
"7749EA3F-0000-0000-0000-402400000000"="C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\7749EA3F-0000-0000-0000-402400000000-0.bin"
"DaysUntilAggressiveCatchupQuickScan"="30"
"AggressiveCatchupQuickScanReattemptElapsed"="23"
"CacheFile"="C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\7749EA3F-0000-0000-0000-402400000000-0.bin"
"LastAggressiveCheck"="ff50da605d6ada01"
"LastScanType"="1"
"LastScanRun"="100540e2a869da01"
"LastQuickScanID"="{FA0B35D4-383E-44AA-AB82-E7A59C1DAAC8}"
"LastQuickScanResourceCount"="80c7060000000000"
"SFCState"="7"
"OfflineScanRun"="1"
"LastOfflineScanPreserved"="e1e35cefd368da01"
"LastOfflineScan"="b950e2ecd368da01"
"OfflineScanResult"="0"
"LastFullScanID"="{6FAFE684-5DB7-4B36-A74F-EB8109EAE30C}"
"LastFullScanBytesCount"="470ac34362010000"
"5CBDE002-0000-0000-0000-100000000000"="C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\5CBDE002-0000-0000-0000-100000000000-0.bin"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Scan\Scan]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Signature Updates]
"DisableDefaultSigs"="0"
"SignatureCategoryID"="8c3fcc84-7410-4a95-8b89-a166a0190486"
"DefaultEngineExpirationTime"="00319730c943d501"
"EngineVersion"="1.1.24010.10"
"SignatureLocation"="C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C020A86C-95AF-4AD5-9D65-AF4CC361DBCA}"
"SignatureType"="0"
"SignatureUpdateCount"="775"
"SignaturesLastUpdated"="0927964ba569da01"
"SignatureUpdatePending"="0"
"LastFallbackTime"="c79f0cb11268da01"
"MoCAMPUpdateStarted"="a5554c451168da01"
"SignatureUpdateLastAttempted"="f90207b11268da01"
"ISUInterval"="4"
"ISULength"="24"
"ISUReason"="16"
"ISUControlFlags"="1"
"ISUStartTime"="487bff3e7afad601"
"EnableUpdateResiliency"="0"
"AVSignatureVersion"="1.405.701.0"
"AVSignatureBaseVersion"="1.405.0.0"
"AVSignatureApplied"="000e02f06969da01"
"ASSignatureVersion"="1.405.701.0"
"ASSignatureBaseVersion"="1.405.0.0"
"ASSignatureApplied"="80a49af06969da01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"="2"
"SubmitSamplesConsent"="1"
"SpyNetReportingLocation"="SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx*SOAP:https://wdcpalt.microsoft.com/WdCpSrvc.asmx*REST:https://wdcp.microsoft.com/wdcp.svc/submitReport*REST:https://wdcpalt.microsoft.com/wdcp.svc/submitR (the data entry has 126 more characters)."
"SSLOptions"="3"
"MAPSconcurrency"="1"
"MAPSconcurrencyDss"="10"
"LastMAPSSuccessTime"="8ebc0030a569da01"
"MemoryReportID"="{D4888D973870-3711-A351-B7DA0CD82780}"
"LastMAPSFailureTime"="5f9cce98a06bda01"
"UEFIScanStatus"="32Bit : 0, IsIntel : 1, DeviceId : 0, VendorId : 0, Category : 1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Threats]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Threats\ThreatTypeDefaultAction]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\UX Configuration]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\WCOS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyExclusions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\ASROnlyPerRuleExclusions]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\Rules]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\AllowedApplications]
"C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\Smite.exe"="0"
"C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe"="0"
"C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\FiraxisBugReporter.exe"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access\ProtectedFolders]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\DLP]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\DLP\Rules]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
 
=== End of ExportKey ===
 
==== End of Fixlog 01:47:58 ====

Edited by Jarbon, 01 March 2024 - 01:51 AM.

#24 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 01 March 2024 - 10:15 AM

Before we do anything else can you tell me if you are still experiencing this?
 

Affected:
regkeyvalue: hklm\software\microsoft\windowsdefender\\DisableAntiSpyware


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#25 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 01 March 2024 - 10:47 AM

no i dont  see it so far, but its taking forever to try and full scan


#26 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 01 March 2024 - 10:48 AM

It is worth the wait. :)
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#27 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 01 March 2024 - 11:51 AM

So when it was done the most recent window defenders notification said it detected threats I believe, but none would show under the protection history. Also when clicking on one of the notifications I still get this notification saying, "Page not available. Your IT administrator has limited access to some areas of this app, and the item you tried to access is not available. Contact IT helpdesk for more info." It is possible that was a defenders notification that was still there prior to the full scan I just did since I wasn't paying attention at first when looking at them. The full scan protection history still says 0 threats found. Might it have skipped some items?


#28 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 01 March 2024 - 12:59 PM

I ran the full scan again to see and I got the notification saying it skipped an item due to exclusion or network scanning settings. Also got the same one about contacting IT when I clicked on the scan results.


#29 Jarbon

Jarbon
  • Topic Starter

  • Avatar image
  • Members
  • 21 posts
  • OFFLINE
    •  

Posted 01 March 2024 - 01:03 PM

It's not showing me that the Affected:

regkeyvalue: hklm\software\microsoft\windowsdefender\\DisableAntiSpyware is there at least


#30 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,028 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:07:58 PM

Posted 01 March 2024 - 09:28 PM

Please do this.

===================================================

Modifying Windows Security Group Policy Windows 10 - Virus and Threat Protection

--------------------
  • Hit the Windows Key + R at the same time
  • Type gpedit.msc and hit Enter
  • Under Computer Configuration expand Administrative Templates
  • On the right side double click Windows Components
  • Double click either Windows Security or Microsoft Defender, whichever is listed
  • Double click Virus and threat protection
  • Locate and double click on Hide the Virus and threat protection area
  • Select Not Configured
  • Click OK
  • Close the Group Policy Editor window
  • Hit the Windows Key + R at the same time
  • Type gpupdate /force then hit Enter
  • Confirm the Computer Policy update has completed successfully.
  • Check access to Windows Security
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Results?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·