Enable or Disable Windows Defender Using Shortcut or Command-line

Windows Defender, the built-in anti-virus program in Windows, has useful features such as cloud-based protection, offline scanning, limited periodic scanning, tamper protection, controlled folder access, etc.

Almost every aspect of Windows Defender can be managed or automated using the MpCmdrun.exe command-line tool and PowerShell cmdlets. There are times when you need to temporarily disable your Windows Defender real-time protection on your test (non-production) systems and switch it back on after a few minutes.

You may prefer a single-click shortcut or script solution because of the following reasons:

  1. It takes several mouse clicks to turn off/on the Windows Defender real-time protection through the user interface.
  2. The Turn off Microsoft Defender Antivirus Group Policy setting or its equivalent registry setting DisableAntiSpyware = 1 would require rebooting the computer.
  3. Microsoft has discontinued the DisableAntiSpyware policy/registry setting in Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher. DisableAntiSpyware no longer works!

hand point iconThis post explains how to enable or disable Windows Defender in a single click using desktop shortcuts or command-line without requiring a restart.

Read more

Cannot Save Files to Desktop and Error “File not found” in Windows 10

unauthorized changes blocked - controlled folder access

When you try to save a file on the desktop or the documents folder on your Windows 10 computer, it may show the “File not found” error message. Here is the full error message verbatim:

Save as C:\Users\Ramesh\Desktop\filename.txt
File not found.
Check the file name and try again.

.. with the “Unauthorized changes blocked” error in the Notification area and the Action Center.

unauthorized changes blocked - controlled folder access

For each error, an action center notification along with an event log entry is created.

unauthorized changes blocked - controlled folder access - action center
Read more

[Fix] Windows Defender Yellow Exclamation Icon and “Set up OneDrive” Warning

The Windows 10 action center may show a prompt with a black exclamation inside a yellow triangle icon in the Notification area. When you click on that, it opens Windows Defender Security Center. In the Windows Defender Security Center, underneath the “Virus & threat protection” icon the exclamation mark inside a yellow triangle shows up again, with the note reading “Set up OneDrive for file recovery options in case of a ransomware attack.”

The Windows Defender warning shows up even though OneDrive is already be configured, syncing and working perfectly fine. Also, clicking the “Dismiss” link beneath the warning message may do nothing.

windows defender set up onedrive - yellow exclamation warning

If OneDrive is already setup correctly and working fine, then the yellow exclamation warning can be safely ignored. But if you’re desperate to stop Windows Defender from issuing the false alert, this post tells you how to do so.Read more

Fix: Malwarebytes Disables Defender or 3rd Party Anti-Virus

After installing Malwarebytes Premium 14-day trial or licensed product, your anti-virus software (e.g., Microsoft Defender Antivirus) may get disabled automatically. In this scenario, when you attempt to start the Microsoft Defender Antivirus Service (WinDefend) via the Services console, it shows the following error, and the service wouldn’t start.Read more

How to Configure Controlled Folder Access to Stop “Unauthorized changes blocked” Notifications

Windows 10 and 11 include a beneficial security feature named Controlled folder access, which is part of the Microsoft Defender Exploit Guard. You may have noticed the Unauthorized changes blocked notifications. Microsoft Defender’s Controlled folder access feature is the one behind those notifications. Controlled folder access helps you protect valuable data from malicious programs, such as ransomware.

This article explains how to configure CFA and prevent Unauthorized changes blocked notifications when running a program.

Read more

Microsoft Defender: “Managed by your administrator” or “Your IT administrator has limited access”

defender settings grayed out - managed by administrator

In the aftermath of a malware attack, the Windows Defender Security settings page may show the message Some settings are managed by your organization or This setting is managed by your administrator. The real-time protection and cloud-based protection options may remain disabled or grayed out.

Here is what the Windows Defender Settings page might look like. The controls for real-time protection, cloud-based protection, and Automatic sample submission options may be disabled and locked down or grayed out.Read more