<# # It is recommended to test the script on a local machine for its purpose and effects. # ManageEngine Endpoint Central will not be responsible for any # damage/loss to the data/setup based on the behavior of the script. # Description: Script is designed to Enable real-time protection at Microsoft Defender # Configuration Type - COMPUTER # Disable real-time protection in Group Policy "https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus?view=o365-worldwide#disable-real-time-protection-in-group-policy" # Windows related article: https://www.elevenforum.com/t/enable-or-disable-real-time-protection-for-microsoft-defender-antivirus-in-windows-11.3989/ # Note: If the registry changed but not effective, advise the customer to reach out windows support #> # Define the registry path and value $regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" $regName = "DisableRealtimeMonitoring" # Check if the registry path exists if (Test-Path $regPath) { # Check if the specific registry value exists if (Test-Path "$regPath\$regName") { # Delete the registry value if it exists Remove-ItemProperty -Path $regPath -Name $regName Write-Host "Relevant registry key value deleted. Real-time protection was enabled successfully." } else { Write-Host "Relevant registry key value was not found. Real-time protection was already enabled." } } else { Write-Host "The registry path '$regPath' does not exist." }