I'm having a frustrating issue with Windows Defender on my Windows 10 Pro machine. It's blocking a ton of actions, including legitimate system processes like dllhost.exe and svchost.exe, and keeps giving me false alarms saying, "Your administrator has blocked this action." I'm not using Intune or any similar deployments.
I've attempted several solutions, including setting ASR rules to AuditMode, modifying Group Policy to disable ASR, and turning off tamper protection, but nothing has worked. I'm at the point where I think the only way to stop this madness is to completely turn off Defender. Can anyone suggest how to fix this issue, or confirm if turning it off is my only option?
1 Answer
It sounds like you're dealing with a pretty serious problem here, but I think the focus should be on the root cause rather than just disabling Defender. If your system is being that aggressive, it might be telling you something's wrong. I recommend doing a fresh install of Windows, making sure to use verified Microsoft media and legitimate software.
If you're still determined to turn off Defender, you can do it through the Group Policy Editor: go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
I was hoping for a setting fix too, but it looks like a fresh install might be the best way to go.