Reputation: 727
Powershell Set-MpPreference -DisableRealtimeMonitoring $true error when running from unattent windows installation
I am installing Windows Server 2025 Core with an unattent install. I want to disable the real time scanning from Windows Defender and to do that, I just need to run the powershell command Set-MpPreference -DisableRealtimeMonitoring $true.
I added this to the last place of <FirstLogonCommands> in my unattent.xml:
<SynchronousCommand wcm:action="add">
<Order>10</Order>
<CommandLine>powershell -noexit "Set-MpPreference -DisableRealtimeMonitoring $true"</CommandLine>
<Description>Deactivates Windows Defender real time threat detection</Description>
</SynchronousCommand>
Then while installing windows, I see that a powershel terminal opens and tries to run the command but it does fail with:
Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target: DisableRealtimeMonitoring. At line:1 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft...FT_MpPreference)
[Set-MpPreference], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
Strange thing is, the console stays open because of my -noexit flag so I just wrote the command again in the same terminal but this time it just works.
Why does it work when I type it myself and not via command in the exact same terminal? And how can I get it to work?
Upvotes: 1
Views: 67
Answers (1)
Reputation: 727
I got it to work in another way.
Instead of running the command Set-MpPreference -DisableRealtimeMonitoring $true to deactivate the real time scan of windows defender, I just deactivated it by changing values within the registry. This doesn't cause problems if run within the unattended installation process. Registry values to change where found in this answer.
<SynchronousCommand wcm:action="add">
<Order>25</Order>
<CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f</CommandLine>
<Description>Deactivates Microsoft Defender live threat detection</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>26</Order>
<CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f</CommandLine>
<Description>Deactivates Microsoft Defender live threat detection</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>27</Order>
<CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f</CommandLine>
<Description>Deactivates Microsoft Defender live threat detection</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>28</Order>
<CommandLine>reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f</CommandLine>
<Description>Deactivates Microsoft Defender live threat detection</Description>
</SynchronousCommand>
Upvotes: 1
Related Questions
- PowerShell says "execution of scripts is disabled on this system."
- Node.js/Windows error: ENOENT, stat 'C:\Users\RT\AppData\Roaming\npm'
- Unix tail equivalent command in Windows Powershell
- Powershell Set-MpPreference -DisableRealtimeMonitoring $true not working correctly
- How do I get the current username in Windows PowerShell?
- How to fix Storage Module Cmdlet when they can't run on Powershell Windows 10
- Set window title when running "start powershell" in powershell not working?
- Powershell Set-MpPreference -DisableRealtimeMonitoring $true not working