[SOLVED] Windows Defender restriction policy in FRST logs?

[Badram]

Hi,

I previously reveived help from DR. M with confirming that my PC is clean and they helped me by providing a fix for my PC and helping me reset my password.

Yesterday I ran a fix in order to clear cache's and reset my Firewall permissions just because I forgot if I had correctly let an app through the Firewall or not.
After running this fix, it broughtr back a restriction, which I got help to remove previously, and it's made me worried:

 

[Badram]

Was forced to turn the computer off, because I have something urgent to do.
I don’t know if I should submit new logs when I get back, since I never anticipated this.
Sorry for any inconveniences

 

[Badram]

I should be available tomorrow and onwards. I didn’t expect to have to leave yesterday.
Dont know if I should update my system and submit more logs when I get back on.

 

[DR M]

Hi, Badram.

1. No, do not post new logs.

2. NEVER run a fix with FRST without the supervision of an expert on FRST.

3. The following fix will remove the restriction from Windows Defender:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {8D0850C3-E429-4B95-82D4-36154D143E74} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-676346632-3412613119-591161220-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
Task: {07DD6AF8-C59C-4A49-8248-937182FF4FA3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-676346632-3412613119-591161220-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

[ubuysa]

There is a golden rule that applies to all aspects of computing; if it ain't broke then don't fix it!

It's very similar to doctors warning against using the Internet for self-diagnosis. You'll likely frighten yourself unnecessarily.

It's never wise to go looking for problems, either in your own health or in Windows. You know that through this forum you have access to a wealth of collective experience that can help you should a problem appear. You don't need to keep checking, we will catch you if you fall.

If you're always looking at your feet you never get to see the stars.

 

[Badram]

Thank you!
I need to run some errands, so I wont be able to run this right now, but id like to ask something:

1. Would it be acceptable to update any software beforehand, or should I wait until after I run the fix?

2. Why does defender even have a restriction like this anyway? What does it effect?

 

[DR M]

1. Would it be acceptable to update any software beforehand, or should I wait until after I run the fix?

Run the fix, and then update what you want.

2. Why does defender even have a restriction like this anyway? What does it effect?

Defender doesn't have restrictions for itself. Something else did that. I don't know what, but since everything is good now, no need to dig further.

 

[Badram]

I’m going to run the fix now

 

[Badram]

Here's the fix log:

 

[Badram]

Also, I think it was that previous fix I talked about that placed restrictions

 

[DR M]

A, OK. Sorry.

The fix must run in Safe mode.

• Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
• Choose Update and Security.
• From the menu at the left, choose Recovery.
• Under the title Advanced startup at the right, choose Restart now.
• From the window that will appear choose Troubleshoot and then Advanced options.
• Choose Startup Settings and then Restart.
• Press number 5, for choosing Safe mode with networking.
• You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

As soon as you are in Safe mode, run the fix below:

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
End::

Post the fixlog.txt in your next reply.

 

[Badram]

Here you go:

 

[DR M]

OK.

You are fine now.

You can restart with normal mode (or just shut down and start), and remove FRST tool.

 

[Badram]

Also, I should mention that I was able to restart from safe mode successfully, since I was able to get into the start menu normally. When we did this last time, and I was in the admin account, I was unable to open the start menu in safe mode. Maybe it was because it was an account that was never set up.

Also, turns out I can just enter safe mode with my pin, and not the password.

 

[DR M]

So we are good.

 

[Badram]

I hope so
I underestimated how many updates came out yesterday and today. Firefox kept prompting me to install an update but I kept declining until we were done with the fixes. Hope that didn’t mess anything up

 

[DR M]

As I said, you can do whatever you want now.

 

[Badram]

Okay I updated stuff now. I was a bit uneasy about it though, since my taskbar flashed a few times. Hopefully nothing went wrong in safe mode, and the admin account doesn't somehow reenable itself, and that everything installed correctly.
I was wondering where you could learn to read these logs?
I took some now just so I could check if the restriction stayed off, etc. I can't really make sense of it though.
My eyes are really sore too, so I’m just going to shut off the computer so I feel better.

 

[DR M]

Hi, Badram.

Sorry, but I won't check your logs again. The computer is just fine and it is absolutely unreasonable (it started to be irritating too) to ask someone to check your logs all the time.

Having said that, I'll ask an admin to close this topic as well.

I'm glad I was able to help you.

 

[Badram]

I understand. Thank you for the help today!