[SOLVED] Windows Defender restriction policy in FRST logs?

Badram · Aug 16, 2023

Hi,

I previously reveived help from DR. M with confirming that my PC is clean and they helped me by providing a fix for my PC and helping me reset my password.

Yesterday I ran a fix in order to clear cache's and reset my Firewall permissions just because I forgot if I had correctly let an app through the Firewall or not.
After running this fix, it broughtr back a restriction, which I got help to remove previously, and it's made me worried:

Badram · Aug 16, 2023

Was forced to turn the computer off, because I have something urgent to do.
I don’t know if I should submit new logs when I get back, since I never anticipated this.
Sorry for any inconveniences

Badram · Aug 17, 2023

I should be available tomorrow and onwards. I didn’t expect to have to leave yesterday.
Dont know if I should update my system and submit more logs when I get back on.

DR M · Aug 17, 2023

Hi, Badram.

1. No, do not post new logs.

2. NEVER run a fix with FRST without the supervision of an expert on FRST.

3. The following fix will remove the restriction from Windows Defender:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Code:

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {8D0850C3-E429-4B95-82D4-36154D143E74} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-676346632-3412613119-591161220-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
Task: {07DD6AF8-C59C-4A49-8248-937182FF4FA3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-676346632-3412613119-591161220-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

ubuysa · Aug 18, 2023

There is a golden rule that applies to all aspects of computing; if it ain't broke then don't fix it!

It's very similar to doctors warning against using the Internet for self-diagnosis. You'll likely frighten yourself unnecessarily.

It's never wise to go looking for problems, either in your own health or in Windows. You know that through this forum you have access to a wealth of collective experience that can help you should a problem appear. You don't need to keep checking, we will catch you if you fall.

If you're always looking at your feet you never get to see the stars.

Badram · Aug 18, 2023

Thank you!
I need to run some errands, so I wont be able to run this right now, but id like to ask something:

1. Would it be acceptable to update any software beforehand, or should I wait until after I run the fix?

2. Why does defender even have a restriction like this anyway? What does it effect?

DR M · Aug 18, 2023

1. Would it be acceptable to update any software beforehand, or should I wait until after I run the fix?

Run the fix, and then update what you want.

2. Why does defender even have a restriction like this anyway? What does it effect?

Defender doesn't have restrictions for itself. Something else did that. I don't know what, but since everything is good now, no need to dig further.

Badram · Aug 18, 2023

I’m going to run the fix now

Badram · Aug 18, 2023

Here's the fix log:

Badram · Aug 18, 2023

Also, I think it was that previous fix I talked about that placed restrictions

DR M · Aug 18, 2023

A, OK. Sorry.

The fix must run in Safe mode.

Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
Choose Update and Security.
From the menu at the left, choose Recovery.
Under the title Advanced startup at the right, choose Restart now.
From the window that will appear choose Troubleshoot and then Advanced options.
Choose Startup Settings and then Restart.
Press number 5, for choosing Safe mode with networking.
You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

As soon as you are in Safe mode, run the fix below:

Code:

Start::
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
End::

Post the fixlog.txt in your next reply.

Badram · Aug 18, 2023

Here you go:

DR M · Aug 18, 2023

OK.

You are fine now.

You can restart with normal mode (or just shut down and start), and remove FRST tool.

Badram · Aug 18, 2023

Also, I should mention that I was able to restart from safe mode successfully, since I was able to get into the start menu normally. When we did this last time, and I was in the admin account, I was unable to open the start menu in safe mode. Maybe it was because it was an account that was never set up.

Also, turns out I can just enter safe mode with my pin, and not the password.

DR M · Aug 18, 2023

So we are good.

Badram · Aug 18, 2023

I hope so
I underestimated how many updates came out yesterday and today. Firefox kept prompting me to install an update but I kept declining until we were done with the fixes. Hope that didn’t mess anything up

DR M · Aug 18, 2023

As I said, you can do whatever you want now.

Badram · Aug 18, 2023

Okay I updated stuff now. I was a bit uneasy about it though, since my taskbar flashed a few times. Hopefully nothing went wrong in safe mode, and the admin account doesn't somehow reenable itself, and that everything installed correctly.
I was wondering where you could learn to read these logs?
I took some now just so I could check if the restriction stayed off, etc. I can't really make sense of it though.
My eyes are really sore too, so I’m just going to shut off the computer so I feel better.

DR M · Aug 18, 2023

Hi, Badram.

Sorry, but I won't check your logs again. The computer is just fine and it is absolutely unreasonable (it started to be irritating too) to ask someone to check your logs all the time.

Having said that, I'll ask an admin to close this topic as well.

I'm glad I was able to help you.

Badram · Aug 18, 2023

I understand. Thank you for the help today!

[SOLVED] Windows Defender restriction policy in FRST logs?

Well-known member

Attachments

Well-known member

Well-known member

Sysnative Staff, Security Analyst

Sysnative Staff BSOD Kernel Dump Senior AnalystContributor

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Well-known member

Attachments

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Attachments

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Attachments

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff
BSOD Kernel Dump Senior Analyst
Contributor