Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Intune
  • GitHub
  • Windows 11
  • About the author
CCMEXEC.COM – Enterprise Mobility

Disabling Windows Defender what’s new in Windows 10 1607

Posted on August 8, 2016August 24, 2017 by Jörgen Nilsson

Windows defender has become even better in the Windows 10 1607 release which is great! But it has also added a first-run dialog for each user that launches the Windows Defender UI.
Defender 1607

This is kind of annoying as it doesn’t check i the settings are already configured and a normal user doesn’t have permissions to turn it on as it requires local admin permissions. So after a little Regshot usage, the registry value that is set after you press close is the following: HKCU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.
Defender1So by using a script or a Group policy preference as shown below we can disable that end-user dialog. I haven’t found it in the group policy settings for Windows 10 1607 which I think it actually should have been. Enterprises will want to turn this of. Defender2I hope that can be useful!

  • GPP
  • Group Policy Preference
  • What's new
  • Windows 10 1607
  • Windows Defender
  • 7 thoughts on “Disabling Windows Defender what’s new in Windows 10 1607”

    1. Steve says:
      August 16, 2016 at 6:17 pm

      Can this setting be applied to HKLM as well? With the HKCU setting applied, Windows Defender still displays the What’s new dialog during first logon.

      Reply
      1. Jörgen Nilsson says:
        August 19, 2016 at 7:50 am

        Hi,
        Not as far as I have seen/tested. I have tested it in a couple of environments now and I have never seen it soon after the registry setting is there.
        /Jörgen

        Reply
    2. Chris says:
      September 7, 2016 at 2:19 pm

      Just what I’ve been looking for! Thanks!

      Reply
    3. ZeusABJ says:
      September 13, 2016 at 10:53 pm

      Hi Jorgen,

      Minor correction for you. In the last sentence of the paragraph under the first screenshot you have this:

      HKU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.

      I think you may have left out a “C” in your “HKU”, if I’m nopt mistaken it should read like so”

      HKCU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.

      Reply
      1. Jörgen Nilsson says:
        September 13, 2016 at 11:24 pm

        Thanks! Updated it!
        /Jörgen

        Reply
    4. Kevin Barbieri says:
      March 2, 2017 at 8:14 pm

      I recommend people deploying this to the default user profile by doing as follows:

      1. Create a .REG named DisableDefenderWhatsNew.REG with the following:

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows Defender]
      “UIFirstRun”=dword:00000000

      2. Create a batch file named DisableDefenderWhatsNew.cmd in the same folder as follows:

      Reg.exe load HKEY_LOCAL_MACHINE\defuser C:\users\default\ntuser.dat
      Reg.exe import “DisableDefenderWhatsNew.reg”
      Reg.exe unload HKEY_LOCAL_MACHINE\defuser

      3. Create a package pointing to the folder containing both of these folders (No program necessary).

      4. Add a Run Command Line Task Sequence step within the newly created package, utilizing the below command:

      cmd.exe /c DisableDefenderWhatsNew.cmd

      Voila!

      Reply
    5. Tony says:
      July 19, 2017 at 2:24 pm

      REG.EXE ADD “HKLM\Software\Microsoft\Active Setup\Installed Components\{1F2D4851-D5BE-4BAF-A93D-1905E1C7D270}” /v StubPath /t REG_SZ /d “REG.EXE ADD \”HKCU\Software\Microsoft\Windows Defender\” /v UIFirstRun /t REG_DWORD /d 0 /f” /f

      Does perfect the jobb, add this before a restart as cmd run and it will do the job

      Reply

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
    All code is provided "AS-IS" with no warranties.

    Tweets by ccmexec

    Recent Posts

    • Windows Servicing, Personal Teams and Success.cmd
    • Windows MDM Security Baseline – Settings Catalog
    • Configuring MS Edge Security Baseline v107 using Settings Catalog
    • Configuring Desktop App Installer using CSP and script?!
    • Customizing Taskbar and Start in Windows 11 22h2 with PowerShell

    ©2023 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
    This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
    Privacy & Cookies Policy

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT