Windows defender has become even better in the Windows 10 1607 release which is great! But it has also added a first-run dialog for each user that launches the Windows Defender UI.
This is kind of annoying as it doesn’t check i the settings are already configured and a normal user doesn’t have permissions to turn it on as it requires local admin permissions. So after a little Regshot usage, the registry value that is set after you press close is the following: HKCU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.
So by using a script or a Group policy preference as shown below we can disable that end-user dialog. I haven’t found it in the group policy settings for Windows 10 1607 which I think it actually should have been. Enterprises will want to turn this of. I hope that can be useful!
Can this setting be applied to HKLM as well? With the HKCU setting applied, Windows Defender still displays the What’s new dialog during first logon.
Hi,
Not as far as I have seen/tested. I have tested it in a couple of environments now and I have never seen it soon after the registry setting is there.
/Jörgen
Just what I’ve been looking for! Thanks!
Hi Jorgen,
Minor correction for you. In the last sentence of the paragraph under the first screenshot you have this:
HKU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.
I think you may have left out a “C” in your “HKU”, if I’m nopt mistaken it should read like so”
HKCU\Software\Microsoft\Windows Defender\UIFirstRun with a value of 0.
Thanks! Updated it!
/Jörgen
I recommend people deploying this to the default user profile by doing as follows:
1. Create a .REG named DisableDefenderWhatsNew.REG with the following:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\defuser\SOFTWARE\Microsoft\Windows Defender]
“UIFirstRun”=dword:00000000
2. Create a batch file named DisableDefenderWhatsNew.cmd in the same folder as follows:
Reg.exe load HKEY_LOCAL_MACHINE\defuser C:\users\default\ntuser.dat
Reg.exe import “DisableDefenderWhatsNew.reg”
Reg.exe unload HKEY_LOCAL_MACHINE\defuser
3. Create a package pointing to the folder containing both of these folders (No program necessary).
4. Add a Run Command Line Task Sequence step within the newly created package, utilizing the below command:
cmd.exe /c DisableDefenderWhatsNew.cmd
Voila!
REG.EXE ADD “HKLM\Software\Microsoft\Active Setup\Installed Components\{1F2D4851-D5BE-4BAF-A93D-1905E1C7D270}” /v StubPath /t REG_SZ /d “REG.EXE ADD \”HKCU\Software\Microsoft\Windows Defender\” /v UIFirstRun /t REG_DWORD /d 0 /f” /f
Does perfect the jobb, add this before a restart as cmd run and it will do the job