Enable Microsoft Defender Antivirus real-time behavior monitoring

Check whether Microsoft Defender Antivirus monitors file processes, file and registry changes, and other events on your endpoints for suspicious and known malicious activity.

Potential risk

Disabling behavior monitoring will reduce your ability to detect suspicious activity that could indicate a breach.

Remediation options

Option 1 - Set the following registry value:
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring

To the following REG_DWORD value: 0

Option 2 - Set the following Group Policy:
Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Real-time Protection\Turn on behavior monitoring

To the following value: Enabled