Enable EDR in block mode

Supported on: At least Windows Server 2012, Windows 8 or Windows RT

Registry

HKLM Software\Policies\Microsoft\Windows Defender\Features

Value name: PassiveRemediation

Enabled: PassiveRemediation = 1

Disabled: PassiveRemediation = 0

Description

This policy setting enables or disables EDR in block mode (also known as "passive remediation"). EDR in block mode is recommended for devices running Microsoft Defender Antivirus in passive mode. Available with platform release: 4.18.2202.X The data type is integer Supported values: 1: Turn EDR in block mode on 0: Turn EDR in block mode off