Policy

Enable EDR in block mode

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Microsoft Defender Antivirus > Features
Supported onAt least Windows Server 2012, Windows 8 or Windows RT

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting enables or disables EDR in block mode (also known as "passive remediation"). EDR in block mode is recommended for devices running Microsoft Defender Antivirus in passive mode. Available with platform release: 4.18.2202.X The data type is integer Supported values: 1: Turn EDR in block mode on 0: Turn EDR in block mode off

Internal name
Features_PassiveRemediation
Policy ID
eb841e9bd0d9
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\Software\Policies\Microsoft\Windows Defender\Features\PassiveRemediationREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.