0x800704ec

Fix Windows Defender Blocked by Group Policy

Cybersecurity & Malware Intermediate 👁 0 views 📅 May 25, 2026

Windows Defender is disabled or blocked by Group Policy, preventing it from running or updating. This guide explains how to identify and resolve policy conflicts to restore protection.

Symptoms

Users may experience one or more of the following:

  • Windows Defender Security Center shows "Turn on" button grayed out or missing.
  • Error code 0x800704ec appears when trying to start Defender.
  • Event ID 5007 or 7023 in System log indicating Defender service failed to start.
  • Group Policy reports that Windows Defender Antivirus is disabled by policy.
  • Third-party antivirus may be installed, but Defender remains disabled even after uninstalling it.

Root Causes

The issue typically arises from one of the following:

  • Local Group Policy settings explicitly disable Windows Defender.
  • Domain Group Policy pushed from a server overrides local settings.
  • Registry modifications (e.g., DisableAntiSpyware) set by malware or previous security software.
  • Corrupted policy cache causing stale configurations.

Step-by-Step Fix

1. Open Local Group Policy Editor

  1. Press Win + R, type gpedit.msc, and press Enter.
  2. Navigate to: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.

2. Check Policy Settings

Look for the policy "Turn off Microsoft Defender Antivirus". If it is set to Enabled, change it to Not Configured or Disabled. Click OK.

3. Verify Additional Policies

Also check these paths for similar settings:

  • Computer Configuration > Administrative Templates > Windows Components > Windows Security > Notifications – ensure notifications are not blocked.
  • Computer Configuration > Administrative Templates > Windows Components > Windows Defender (older versions).

4. Apply Policy Changes

Open Command Prompt as Administrator and run:

gpupdate /force

5. Reset Registry (if needed)

If the above doesn't work, check the registry:

  1. Press Win + R, type regedit, press Enter.
  2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  3. Delete the DisableAntiSpyware DWORD value if present (set to 1).
  4. Also check: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender for the same value.
  5. Restart the computer.

Alternative Fixes

  • Use PowerShell to reset Defender: Run Set-MpPreference -DisableRealtimeMonitoring $false as admin.
  • Run System File Checker: sfc /scannow to repair corrupted system files.
  • Use Microsoft Safety Scanner to remove malware that may have modified policies.
  • Check for conflicting third-party antivirus and fully uninstall using dedicated removal tools.

Prevention

  • Avoid disabling Defender manually via Group Policy unless absolutely necessary.
  • Regularly update Windows to apply security patches.
  • Use a reputable antivirus that integrates with Windows Security Center.
  • Periodically audit Group Policy settings with gpresult /h report.html.
  • Enable tamper protection in Windows Security to prevent unauthorized changes.

Following these steps should restore Windows Defender functionality. If problems persist, consider using the Windows Defender Offline Scan or resetting Windows Security app via Settings > Apps > Windows Security > Advanced options > Reset.

Was this solution helpful?

Windows Defender group policy blocked disabled 0x800704ec security center registry malware antivirus policy override local group policy gpedit.msc defender disabled turn off remediation