Microsoft Defender Enhanced Protection Mode

Posted: July 28, 2011

Microsoft Defender Enhanced Protection Mode Description

ScreenshotWhile under the guise of being part of the Microsoft Defender program, Microsoft Defender Enhanced Protection Mode will display fake security information while Microsoft Defender Enhanced Protection Mode shuts off your real security programs to prepare for other attacks. Microsoft Defender Enhanced Protection Mode infections have been linked to the installation of other rogue anti-virus programs and will often pretend to be Flash update links to gain access to your PC. Since our Spywareemove.com malware experts have found that the security risk that Microsoft Defender Enhanced Protection Mode poses is severe, you should watch out for the appropriate symptoms and delete Microsoft Defender Enhanced Protection Mode with your choice of anti-malware program when necessary.

Microsoft Defender Enhanced Protection Mode: A Fake Security That Shields Real Security Risks

Microsoft Defender Enhanced Protection Mode uses fake update statistics and deceptive pop-ups to make you believe that Microsoft Defender Enhanced Protection Mode is just one more piece of the Microsoft Defender program. The unfortunate truth is that if you see these signs of Microsoft Defender Enhanced Protection Mode being on your PC, you're infected with at least one rogue anti-virus program that's trying to shut down the real Microsoft Defender:

  • Microsoft Defender Enhanced Protection Mode will create a new icon on your taskbar. This icon has only one purpose, to create a pop-up window with this alert:

    "Attention! [Rogue security program name] operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

Unlike the real Microsoft Defender, Microsoft Defender Enhanced Protection Mode can't detect viruses or other infections. This false alarm is just an excuse to prevent you from panicking while Microsoft Defender Enhanced Protection Mode does its best to turn off all of Microsoft Defender's features.

  • Naturally, since Microsoft Defender Enhanced Protection Mode is disabling Microsoft Defender, Microsoft Defender Enhanced Protection Mode doesn't want you to try to update Microsoft Defender by yourself, either. Microsoft Defender Enhanced Protection Mode solves this problem with another nugget of fake information, by falsifying the 'last updated' time of threat database updates.

Our SpywareRemove.com malware experts have noticed a direct correlation between Microsoft Defender Enhanced Protection Mode's fake update time and the login time on the PC, so that the former will always be identical. This makes it appear as though your database never needs to be updated. You can also see similar symptoms from other rogue anti-virus programs in the Microsoft Defender Enhance Protection Mode subgroup, including Dr.Web Enhanced Protection Mode, Microsoft Security Essentials Enhanced Protection Mode, McAfee Enhanced Protection Mode and Norton AntiVirus Enhanced Protection Mode.

What Microsoft Defender Enhanced Protection Mode is Hiding Beneath Its False Info Shell Game

Microsoft Defender Enhanced Protection Mode has been associated with Trojans similar to Zlob and Fake Microsoft Security Essentials Alert; these Trojans or Microsoft Defender Enhanced Protection Mode itself may attempt to install other rogue security programs onto your PC. Avoid any unusual requests to install generic virus protection software.

However, it is recommended to use a good anti-virus application to remove Microsoft Defender Enhanced Protection Mode from your PC. Our SpywareRemove.com malware analysts have found that Microsoft Defender Enhanced Protection Mode and similar rogue security programs tend to make sophisticated system changes in the Registry and other areas of Windows, and deleting Microsoft Defender Enhanced Protection Mode by yourself may leave these components infected.

To stop Microsoft Defender Enhanced Protection Mode's attacks and regain access to your real security software, Safe Mode or rebooting in a way that bypasses the Registry (such as rebooting via USB drive) will let you use Windows without Microsoft Defender Enhanced Protection Mode getting in your way.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Microsoft Defender Enhanced Protection Mode may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\Software\Microsoft Defender Enhanced Protection ModeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Microsoft Defender Enhanced Protection Mode"

Additional Information

The following messages's were detected:
# Message
1Microsoft Defender ENHANCED PROTECTION MODE Attention! Microsoft Defender operates under enhanced protection mode. This is temporary measure necessary for immediate response to the threat from virus. No action is required from you.

Home Malware Programs Rogue Anti-Spyware Programs Microsoft Defender Enhanced Protection Mode

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.