Windows Defender: Is the firewall blocking the real-time protection?

[German]Companies using Windows Defender in Windows environments should ensure that Cloud/MAPS is active and that communication for real-time protection is not blocked by the firewall.


This is pointed out by the security researcher with the @SwiftOnSecurity alias in this tweet.

To do this, you must open an administrative prompt (otherwise there is an access error ERROR_ACCESS_DENIED, code 0x80070005) and navigate to the Windows Defender folder. Then enter the following command:

mpcmdrun –validatemapsconnection

The command then reports whether the connection to the MAPS (Microsoft Advanced Protection Service) cloud service is possible for Defender. A description of the configuration and validation can be found in the Microsoft document Configure and validate Windows Defender Antivirus network connections. The MAPS service itself is described in the Microsoft document Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection.


Cookies helps to fund this blog: Cookie settings


This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *