When managing enterprise Windows 10/11 environments, many sysadmins disable specific firewall profiles via Group Policy while keeping others enabled for security. However, Windows persists in showing system tray notifications about disabled firewall components, causing unnecessary helpdesk tickets from confused users.
The Windows Security Center service (wscsvc) monitors core security components including:
- Windows Firewall (mpssvc) - Windows Defender - User Account Control - Virus Protection
When any component gets disabled - even intentionally via GPO - wscsvc generates persistent UI notifications.
We'll implement a two-pronged Group Policy approach:
1. Disable Security Center Notifications
Navigate to:
Computer Configuration → Administrative Templates → Windows Components → Security Center
Enable "Turn off Security Center notifications" and set it to 1
2. Registry Modification via GPO
Create a new Group Policy Preference (Registry item):
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring Name: DisableMonitoring Type: REG_DWORD Value: 1
After GP update (gpupdate /force), verify with:
reg query "HKLM\SOFTWARE\Microsoft\Security Center\Monitoring" /v DisableMonitoring
Expected output: DisableMonitoring REG_DWORD 0x1
For environments preferring scripts, create a GPO running this at startup:
# Disable Security Center notifications
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
-Name "NoSecurityCenter" -Value 1 -Type DWORD -Force
# Disable specific firewall notifications
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Security Center"
-Name "AntiVirusDisableNotify" -Value 1 -Type DWORD -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Security Center"
-Name "FirewallDisableNotify" -Value 1 -Type DWORD -Force
- These changes affect all security notifications, not just firewall
- Document the changes in your security policy
- Consider implementing alternative monitoring solutions
- Test thoroughly in non-production first
When managing enterprise Windows 10 environments, administrators often disable the Windows Defender Firewall through Group Policy for domain-joined machines. While this achieves the desired configuration, it triggers constant notifications in the system tray:
Windows Defender Firewall is turned off. Click to turn it on.
These notifications create unnecessary helpdesk tickets from confused users and visual clutter for technical staff.
To suppress these notifications while maintaining firewall-disabled state, configure the following Group Policy settings:
Computer Configuration
└─ Policies
└─ Administrative Templates
└─ Windows Components
└─ Windows Security
└─ Notifications
→ Configure Windows Security notifications = Disabled
For administrators implementing this solution:
- Open Group Policy Management Console (gpmc.msc)
- Create or edit an existing GPO that applies to your target machines
- Navigate to: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Security > Notifications
- Enable "Configure Windows Security notifications" policy
- Set the dropdown to "Disable all notifications"
- Apply the GPO to appropriate OUs
After applying the GPO:
- Run
gpupdate /forceon test machines - Restart the Security Center service:
net stop wscsvc & net start wscsvc - Check registry key for confirmation:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notificationsshould showDisableNotifications=1
For environments where GPO isn't available, this can be deployed via registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]
"DisableNotifications"=dword:00000001
Deploy this REG file through your preferred software distribution method.
Be aware that this setting disables all Windows Security notifications, including alerts for:
- Antivirus status
- Device performance
- Account protection
Ensure you have alternative monitoring solutions in place for these security aspects.