[Bug]: "Failed to set using Set-MpPreference" (Provider load failure) in a lot of scripts.

[ElektroStudios]

Description

The following scripts with descriptions:

• --- Disable behavior monitoring
• --- Disable scanning of all downloaded files and attachments
• --- Disable bidirectional scan for incoming and outgoing file and program activities
• --- Disable real-time monitoring
• --- Disable intrusion prevention system (IPS)
• --- Disable Defender Antivirus "Block at First Sight" feature
• --- Disable Defender Antivirus "Extended Cloud Check" feature
• --- Disable Defender Antivirus aggressive cloud protection
• --- Disable Defender Antivirus cloud protection reporting
• --- Disable Defender Antivirus automatic file submission to Microsoft
• --- Disable behavior monitoring
• --- Disable scanning of all downloaded files and attachments
• --- Disable bidirectional scan for incoming and outgoing file and program activities
• --- Disable real-time monitoring
• --- Disable intrusion prevention system (IPS)
• --- Disable Defender Antivirus real-time protection module
• --- Disable running scheduled auto-remediation
• --- Disable remediation actions
• --- Enable automatically purging items from quarantine folder
• --- Disable signature verification before scanning
• --- Disable creation of daily system restore points
• --- Minimize retention time for files in scan history
• --- Disable catch-up full scans
• --- Disable catch-up quick scans
• --- Minimize CPU usage during scans
• --- Minimize CPU usage during idle scans
• --- Disable scanning when not idle
• --- Disable Defender archive file scanning
• --- Disable e-mail scanning
• --- Disable script scanning
• --- Disable scanning mapped network drives during full scan
• --- Disable network file scanning
• --- Disable scanning removable drives
• --- Disable scheduled scans
• --- Disable randomizing scheduled task times
• --- Disable scheduled full-scans
• --- Disable catch-up security intelligence (signature) updates
• --- Disable security intelligence (signature) update on startup
• --- Disable automatic checks for security intelligence (signature) updates
• --- Minimize checks for security intelligence (signature) updates
• --- Minimize Defender updates to completed gradual release cycles
• --- Minimize Defender engine updates to completed release cycles
• --- Minimize Defender platform updates to completed release cycles
• --- Minimize Defender definition updates to completed gradual release cycles
• --- Disable Potentially Unwanted Application (PUA) protection
• --- Disable Defender auto-exclusions

Are causing the same following error message:

Failed to set using Set-MpPreference: Provider load failure

FullyQualifiedErrorId: Microsoft.PowerShell.Commands.WriteErrorException

---

Partial output (in Spanish):

sexy_Set-MpPreference.txt

Note: Repeated output message "La operación se completó correctamente." it means: "The operation was completed successfully."

---

How can the bug be recreated?

No exact idea. ¿Maybe having the same Windows 10 OS build I have, and running the Privacy Sexy generated script file that I've attached?.

Operating system

Windows 10

• Version: 10.0.19045.2006
• Architecture: 64-Bit
• Edition: Home Single Language
• OS Language: Spanish of Spain (es-ES)
• User account privileges: Built-in "hidden" Administrator account, with UAC disabled.

Script file

PrivacySexy.zip

Screenshots

Additional information

Tested with Privacy Sexy version 0.13.7

PowerShell $PSVersionTable output:

Name                           Value
----                           -----
PSVersion                      5.1.19041.1682
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.1682
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

[undergroundwires]

I know that it takes time to give context for bug reports, but it's very useful, you'll see why, so thank you for your efforts @ElektroStudios .

On a Windows 10 (19045.4894) system, I initially couldn't reproduce the errors when running the scripts individually. However, when I executed the complete script file you provided, I was able to reproduce the issue.

After investigating further, I identified that the errors are caused by two specific scripts in privacy.sexy 0.13.7 that disable Windows Defender components more comprehensively. Specifically, Disable Defender Antivirus service communication with apps and Disable Defender Antivirus WMI management are disabling the WMI provider that Set-MpPreference depends on, causing subsequent commands to fail.

To verify this, I tested on a clean machine with these two scripts removed, and all remaining scripts executed successfully. This confirms these specific scripts as the source of the issue. The good news is that these Set-MpPreference errors can be safely ignored since the desired settings are still being applied through alternative methods like group policies, so the functionality isn't impaired despite the error messages.

Scripts that causes the issue:

• Disable Defender Antivirus service communication with apps
• Disable Defender Antivirus WMI management

To resolve this, I plan to:

• Improve the error message clarity for these specific failures and convert the error indicators from red to yellow warnings.
• Implement registry modification fallbacks for all Set-MpPreference operations. This will require using Procmon or similar tools to identify the exact registry changes, which will take some additional development time.
• Add a "(breaks Set-MpPreference) warning to title of these scripts.

[ElektroStudios]

You are awesome. When someone posts a report, there is the uncertainty of not getting a response or that it cannot be resolved.

Thank you very much for taking the time to investigate and come up with a future solution.

Of course, please close this thread (and any other of those that I've created recently) if you consider it appropriate.

Cheers!