Good luck! Let me know if that solves it on your end!

I notice that my previous post does not describe the post I'm actually replying to, so I'll add it here;

"I had a few systems doing this exact issue. First round I ended up wiping and doing a fresh install. Despite deferring updates into June, it came back on one system. One of the threads mentioned the bug check check indicated an issue with windows defender and the kernel.

So I figured out how to disable windows defender from the recovery console and broke out of the boot loop.

Go to troubleshoot - advanced options - command prompt.

Login with your password

In the command prompt enter regedit and press enter.

Double-click hkey local machine

Click file - load hive

Browse to C( was D in my recovery environment):\windows\system32\config

Open software

Enter a Key Name, I used temp

Open the temp key, then expand policies - Microsoft - windows defender

Create a 32bit dword DisableAntiSpyware. Set it to 1

Right click windows defender in the left and create a new key Real-Time Protection and create these 32 bit dwords set to 1

DisableBehaviorMonitoring

DisableOnAccessProtection

DisableScanOnRealtimeEnable

Scroll back up and highlight the temp key, and then click file unload hive.

Then highlight hkey local machine again, and choose load hive. This time load system from the same location, and set 

Temp\contolset001\services\windefend start to 4

Hopefully someone can clean  these instructions up and add screenshots for the less skilled"

Page 5, user SaltyLager

---

@Smurfkong wrote:

Full time computer tech here;

 

A PC came in with the KMODE issue, and would boot to the lock screen. After about 10 seconds, the BSOD would appear. Without fail, every single time it loaded into Windows. Safe mode or otherwise. We actually tested the hard drive, and it was failing. So, we replaced the drive, clean installation of WIndows 10, and it worked, for a little. The crashes started happening again, and we found this post. Following these steps got me back into Windows, and it worked for a while! However, after two days of running, it BSOD'd again. Upon reboot, it did not go into a loop. It did delete all the registry entries that were made, though.

 

Shortly before this PC crashed again, another PC (exact same one) came in from someone else entirely, same issue. I wasn't able to get into Windows at all, though. So I took these steps, as we had to do it through the recovery environment with CMD as well, and when I completed the last step, it allowed me into the system. I noticed that the last step, changing the "Start" entry under {KeyName}\ControlSet001\Services\WinDefend to 4, it changed itself to 3.

The first PC, though, has a value of 2, and it won't let me change it. It DOES allow me to alter settings in the GUI of Defender, while the system with a value of 3 tells me "Your antivirus is managed by your organization." and it will not let me see, let alone change, any settings. As someone pointed out later (after this post I'm replying to), you need to disable "Tamper Protection" as well. So on the first computer, that deleted the entries in the Registry and crashed even after taking these steps, I turned off Tamper Protection under the Defender GUI, and left everything else the same (because I found that turning off the Real-Time Protection also made the system crash). I re-made all the entries, and when restarting after all the changes were made, the system showed the same message as the second PC that came in. "Your antivirus is managed by your organization."

This long-winded post is to express that what, so far, has worked for me (on two computers now), is to take all these steps described here. If when you boot into Windows, it still lets you SEE the status of Defender, and allows you to make changes to the settings, you need to disable Tamper Protection, and double check all the entries you previously made are still there. If not, re-make them, and restart. The thing you want, as far as I can tell, is for Defender to say "Your antivirus is managed by your organization."

---

Dude. Your long-winded post really had to take up 3 posts?

Three? I only made two posts.

---

@Smurfkong wrote:

Three? I only made two posts.

---

05-20-2020 05:10 PM - edited ‎05-20-2020 05:31 PM
05-20-2020 05:32 PM
05-20-2020 05:34 PM
And now: 05-20-2020 05:39 PM

Oh whoops, it kept flagging it as spam, and removing it, so I was editing it little by little. It appears they just had them on hold for a little and posted them all at once. Brb while I go remove all but one 

What someone needs to do is install a fresh Win 10 without a connection to the internet. Then disable or pause Windows updates, or better yet still keep it disconnected. Then download externally and install Windows Defender definitions and engine manually. Now that would show if it is just Defender engine and/or definitions that's causing the issue.

Nobody picks up the phone at HP. The customer chats keep "Disconnecting"...

I am doing a total resetting of PC. Does anyone know what I should and should not do regarding updates?

No one is completely 100% sure what is causing it, be it Windows Defender and/or HP drivers.  What we've been able to reproduce is that once a specific update (drivers or windows update) has been installed, when you attempt to manually turn off "real-time protection" in Windows Security, it will produce the same BSOD error (KMODE_EXCEPTION_NOT_HANDLED) as the dreaded boot loop down to the same memory address.  The BSOD happens right when you click on the option to turn it off.

Perhaps since you are starting fresh, you can try turning it off with a fresh install and see if it crashes.  If it doesn't turn it back on and apply updates, and then flip it again, repeat and rinse.  Eventually I'm sure it'll crash.

Of course if you just want to keep your computer up and running, you could disable Windows Defender by following:

https://h30434.www3.hp.com/t5/Desktop-Operating-Systems-and-Recovery/KMODE-EXCEPTION-NOT-HANDLED/m-p...

But make sure you use another 3rd party Anti-virus.