Turn On System Protection Grayed Out

Turn On System Protection Grayed Out

System Protection Windows 7
System Restore
Turn On System Protection Greyed Out Windows 10
You can manage Spybot – Search & Destroy’s services in the Settings module.
To access system services:

You can either access the “Settings” module:Via the Spybot’s Start Center by going to: Start Center > Settings (Tick “Advanced user mode” if you do not see “Settings”) > System Services
Via SDTray (the small Spybot 2 icon beside your systems clock in the taskbar) > Advanced Tools > Settings
Once “Settings” has been opened, switch to the “System Services” tab.
Depending on your operating system you can change the status via a drop down menu (Windows Vista and higher).
System services can be started by clicking “Start” next to any stopped service.
If you want to uninstall a service, just right-click and select “Uninstall”.
By ticking the checkbox “Active after every reboot”, you can change the service’s behavior on system start.
Beside the configuration options in the Settings module, you can also edit the Services via the Windows service management console.
-->Open Malwarebytes, select  'settings'  'protection tab'. Scroll down to 'Scan Options' ensure Scan for Rootkits and Scan within Archives are both on. Go back to 'DashBoard' select the Blue 'Scan Now' tab. When the scan completes deal with any found entries. If the Turn on System Protection option is greyed out or missing on your Windows computer, maybe System Restore is disabled by your system administrator. You may also use the Enable-ComputerRestore. Apr 27, 2020 The error: System Restore greyed out in Windows 10 “I am using Windows 10 64 bit. When I access the System Protection tab, the System Restore is greyed out, then I select C drive and click Configure button, the option Turn on System Protection also greyed out.
This topic explains how to configure System Guard Secure Launch and System Management Mode (SMM) protection to improve the startup security of Windows 10 devices. The information below is presented from a client perspective.
How to enable System Guard Secure LaunchYou can enable System Guard Secure Launch by using any of these options:

Mobile Device ManagementSystem Guard Secure Launch can be configured for Mobile Device Management (MDM) by using DeviceGuard policies in the Policy CSP, specifically DeviceGuard/ConfigureSystemGuardLaunch.
Group PolicySystem Protection Windows 7Click Start > type and then click Edit group policy.
Click Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security > Secure Launch Configuration.
Windows Security CenterClick Start > Settings > Update & Security > Windows Security > Open Windows Security > Device security > Core isolation > Firmware protection.
Registry

Open Registry editor.
Click HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > DeviceGuard > Scenarios.
Right-click Scenarios > New > Key and name the new key SystemGuard.
Right-click SystemGuard > New > DWORD (32-bit) Value and name the new DWORD Enabled.
Double-click Enabled, change the value to 1, and click OK.
How to verify System Guard Secure Launch is configured and runningTo verify that Secure Launch is running, use System Information (MSInfo32). Click Start, search for System Information, and look under Virtualization-based Security Services Running and Virtualization-based Security Services Configured.

You can either access the “Settings” module:Via the Spybot’s Start Center by going to: Start Center > Settings (Tick “Advanced user mode” if you do not see “Settings”) > System Services
Via SDTray (the small Spybot 2 icon beside your systems clock in the taskbar) > Advanced Tools > Settings
Once “Settings” has been opened, switch to the “System Services” tab.
Depending on your operating system you can change the status via a drop down menu (Windows Vista and higher).
System services can be started by clicking “Start” next to any stopped service.
If you want to uninstall a service, just right-click and select “Uninstall”.
By ticking the checkbox “Active after every reboot”, you can change the service’s behavior on system start.
Beside the configuration options in the Settings module, you can also edit the Services via the Windows service management console.
-->Open Malwarebytes, select  'settings'  'protection tab'. Scroll down to 'Scan Options' ensure Scan for Rootkits and Scan within Archives are both on. Go back to 'DashBoard' select the Blue 'Scan Now' tab. When the scan completes deal with any found entries. If the Turn on System Protection option is greyed out or missing on your Windows computer, maybe System Restore is disabled by your system administrator. You may also use the Enable-ComputerRestore. Apr 27, 2020 The error: System Restore greyed out in Windows 10 “I am using Windows 10 64 bit. When I access the System Protection tab, the System Restore is greyed out, then I select C drive and click Configure button, the option Turn on System Protection also greyed out.
This topic explains how to configure System Guard Secure Launch and System Management Mode (SMM) protection to improve the startup security of Windows 10 devices. The information below is presented from a client perspective.
How to enable System Guard Secure LaunchYou can enable System Guard Secure Launch by using any of these options:
Mobile Device ManagementSystem Guard Secure Launch can be configured for Mobile Device Management (MDM) by using DeviceGuard policies in the Policy CSP, specifically DeviceGuard/ConfigureSystemGuardLaunch.
Group PolicySystem Protection Windows 7Click Start > type and then click Edit group policy.
Click Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security > Secure Launch Configuration.
Windows Security CenterClick Start > Settings > Update & Security > Windows Security > Open Windows Security > Device security > Core isolation > Firmware protection.
RegistryOpen Registry editor.
Click HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > DeviceGuard > Scenarios.
Right-click Scenarios > New > Key and name the new key SystemGuard.
Right-click SystemGuard > New > DWORD (32-bit) Value and name the new DWORD Enabled.
Double-click Enabled, change the value to 1, and click OK.
How to verify System Guard Secure Launch is configured and runningTo verify that Secure Launch is running, use System Information (MSInfo32). Click Start, search for System Information, and look under Virtualization-based Security Services Running and Virtualization-based Security Services Configured.
Note
To enable System Guard Secure launch, the platform must meet all the baseline requirements for Device Guard, Credential Guard, and Virtualization Based Security.
System requirements for System GuardSystem RestoreFor Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later siliconDescription
64-bit CPUA 64-bit computer with minimum 4 cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see Hyper-V on Windows Server 2016 or Introduction to Hyper-V on Windows 10. For more info about hypervisor, see Hypervisor Specifications.
Trusted Platform Module (TPM) 2.0Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs are not supported.
Windows DMA ProtectionPlatforms must meet the Windows DMA Protection Specification (all external DMA ports must be off by default until the OS explicitly powers them).
SMM communication buffersAll SMM communication buffers must be implemented in EfiRuntimeServicesData ,EfiRuntimeServicesCode , EfiACPIMemoryNVS, or EfiReservedMemoryType memory types.
SMM Page TablesMust NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory). 
Must NOT contain any mappings to code sections within EfiRuntimeServicesCode. 
Must NOT have execute and write permissions for the same page 
Must allow ONLY that TSEG pages can be marked executable and the memory map must report TSEG EfiReservedMemoryType. 
BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry.
Modern/Connected StandbyPlatforms must support Modern/Connected Standby.
TPM AUX IndexPlatform must set up a AUX index with index, attributes, and policy that exactly corresponds to the AUX index specified in the TXT DG with a data size of exactly 104 bytes (for SHA256 AUX data). (NameAlg = SHA256) 
 Platforms must set up a PS (Platform Supplier) index with:  Exactly the 'TXT PS2' style Attributes on creation as follows: AuthWrite
PolicyDelete
WriteLocked
WriteDefine
AuthRead
WriteDefine
NoDa
Written
PlatformCreate
A policy of exactly PolicyCommandCode(CC = TPM2_CC_UndefineSpaceSpecial) (SHA256 NameAlg and Policy)
 Size of exactly 70 bytes 
 NameAlg = SHA256 
 In addition, it must have been initialized and locked (TPMA_NV_WRITTEN = 1, TPMA_NV_WRITELOCKED = 1) at time of OS launch. 
 PS index data DataRevocationCounters, SINITMinVersion, and PolicyControl must all be 0x00
AUX PolicyThe required AUX policy must be as follows:  A = TPM2_PolicyLocality (Locality 3 & Locality 4) 
B = TPM2_PolicyCommandCode (TPM_CC_NV_UndefineSpecial)
authPolicy = {A} OR {{A} AND {B}}
authPolicy digest = 0xef, 0x9a, 0x26, 0xfc, 0x22, 0xd1, 0xae, 0x8c, 0xec, 0xff, 0x59, 0xe9, 0x48, 0x1a, 0xc1, 0xec, 0x53, 0x3d, 0xbe, 0x22, 0x8b, 0xec, 0x6d, 0x17, 0x93, 0x0f, 0x4c, 0xb2, 0xcc, 0x5b, 0x97, 0x24
TPM NV IndexPlatform firmware must set up a TPM NV index for use by the OS with: Handle: 0x01C101C0 
Attributes: TPMA_NV_POLICYWRITE
TPMA_NV_PPREAD 
TPMA_NV_OWNERREAD
TPMA_NV_AUTHREAD
TPMA_NV_POLICYREAD
TPMA_NV_NO_DA
TPMA_NV_PLATFORMCREATE
TPMA_NV_POLICY_DELETE
A policy of: 
A = TPM2_PolicyAuthorize(MSFT_DRTM_AUTH_BLOB_SigningKey)
B = TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial) 
 authPolicy = {A} OR {{A} AND {B}} 
 Digest value of 0xcb, 0x45, 0xc8, 0x1f, 0xf3, 0x4b, 0xcf, 0x0a, 0xfb, 0x9e, 0x1a, 0x80, 0x29, 0xfa, 0x23, 0x1c,0x87, 0x27, 0x30, 0x3c, 0x09, 0x22, 0xdc, 0xce, 0x68, 0x4b, 0xe3, 0xdb, 0x81, 0x7c, 0x20, 0xe1 
Platform firmwarePlatform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch: Intel® SINIT ACM must be carried in the OEM BIOS
Platforms must ship with a production ACM signed by the correct production Intel® ACM signer for the platform
Platform firmware updateSystem firmware is recommended to be updated via UpdateCapsule in Windows Update.
Turn On System Protection Greyed Out Windows 10For Qualcomm® processors with SD850 or later chipsetsDescription
Monitor Mode CommunicationAll Monitor Mode communication buffers must be implemented in either EfiRuntimeServicesData (recommended), data sections of EfiRuntimeServicesCode as described by the Memory Attributes Table, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types
Monitor Mode Page TablesAll Monitor Mode page tables must: NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory) 
They must NOT have execute and write permissions for the same page 
Platforms must only allow Monitor Mode pages marked as executable 
The memory map must report Monitor Mode as EfiReservedMemoryType
Platforms must provide mechanism to protect the Monitor Mode page tables from modification
Modern/Connected StandbyPlatforms must support Modern/Connected Standby.
Platform firmwarePlatform firmware must carry all code required to perform a launch.
Platform firmware updateSystem firmware is recommended to be updated via UpdateCapsule in Windows Update.

For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon	Description
64-bit CPU	A 64-bit computer with minimum 4 cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see Hyper-V on Windows Server 2016 or Introduction to Hyper-V on Windows 10. For more info about hypervisor, see Hypervisor Specifications.
Trusted Platform Module (TPM) 2.0	Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs are not supported.
Windows DMA Protection	Platforms must meet the Windows DMA Protection Specification (all external DMA ports must be off by default until the OS explicitly powers them).
SMM communication buffers	All SMM communication buffers must be implemented in EfiRuntimeServicesData ,EfiRuntimeServicesCode , EfiACPIMemoryNVS, or EfiReservedMemoryType memory types.
SMM Page Tables	Must NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory). Must NOT contain any mappings to code sections within EfiRuntimeServicesCode. Must NOT have execute and write permissions for the same page Must allow ONLY that TSEG pages can be marked executable and the memory map must report TSEG EfiReservedMemoryType. BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry.
Modern/Connected Standby	Platforms must support Modern/Connected Standby.
TPM AUX Index	Platform must set up a AUX index with index, attributes, and policy that exactly corresponds to the AUX index specified in the TXT DG with a data size of exactly 104 bytes (for SHA256 AUX data). (NameAlg = SHA256) Platforms must set up a PS (Platform Supplier) index with: Exactly the 'TXT PS2' style Attributes on creation as follows: AuthWrite PolicyDelete WriteLocked WriteDefine AuthRead WriteDefine NoDa Written PlatformCreate A policy of exactly PolicyCommandCode(CC = TPM2_CC_UndefineSpaceSpecial) (SHA256 NameAlg and Policy) Size of exactly 70 bytes NameAlg = SHA256 In addition, it must have been initialized and locked (TPMA_NV_WRITTEN = 1, TPMA_NV_WRITELOCKED = 1) at time of OS launch. PS index data DataRevocationCounters, SINITMinVersion, and PolicyControl must all be 0x00
AUX Policy	The required AUX policy must be as follows: A = TPM2_PolicyLocality (Locality 3 & Locality 4) B = TPM2_PolicyCommandCode (TPM_CC_NV_UndefineSpecial) authPolicy = {A} OR {{A} AND {B}} authPolicy digest = 0xef, 0x9a, 0x26, 0xfc, 0x22, 0xd1, 0xae, 0x8c, 0xec, 0xff, 0x59, 0xe9, 0x48, 0x1a, 0xc1, 0xec, 0x53, 0x3d, 0xbe, 0x22, 0x8b, 0xec, 0x6d, 0x17, 0x93, 0x0f, 0x4c, 0xb2, 0xcc, 0x5b, 0x97, 0x24
TPM NV Index	Platform firmware must set up a TPM NV index for use by the OS with: Handle: 0x01C101C0 Attributes: TPMA_NV_POLICYWRITE TPMA_NV_PPREAD TPMA_NV_OWNERREAD TPMA_NV_AUTHREAD TPMA_NV_POLICYREAD TPMA_NV_NO_DA TPMA_NV_PLATFORMCREATE TPMA_NV_POLICY_DELETE A policy of: A = TPM2_PolicyAuthorize(MSFT_DRTM_AUTH_BLOB_SigningKey) B = TPM2_PolicyCommandCode(TPM_CC_NV_UndefineSpaceSpecial) authPolicy = {A} OR {{A} AND {B}} Digest value of 0xcb, 0x45, 0xc8, 0x1f, 0xf3, 0x4b, 0xcf, 0x0a, 0xfb, 0x9e, 0x1a, 0x80, 0x29, 0xfa, 0x23, 0x1c,0x87, 0x27, 0x30, 0x3c, 0x09, 0x22, 0xdc, 0xce, 0x68, 0x4b, 0xe3, 0xdb, 0x81, 0x7c, 0x20, 0xe1
Platform firmware	Platform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch: Intel® SINIT ACM must be carried in the OEM BIOS Platforms must ship with a production ACM signed by the correct production Intel® ACM signer for the platform
Platform firmware update	System firmware is recommended to be updated via UpdateCapsule in Windows Update.

For Qualcomm® processors with SD850 or later chipsets	Description
Monitor Mode Communication	All Monitor Mode communication buffers must be implemented in either EfiRuntimeServicesData (recommended), data sections of EfiRuntimeServicesCode as described by the Memory Attributes Table, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types
Monitor Mode Page Tables	All Monitor Mode page tables must: NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory) They must NOT have execute and write permissions for the same page Platforms must only allow Monitor Mode pages marked as executable The memory map must report Monitor Mode as EfiReservedMemoryType Platforms must provide mechanism to protect the Monitor Mode page tables from modification
Modern/Connected Standby	Platforms must support Modern/Connected Standby.
Platform firmware	Platform firmware must carry all code required to perform a launch.
Platform firmware update	System firmware is recommended to be updated via UpdateCapsule in Windows Update.