This policy setting controls whether raw volume write notifications are sent to behavior monitoring. If you enable or do not configure this setting, raw write notifications will be enabled. If you disable this setting, raw write notifications be disabled. Counter Measure: Configure this setting depending on your organization's requirements. Potential Impact: Raw volume write notifications can impact performance. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Real-time Protection\Turn on raw volume write notifications (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRawWriteNotification