How to permanently disable Microsoft Defender Antivirus on Windows 11 and 10? ,

Microsoft Defender is the built-in antivirus program on Windows 10/11 and Windows Server that is enabled and configured by default. In this article, we will see how to completely turn off Microsoft Defender on Windows 11 or how to suspend it.

When you install a third-party antivirus in Windows 10 or 11, the built-in Microsoft Defender antivirus is automatically disabled. In some cases, this does not happen and you may need to manually disable Microsoft Defender.

Turn off Defender Antivirus Protection on Windows 11 and 10

In some cases, you may need to suspend Microsoft Defender Antivirus protection without affecting critical system services. For example, when Microsoft Defender prevents a system program or tool from running or installing. You need to turn off Windows Defender Real-Time Protection to run such an app.

  1. open Adjustment , Privacy & Security , windows security (or run the Quick Access URI command: ms-settings:windowsdefender ) in Windows 11;
  2. open virus and threat protection and click Manage Settings,
  3. run real time protection toggle on Close, Disable real-time protection in Microsoft Defender
  4. Confirm that you want to stop antivirus protection at the UAC prompt.

To start Windows Defender protection again, move the toggle to On. Additionally, Microsoft Defender Real-Time Protection is automatically enabled after you restart the computer.

You can use the following PowerShell command to disable Real-Time Protection (see How to manage Windows Defender settings using PowerShell):

Set-MpPreference -DisableRealtimeMonitoring $true

However, this command does not work as expected in Windows 11 and the latest Windows 10 builds. The matter is that in Windows 10 1903 or later, a new Microsoft Defender feature is enabled by default: Microsoft Defender Tamper Protection,

tamper protection Provides additional protection for core Microsoft Defender security features. In particular, it prevents unauthorized change of antivirus settings, suspension of real-time protection and disabling of cloud protection. If tamper protection is enabled, you will not be able to disable real-time protection in Microsoft Defender using PowerShell.

You can only manually disable tamper protection from the Windows Security GUI. go to virus and threat protection section, scroll down and switch to tamper protection toggle on Close,

Protect Microsoft Defender security settings with Tamper Protection

After disabling Tamper Protection, you will be able to disable Microsoft Defender Real-Time Protection using the PowerShell command shown above.

How to permanently disable Microsoft Defender Antivirus in Windows 11?

In earlier Windows 10 and in Windows Server 2016, you can completely disable Windows Defender using turn off windows defender antivirus Using the GPO option located in the Windows Defender Antivirus section of Computer Configuration -> Administrative Templates -> Windows Components -> Local Group Policy Editor (gpedit.msc) or disable antispyware Registry parameter under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender:

New-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force

Turn off Windows Defender Antivirus using GPO

Additionally, you can disable real-time protection using the GPO option Enable Behavior Monitoring or with registry parameter Disabled Behavior Monitoring = 1.

Starting with Windows 10 1903 release, you cannot use these GPO options or registry parameters to disable Microsoft Defender, because these settings are protected by tamper protection. The methods used earlier to disable Microsoft Defender Antivirus do not work on Windows 11.

To completely disable Windows Defender Antivirus on Windows 11, you need to boot your computer in Safe Mode.

  1. run msconfig,
  2. go to boot tab;
  3. choose secure boot , least In the Boot Options section;
  4. Click OK and restart your computer. msconfig - enable secure boot
  5. Your computer will boot into Safe Mode;
  6. Then open Registry Editor (regedit.exe), go to reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services And disable the startup of the following services:
    • Understanding
    • wdboot
    • WdFilter
    • WdNisDrv
    • WdNisSvc
    • WinDefend

    To do this, change Start parameter value 4. Disable Windfiend Service via Registry

    Change the start values ​​for all the services specified above manually or by using the following PowerShell script:
    Set-ItemProperty -Path ($regpath+"\WinDefend") -Name Start -Value 4
    Set-ItemProperty -Path ($regpath+"\Sense") -Name Start -Value 4
    Set-ItemProperty -Path ($regpath+"\WdFilter") -Name Start -Value 4
    Set-ItemProperty -Path ($regpath+"\WdNisDrv") -Name Start -Value 4
    Set-ItemProperty -Path ($regpath+"\WdNisSvc”) -Name Start -Value 4

    To re-enable Microsoft Defender in Windows, set the following default value of the Start registry entry for Services:

    • Quote – 3
    • WDboot – 0
    • WDFilter – 0
    • WdNisDrv-3
    • WDNISSVC – 3
    • WinDefend – 2
  7. run msconfig and disable safe mode. Then restart your computer and boot as usual;
  8. Disable the following four tasks in Task Scheduler (taskschd.msc): Microsoft -> Windows -> Windows Defender. Disable Windows Defender tasks in Task Scheduler
    Get-ScheduledTask “Windows Defender Cache Maintenance” | Disable-ScheduledTask
    Get-ScheduledTask “Windows Defender Cleanup” | Disable-ScheduledTask
    Get-ScheduledTask “Windows Defender Scheduled Scan” | Disable-ScheduledTask
    Get-ScheduledTask “Windows Defender Verification” | Disable-ScheduledTask

Run the Windows Security app and make sure Microsoft Defender Antivirus is now disabled. You should see the message: threat service has been stopped, Restart it now. Microsoft Defender - Threat Service has stopped.  restart it now

So we have seen how to disable Microsoft Defender Antivirus on Windows 10 and 11.

Leave a Comment