great job! I will add some useful PS cmdlets that are working in windows 10 Realtime monitoring disable = Set-MpPreference -DisableRealtimeMonitoring $true enable = Set-MpPreference -DisableRealtimeMonitoring $false Antivirus: disable = Set-MpPreference -DisableIOAVProtection $true enable = Set-MpPreference -DisableIOAVProtection $false IPS (firewall/connection issues): disable = Set-MpPreference -DisableIntrusionPreventionSystem $true enable = Set-MpPreference -DisableIntrusionPreventionSystem $false disable scan of removable drives: disable = Set-MpPreference -DisableRemovableDriveScanning $true enable = Set-MpPreference -DisableRemovableDriveScanning $false View current status: Get-MpPreference | select disable* other properties can be also set in same method as above. So in result you can manage windows defender without ingrate with service, that can be always running.
Please do cross check via elevated command prompt : Code: Powershell -Command "Get-MpPreference" if everything found true in disabled & false in enabled results of defender policies . In my case / scenario permanent removal of defender script is already there so that user can install thrid party av on os without any fear that theres anything in control of defender vai any hidden pwsh script there inside os : Permanently disable Defender to Use Third Party AV