I need to disable Defender's real-time scanning. I'm unaware of any solution to this outside of mangling files and/or permissions, or setting drive/folder exclusions. On 10, this was as easy as setting DisableAntiSpyware to 1. On 11, this doesn't work, and disabling real-time scanning is only temporary. I don't wish to delete files or to disable permissions on any of Defender's registry or files as I consider that invasive. I don't wish to set folder exclusions to tell real-time scanning to not bother scanning them as that's not really solving the main issue I have with it running (I want it to not be running at all). Is there a setting anywhere that will allow me to turn off Defender's real-time scanning on 11 permanently or perhaps another solution that doesn't involve anything invasive or the above? ___ Edit: Solved! Ended up using that solution, but disabled the windefend service instead of putting it on-demand. It seems like deleting the service from sc would work too with this method, but it doesn't seem like that's required (seems like windefend stays disabled after several hours and multiple reboots). This method doesn't touch any files, and I'm content with this being the least-invasive and most understandable method (not a large PS/batch file nor closed-source binary) for disabling Defender on 11. It just disables the service using elevated permissions. Code: pushd "%~dp0" NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide NET stop windefend NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide SC config windefend start=disabled reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f sc qc "windefend" pause
Which one of those solutions are non-invasive? All the removals on that post as far as I can tell either irreversibly remove the service for it, or mess with files.
Thanks, I'll have to give that another go. I recall trying it out a week ago and saw real-time scanning still coming back, but it's possible I grabbed the wrong script off GitHub or something.
You mean setting DisableAntiSpyware to 1 Even on Windows 10 this registry setting didn't work as of August 2020 Afaik the least invasive way to "permanently" disable Windows Defender is to stop and disable the WinDefend service. But then you will still need to edit the Registry key of the WinDefend service to prevent it from restarting even after reboots. * This has only been tested on Windows 10 since I haven't been using Windows Defender for quite a while now. I permanently disable it offline. Toggle Windows Defender Indefinitely
Yeah I meant 1 I'm running 21H2 right now, and I don't notice real-time scanning running at all after setting that.
Really with just that one registry entry and it doesn't get reset after rebooting? This is the reason why I stop and disable the the WinDefend service AND delete (changing the value doesn't even work) the "Start" Registry entry to keep the WinDefend service from restarting
Just simply use Defender Control 2.0, after stopping the Windows Defender via Settings/Windows Security. Done that just run Dcontrol and disable Defender: DONE.
so download a 3rd party exe, probably unblock it in browser, unblock it in defender, run it, pray it works (did not work well at 11 launch) Spoiler: how is that simple vs copy paste this in a powershell console?
I use this method, it is crude, but it works. I install 3rd party AV (360 TSE), disable Defender's services, uninstall 3rd party AV and it stays off. No need to play with permissions or alter any files.
No no no no guys you don't get it, some people want Defender out coz this crap loves to kill their cracks keygens and other goodies. Same other AV softs.
This solution has worked for me on W10 for the last few years so you could give it a try on 11: 1. Go to Settings -> Apps -> Startup and disable Windows Security notification icon 2. Turn off tamper protection in Windows Security settings 3. Open gpedit.msc and go to: -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus. Open the Turn off Windows Defender Antivirus policy and set it as Enabled. -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Application Guard. Open the Turn on Windows Defender Application Guard in Enterprise Mode policy, set it as Enabled and set it's data value to 0. -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender SmartScreen -> Explorer. Open the two policies there and set them both to Disabled. -Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender SmartScreen -> Microsoft Edge. Open the first policy there and set it to Disabled. 4. -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus -> Real Time Protection -disabled 5. Open regedit and go to: -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService. Open the registry entry called Start and set it's data value to 4. 6. Reboot I always did the disableantispyware reg tweak at the end as well but I'm not sure if that actually helped anything.
I have malwarebytes. Unlike Defender it doesn't do anything I don't want it to do. If I tell malwarebytes to ignore a detection it will.
Figured I would give an update on this since I tried it on W11 and it didn't work properly. First it wouldn't let me make the registry change in step 5 without trustedinstaller or system priveleges. So I changed the ownership of that part of the registry to make the changes. Then later when I contacted Windows Update my PC froze...rebooted and defender which was supposedly disable had detected the registry key as a virus and deleted it! So I just used defender control 2.0.