[DISCUSSION] Disabling Microsoft Defender Antivirus (formerly Windows Defender)

Discussion in 'Windows 11' started by Espionage724, Oct 29, 2021.

  1. Espionage724

    Espionage724 MDL Expert

    Nov 7, 2009
    1,066
    395
    60
    #1 Espionage724, Oct 29, 2021
    Last edited: Nov 6, 2021
    I need to disable Defender's real-time scanning. I'm unaware of any solution to this outside of mangling files and/or permissions, or setting drive/folder exclusions.

    On 10, this was as easy as setting DisableAntiSpyware to 1. On 11, this doesn't work, and disabling real-time scanning is only temporary.

    I don't wish to delete files or to disable permissions on any of Defender's registry or files as I consider that invasive. I don't wish to set folder exclusions to tell real-time scanning to not bother scanning them as that's not really solving the main issue I have with it running (I want it to not be running at all).

    Is there a setting anywhere that will allow me to turn off Defender's real-time scanning on 11 permanently or perhaps another solution that doesn't involve anything invasive or the above?

    ___

    Edit: Solved!

    Ended up using that solution, but disabled the windefend service instead of putting it on-demand. It seems like deleting the service from sc would work too with this method, but it doesn't seem like that's required (seems like windefend stays disabled after several hours and multiple reboots).

    This method doesn't touch any files, and I'm content with this being the least-invasive and most understandable method (not a large PS/batch file nor closed-source binary) for disabling Defender on 11. It just disables the service using elevated permissions.

    Code:
    pushd "%~dp0"
    NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide NET stop windefend
    NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide SC config windefend start=disabled
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f
    sc qc "windefend"
    pause
    
     
  2. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    3,907
    5,512
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Espionage724

    Espionage724 MDL Expert

    Nov 7, 2009
    1,066
    395
    60
  4. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    3,907
    5,512
    120
    Bau toogle
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Espionage724

    Espionage724 MDL Expert

    Nov 7, 2009
    1,066
    395
    60
    Thanks, I'll have to give that another go. I recall trying it out a week ago and saw real-time scanning still coming back, but it's possible I grabbed the wrong script off GitHub or something.
     
  6. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    3,907
    5,512
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,465
    2,424
    60
    #7 freddie-o, Oct 29, 2021
    Last edited: Nov 9, 2021
    You mean setting DisableAntiSpyware to 1

    Even on Windows 10 this registry setting didn't work as of August 2020

    Afaik the least invasive way to "permanently" disable Windows Defender is to stop and disable the WinDefend service. But then you will still need to edit the Registry key of the WinDefend service to prevent it from restarting even after reboots.

    * This has only been tested on Windows 10 since I haven't been using Windows Defender for quite a while now. I permanently disable it offline.

    Toggle Windows Defender Indefinitely

     
  8. IXMas

    IXMas MDL Member

    Mar 7, 2021
    246
    234
    10
    #8 IXMas, Oct 29, 2021
    Last edited: Oct 29, 2021
    ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Espionage724

    Espionage724 MDL Expert

    Nov 7, 2009
    1,066
    395
    60
    Yeah I meant 1 :p

    I'm running 21H2 right now, and I don't notice real-time scanning running at all after setting that.

     
  10. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,465
    2,424
    60
    #10 freddie-o, Oct 29, 2021
    Last edited: Oct 29, 2021
    Really with just that one registry entry and it doesn't get reset after rebooting?
    This is the reason why I stop and disable the the WinDefend service AND delete (changing the value doesn't even work) the "Start" Registry entry to keep the WinDefend service from restarting
     
  11. amajmon

    amajmon MDL Senior Member

    Sep 21, 2012
    284
    123
    10
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,218
    2,273
    240
    Just simply use Defender Control 2.0, after stopping the Windows Defender via Settings/Windows Security. Done that just run Dcontrol and disable Defender: DONE.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. AveYo

    AveYo MDL Expert

    Feb 10, 2009
    1,836
    5,713
    60
    so download a 3rd party exe, probably unblock it in browser, unblock it in defender, run it, pray it works (did not work well at 11 launch)

    :roflmao:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Feniksrising

    Feniksrising MDL Member

    Nov 27, 2016
    184
    136
    10
    Maybe I'm wrong but doesn't Defender automatically deactivate if you replace it with another AV?
     
  15. TairikuOkami

    TairikuOkami MDL Expert

    Mar 15, 2014
    1,197
    1,095
    60
    I use this method, it is crude, but it works. I install 3rd party AV (360 TSE), disable Defender's services, uninstall 3rd party AV and it stays off. No need to play with permissions or alter any files.
     

    Attached Files:

  16. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,575
    15,647
    270
    No no no no guys you don't get it, some people want Defender out coz this crap loves to kill their cracks keygens and other goodies. Same other AV softs.
     
  17. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    3,907
    5,512
    120
    I want it remove completely.
    with other MS Crap :tooth:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. CrimsonCardinal

    CrimsonCardinal MDL Novice

    Jan 12, 2021
    13
    2
    0
    This solution has worked for me on W10 for the last few years so you could give it a try on 11:

    1. Go to Settings -> Apps -> Startup and disable Windows Security notification icon
    2. Turn off tamper protection in Windows Security settings

    3. Open gpedit.msc and go to:

    -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus. Open the Turn off Windows Defender Antivirus policy and set it as Enabled.

    -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Application Guard. Open the Turn on Windows Defender Application Guard in Enterprise Mode policy, set it as Enabled and set it's data value to 0.

    -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender SmartScreen -> Explorer. Open the two policies there and set them both to Disabled.

    -Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender SmartScreen -> Microsoft Edge. Open the first policy there and set it to Disabled.

    4. -Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender Antivirus -> Real Time Protection -disabled

    5. Open regedit and go to:

    -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService. Open the registry entry called Start and set it's data value to 4.

    6. Reboot

    I always did the disableantispyware reg tweak at the end as well but I'm not sure if that actually helped anything.
     
  19. Feniksrising

    Feniksrising MDL Member

    Nov 27, 2016
    184
    136
    10

    I have malwarebytes. Unlike Defender it doesn't do anything I don't want it to do.
    If I tell malwarebytes to ignore a detection it will.
     
  20. CrimsonCardinal

    CrimsonCardinal MDL Novice

    Jan 12, 2021
    13
    2
    0
    Figured I would give an update on this since I tried it on W11 and it didn't work properly. First it wouldn't let me make the registry change in step 5 without trustedinstaller or system priveleges. So I changed the ownership of that part of the registry to make the changes. Then later when I contacted Windows Update my PC froze...rebooted and defender which was supposedly disable had detected the registry key as a virus and deleted it!

    So I just used defender control 2.0.