[DISCUSSION] Disabling Microsoft Defender Antivirus (formerly Windows Defender)

Code:

rem Disable systray icon
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f

rem 1 - Antivirus Disabled Notification
reg add "HKLM\Software\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d "1" /f

rem 0 - Security and Maitenance Notification
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f

 

In case I wanted to revert it to defaults what lines are needed? Could you write them please?

 

di you all just disable it and run with no av.?

 

no have any A\V. waste of time.
I use other security products. like COMODO.
I keep HIPS only. the rest. ... don't care.
about `sandbox` ... i consider to keep it too.

on my second laptop,
I don't any Security software
use it only to surf FB .. & other sites
or to write stuff.

 

Defender is not an AV, is a tool to spot patches, keygens and other treats for MS business

 

No more or no less.

 

got it. i rarely make online purchases that would be my main concern.

 

You need to login to view this posts content.

 

How can I disable Windows Defender in Windows unattended installation? So that Windows installed from that setup will have Defender disabled.

Many thanks

 

Easy way: Use WinNTSetup by "JFX", select the "Defender off" tweak.
Or do these settings yourself if you do the apply phase yourself with DISM, etc.

 

you can run script as specialize stage to disable its services

 

This is what I use (I've edited some entries out, I believe these are all that are needed for Defender):

Use this after apply on the "offline" registry, before rebooting to start setup. I'm just posting this here to check if somebody has anything to add

Spoiler: SOFTWARE hive

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=-

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows Defender\Real-Time Protection]
"DisableAntiSpywareRealtimeProtection"=dword:00000001
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"DpaDisabled"=dword:00000001

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000

[HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"ServiceKeepAlive"=dword:00000001

[HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender\Signature Updates]
"ForceUpdateFromMU"=dword:00000001

[HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"=dword:00000001

[HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001

[HKEY_LOCAL_MACHINE\temp\Microsoft\Windows\CurrentVersion\ReserveManager]
"ShippedWithReserves"=dword:00000000

Spoiler: SYSTEM hive

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\MDCoreSvc]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\SecurityHealthService]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WdFilter]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WdNisDrv]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WdNisSvc]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WinDefend]
"Start"=dword:00000004

 

https://forums.mydigitallife.net/th...ows-10-installation.88040/page-4#post-1832138

 

My Windows Host is defenderless, but still receiving such updates occasionally

Is there any way to block/stop receiving this 'Update for Windows Security platform antimalware platform'?
completely via any reg tweak or GP or anything else?

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

Windows Security is not Windows Defender. Disabling it can cause infinitive BSOD.

 

Windows Security is formerly known as Defender, Windows Security is just a modified version of defender

& like I said, Windows Defender/security is removed from my OS & I've been using Windows (10 & 11) like this since Win10 days, & never encountered any BSOD for this reason in the last 5/6 years

 

you need to block it with show hide tool, wu will keep trying to install the default version number when it see's it missing from your pc
and if you've removed all folders and files related to security health/defender, it probably will never install