Don't forget disable tamper protection before gpedit. Then a working alternative is GPO "Turning off Real time protection".
1) Disable Memory Integrity from Device Security 2) Toggle all switches off for everything including tamper protection 3) reboot into safe mode 4) double click on the attached reg file to disable Windows Defender Services 5) apply the Group Policy Rules to turn off Windows defender and "allow antimalware service to remain running always" = disabled
Does anyone know what the name of the file that fixes system files AND RESTORE DEFENDER is? This file needs to be removed from the system!!!
AV registers in windows security center (SecurityHealthHost.exe) based on the file name (+digital signature) and Defender is like, I will take a break, but I will keep looking over your shoulder, just in case.
I can't delete registry anchors when I go into the registry via Live СD. How can I delete them? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
Has anyone tried making some minor background exe to fake the presence of a 3rd-party AV so Defender disables itself? I think I finally had real-time scanning disabled on 11 24H2 after disabling a bunch of stuff in group policy, but I'll try narrowing it down next time I'm bored of 10
This option is no longer available since July 2024 or so. Defender merely disables realtime, but it is still running in order to kick in, if 3rd party AV gets disabled by malware.
I would like to reinstall Windows and do an upgrade to version 11 Enterprise LTSC 24H2 on my PC. I recently read about Windows Defender being a non-disable feature in this version. Usually I'm using option "Turn off Microsoft Defender Antivirus" => "Enable" in GPO for Windows 10 LTSC 21H2 and it works great. Can you tell me if I disable tamper protection will this group policy option work in Windows 11 Enterprise LTSC 24H2 or will it reset every time the PC is rebooted?
GPO "Turn off Microsoft Defender Antivirus" not work anymore , since 24H2. GPO "Turning off Real time protection" works even after reboot.
Okay, thank you... Can you tell me which group policy is responsible for Windows Defender updates via Windows Update? I would like to disable it too as I use another antivirus and these updates are useless for me...
third party antivirus automatically disable windows defender which disable windows defender updates from WU too.
I have finally gotten Windows 11 24H2 IoT Enterprise LTSC (26100.1742) running in a VMware virtual machine (in unsupported configuration Legacy / MBR / No Secure Boot) and decide to do some tests regarding how to disable Microsoft Defender AntiVirus, which I consider very irritating. I started the virtual machine, disabled Tamper Protection in Windows Security, then went to the Group Policy Editor (gpedit.msc) and set the following : (1) Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender AntiVirus -> Real-time Protection -> Turn off real-time protection set to Enabled Restarted the virtual machine and Real-time protection in Windows Security was disabled with a message "This setting is managed by your administrator." : Then I went back to the Group Policy Editor and set the following : (2) Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender AntiVirus -> Turn Off Microsoft Defender AntiVirus set to Enabled (3) Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Defender AntiVirus -> Allow antimalware service to remain running always set to Disabled Restarted the virtual machine and Virus and Threat Protection was completely disabled with a message "Your Virus & threat protection is managed by your organization" : I am delighted to find that these Group Policy settings still work in Windows 11 24H2 IoT LTSC and Microsoft Defender AntiVirus has been successfully disabled. Update : It seems that the Group Policy "Turn Off Microsoft Defender AntiVirus" was reverted to "Not Configured" after some time but real-time protection remained disabled. Acceptable to me at this time. Will do more tests later.