I like this option the most and will give it a try later today. I wonder if you could just outright delete the service though instead of disabling it?
Ended up doing this with NSudo, and disabling the service instead of having it demand. Real-time scanning hasn't re-enabled itself over two hours and multiple reboots, so it seems like it's really disabled. I think I can deal with this
Using RegEdit to disable Windows Defender in Windows 11 An alternative way to disable Windows Defender in Windows 10 or 11 is to use the registry. For this, you will also need to boot into safe mode. Follow step 1 from the previous chapter to boot into safe mode. Once booted in Safe Mode: (Win key + R,,select Boot tab and then select safe boot) Press Windows key + R Type regedit <enter> to open the registry Use the "Find" feature and locate each folder below and click to change "start" from "3" to "4" Sense WdBoot WdFilter WdNisDrv WdNisSvc WinDefend Exit out of Safe Mode Revert the change If you no longer want to disable Windows Defender you can easily revert the change. You will need to restart into safe mode again and give System and Trusted Installer full access permission on the Platform folder. When you used the registry method, then restore the values to: HKLM\SYSTEM\CurrentControlSet\Services\Sense\Start 3 HKLM\SYSTEM\CurrentControlSet\Services\WdBoot\Start 0 HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Start 0 HKLM\SYSTEM\CurrentControlSet\Services\WdNisDrv\Start 3 HKLM\SYSTEM\CurrentControlSet\Services\WdNisSvc\Start 3 HKLM\SYSTEM\CurrentControlSet\Services\WinDefend\Start 2
there is automatic tools that do this job why waste my time and do it manually Remove Defender v4.0 Defender Switch W11 and Defender Remover Bat Script to remove Defender Packages Using same St1ckys Method
With Defender being so backed into the core os I found that automating the adding of all my files/folder etc.. to the exclusions list gave better outcome overall and a tad less crippled os! A bit aof a resource hog though! Any Realtime Scanner is likely to be a resource hog imho. But still good to know. Thanks!
3 years latter, it finally happened! Tamper protection is now more than just a buzz word - it actually works, Defender gained resilience that all other AVs have been featuring for years, if not decades! Praise the Lord of Incompetent Developers! We had to wait for so long until a f**ktard at microsoft hq got ransomware'd via a silly script to notice the elephant-sized holes in their "security" offering.
Defender can still be too easily disabled, when 3rd party AV is installed, I guess it is only a matter of time before hackers create a script pretending to be running 3rd party AV. MS should demand user's input to allow AV change.
You can't actually do that. To be eligible as a compatible AV you need to obtain a special certificate from microsoft that will allow your elam (early-launch-anti-malware) kernel driver and your binaries to run as PsProtectedSignerAntimalware-Light. A more obscure way so far has been to hijack process explorer's signed driver to kill handles of protected processes and hence the process itself. But it looks that it's being addressed in the last few days as well. This is also where SecureBoot comes into play, as the Tamper Protection status is saved in the uefi firmware environment. And from what I poked at, Microsoft is toying with getting the TPM device into play as well. So we can say that most methods to disable defender without reboot no longer work. That's great news honestly, it finally looks like a reliable AV at least when it comes to protecting itself Except you can still completely uninstall it on reboot Microsoft and their half-efforts when it comes to everything..
Usual Microsoft way of doing things. It's almost like ignoring important issues has become a culture at Microsoft compensating productivity with a product that looks more like Android.