this was how I "embraced" Defender and stopped fighting it... added all my "important" folder locations, including network shares to the exclusions .. simple solution and has worked so far.
Windows defender isnt that bad infact the German independent research institute in 2019 ranked it as one of the best antiviruses. It was s**t at first but I believe it has improved
Proof it's a s**t Install latest insiders build Run my script Poof it's removed forever you will not find his Folders Tried yesterday
It seems relatively recently this no longer works. The WinDefend service stays enabled and on even when going through NSudo.
DELL CMD Spoiler: REMOVING WINDOWS DEFENDER reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f install_wim_tweak /o /c Windows-Defender /r reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d 0 /f reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f Reboot Log in from the CD boot Delete the folders completely C:\Program Files\Windows Defender C:\Program Files\Windows Defender Advanced Threat Protection C:\ProgramData\Microsoft\Windows Defender C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection Rejoice.
It seems disabling the service through registry through NSudo works, but I saw the service switch to Manual on next boot. So a solution to that could be to have a batch file set the registry setting each boot. I haven't tested long enough to be sure this keeps Defender off though. Code: NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f Full batch file: Code: pushd "%~dp0" NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide powershell -command "& { Stop-Service -Name 'windefend' }" NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t "REG_DWORD" /d "1" /f NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f sc qc "WinDefend" pause
winaerotweaker has the option to disable defender since the stone age. It's a one click operation with older win 10 builds (or win8.x), it's a 3/4 clicks operation with newer win10 builds and win 11. It never failed to me (although I prefer to remove the packages using dism).
Did you install KB5015882? It's a CU Preview. What exactly does it do? I need it to be non-invasive (no deleting of anything), and ideally I'd like to be able to manually undo it or parts of it later if-needed.
I'm the kind of (nowadays rare) users who actually read the question before providing an answer, and I would prefer if my answer would be read as well before asking again. In short it does exactly what you asked. (+ a bunch of other indispensable tweaks, obviously all optional)
Is there a permanent way to disable Windows 11 Defender, not using group policy? I try to kill the services by running services.msc through PowerRun but it won't change to disabled. I already have the registry fix that turns off real time scanning, but I want to completely disable it. TIA
Sorry for you It's necessary system service And if you still do this, Wu could fail Install some updates
I don't think it can be removed live. Get the exact name of the defender component packages, then boot up a WinPE USB and permenently remove them using DISM.
use something like Hiren’s BootCD to boot up your PC Then browse to both Program files folders and delete the defender folders Then go into programdata\microsoft and delete the defender folders in there Be sure to empty the recycle bin and reboot. Windows update will occasionally repair these deletions so have look after running windows update
can be removed via boot PE then use msmg toolkit helper on installed image at c:\. anything can be done on live scenario too but need more brain to execute how & from where | why.