because.. deafender slows the sh*t out of the system and wears out my expensive cpu.. it has to be mitigated! thx @TairikuOkami !!
It looks like this is the only one needed reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f which is set by the policy Turn off Windows Defender Antivirus.
I have another kind of workaround: Oddly enough, for me on a clean Windows 10 1903 x64 install, installing KB4052623 (Update for Windows Defender antimalware platform) disables tamper protection, and it is not turned back on even after rebooting. It stays off until manually turned on again. I can reproduce it on my 3 computers all with different hardware.