Windows Defender - The worst AV ever?

Discussion in 'Application Software' started by Windows_Addict, Feb 7, 2020.

  1. 0xExynos

    0xExynos MDL Junior Member

    Aug 5, 2021
    50
    4
    0
    Why Microsoft Defender re-enables itself after disabling it in the Group policy? All services are functional after reboot. Any way to disable it completely?
    Using latest build 22623.1250.
     
  2. TairikuOkami

    TairikuOkami MDL Expert

    Mar 15, 2014
    1,171
    1,052
    60
    It is not a bug, it is a feature to keep you safe. Disable the services, but you might need to install 3rd party AV for that, Defender can not be easily fooled these days.
     

    Attached Files:

  3. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    829
    694
    30
    #283 ch100, Feb 7, 2023
    Last edited: Feb 7, 2023
    First disable Tamper protection from the GUI.
    Disable the relevant services in Safe Mode using the registry.
    The exact keys are documented elsewhere on this forum and it works.

    Here is the minimum required in Safe Mode - but first disable Tamper protection.
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000004
    "TamperProtectionSource"=dword:00000002
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense]
    "Start"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot]
    "Start"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter]
    "Start"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
    "Start"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
    "Start"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
    "Start"=dword:00000004
    
    
     
  4. vladnil

    vladnil MDL Senior Member

    Jan 19, 2019
    462
    316
    10
    Very easy to turn off
    Simply with life sd, the folders of the defender on the computer are deleted
    Then in the search we enter "defender" and delete everything !!!
    Everything works for us after these manipulations.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Super Spartan

    Super Spartan MDL Expert

    May 30, 2014
    1,709
    990
    60
    Even in Safe mode I get this message when trying to import that reg file:

    2023-02-08_190020.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Errepublika

    Errepublika MDL Senior Member

    Aug 18, 2021
    334
    244
    10
    #286 Errepublika, Feb 8, 2023
    Last edited: Feb 8, 2023
    1. Edit Group Policy
    2. Administrative templates
    3. Windows Components
    - Microsoft Defender Antivirus
    * Disable Microsoft Defender Antivirus you have to put Enabled
    - Protection in real time
    * Disable Protection in real time you have to put Enabled
    And then I use a program to disable Defender Control Defender Switch 2.01

    upload_2023-2-8_18-28-17.png
     
  7. EaglePC

    EaglePC MDL Expert

    Feb 13, 2012
    1,142
    470
    60
    maybe on a slow PC i see disable defender. On a fast PC there is no difference in performance anyways I run ESET
     
  8. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    829
    694
    30
    Remove the lines about the Tamper Protection from the registry file and try again.
    Tamper protection should be disabled in GUI before switching to Safe Mode.
     
  9. Dark Dinosaur

    Dark Dinosaur X Æ A-12

    Feb 2, 2011
    3,702
    5,104
    120
    Microsoft has to harden any trying change security service configuration …
    which is good, any stupid idiot with a script could kill Defender

    now I can say, its a reliable A\V, not that I care too much about A\V
    but those who are still using it, at least MS should do anything in their power -
    to not allow close this services easily.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. 0xExynos

    0xExynos MDL Junior Member

    Aug 5, 2021
    50
    4
    0
    Also all dwords from the services should be with value 00000004 to disable them.
     
  11. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    829
    694
    30
    I prefer to set them on Manual, except for the main service which has to be Disabled. If you wish, set the value to 4.
    In fact some of the services there are already set on Manual by default.
     
  12. W_fantasma

    W_fantasma MDL Senior Member

    Apr 10, 2012
    282
    234
    10
    And there are lots of them...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. stemic28

    stemic28 MDL Senior Member

    Aug 23, 2009
    285
    298
    10
    On the subject of Windows Defender, I simply exclude all drives so that nothing is scanned.
     
  14. ohenry

    ohenry MDL Senior Member

    Aug 10, 2009
    421
    250
    10
    I totally fail to get why so many people have hate for Microsoft Defender. I cannot imagine running Windows without SOME kind of protection. And if you install any other antivirus of your choice, Defender is automatically turned off. So what's the big deal? I just don't get it, makes absolutely no sense to me.
     
  15. ch100

    ch100 MDL Addicted

    Sep 11, 2016
    829
    694
    30
    Some people have old and possible unsupported hardware and run Windows 11 (or Windows 10) and want to keep it this way.
    Other people perform testing in virtual machines sharing limited resources and as such want to optimise the performance of the running VMs.
    Others only want to understand more about the implementation of various Windows components and as such try to find a way to disable Defender among other things.
    I am in complete agreement with you that for most people it is useful if not essential to have a running Antivirus, but there are other situations as I mentioned above.
     
  16. Trenchboygun

    Trenchboygun MDL Member

    Apr 8, 2013
    157
    90
    10
    using 3rd security
    windows defender is garbage
     
  17. stemic28

    stemic28 MDL Senior Member

    Aug 23, 2009
    285
    298
    10
    False alarm is one of the reasons.
     
  18. scaramonga

    scaramonga MDL Senior Member

    Oct 27, 2012
    426
    261
    10
  19. Flipp3r

    Flipp3r MDL Expert

    Feb 11, 2009
    1,962
    904
    60
    Don't hate it but it's really annoying if you disable it & it just turns itself back on.
    This is especially true while I'm building a new WinPE for example and it removes useful tools during the build. Tools like Produkey...
    Also do I need it running using resources and scanning files while I'm integrating updates updating wim/esd's? Nope!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...