Share via

How do I disable Microsoft Defender Antivirus

Anonymous
2023-09-22T13:36:00+00:00

I know by now, that gpedit does not work.

What I have found is that third party software (antivirus) can disable Microsoft Defender using its API.

I need to disable it without the obligation to run third party software.

Right now, the only to pieces of software that is malware on my PC are:

  • Microsoft Defender Antivirus
  • Windows Update

These two pieces of software is what I need to defend against. Let's see if MS is even able to help.

Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-10-11T10:17:03+00:00

    I know by now, that gpedit does not work.

    What I have found is that third party software (antivirus) can disable Microsoft Defender using its API.

    I need to disable it without the obligation to run third party software.

    Right now, the only to pieces of software that is malware on my PC are:

    • Microsoft Defender Antivirus
    • Windows Update

    These two pieces of software is what I need to defend against. Let's see if MS is even able to help.

    Exactly my thoughts. I feel the same way. Microsoft Defender Antivirus Service is behaving like malware on my system. I have tried everything I know and more to the point of breaking my system (thankfully I had backups before I started) and NOTHING has worked to stop the damn thing from running. I didn't want to get or it permanently, I simply want FULL control over it. I wan't to be able to stop it from running in the background. That is all. It's taking up a constant 40% of memory no matter what.

    All I have found is "mIcRoSoFt DeFeNdEr Is aN iNtEgRaL pArT oF yOuR wInDoWs SyStEm AnD pRoTeCtS yOuR sYsTeM fRoM uNwAnTeD..."
    **I know what it freaking does!**If I want to frolic through the internet and pickup as many trojans and worms as possible, I should be able to do that on my system, with my software, that I paid MS hunderds to thousands of dollars to, over the years. But that's not what I want to do. I simply want to have control over every single aspect of it and it's behaviour.

    What's even more infuriating is that I cannot find anything anywhere about the way MpEng.exe runs now. I don't understand Microsoft/Windows; it's like the more you try to work with it, the more it rises up against you.

    As it stands right now, Windows Defender Antivirus Service (MpEng.exe) is malware.

    30+ people found this answer helpful.
    0 comments
  2. Anonymous
    2023-09-24T08:53:28+00:00

    Hello Chandy,

    thanks for the welcome and thanks for the effort you put into engineering that batch file. That seems like a ton of registry alterations, while I solely want a program on my computer to stop running without my permission (eating up resource, doing background tasks, etc. etc.). Yes, I mean the program that comes with the system: "Windows Defender".

    The solution you proposed is only temporary. This will not suffice, I need full control over what application runs in the background at all times. I am the administrator, after all.

    You are stating, that the PC is then vulnerable to threats. I disagree, I as the administrator keep my computer in a safe environment where I handle all access to it. That is, if Microsoft sees fit to enable me to keep this environment safe. Right now there are two rogue programs running:

    • Windows Defender
    • Windows Update

    Which both I cannot command to stop. Thank you for your proposed solution, but as stated earlier, this method does not produce the intended outcome.

    5 people found this answer helpful.
    0 comments
  3. Anonymous
    2023-09-23T03:25:36+00:00

    Hello, arioom

    Welcome to Microsoft Community.

    It seems that your current needs are disable Microsoft Defender Antivirus. The current Defender exists in two types, one of which is the Windows Defender that comes with the system, and the other is Microsoft Defender.If your current class refers to the latter, you can disable it by uninstalling the application.

    If the latter is your current class, you can disable it by uninstalling the application. However, if it is the Windows Defender that comes with the system, it is usually more troublesome, and the following is a batch process.

    Note: Remember to turn off the "Real-time protection" and "Tampering protection" before disabling it. Otherwise, it will fail.

    Copy the following text to NotePad > Press and hold Ctrl+Shift+S > Choose to change the extension to .bat in the Save As screen > Double-click to run as administrator > Restart your computer after it finishes running.

    @echo off <br><br><br><br> ::Windows Defender <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> ::WindowsSystemTray <br><br><br><br> reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f >NUL 2>nul <br><br><br><br> ::System Guard <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> ::WebThreatDefSvc <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^ find /i "webthreatdefusersvc" ') do ( <br><br><br><br> reg add "%%i" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul <br><br><br><br> ) <br><br><br><br> :: <br><br><br><br> reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f >NUL 2>nul <br><br><br><br> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "6152" /f >NUL 2>nul <br><br><br><br> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f >NUL 2>nul <br><br><br><br> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f >NUL 2>nul <br><br><br><br> reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_DWORD /d "0" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f >NUL 2>nul <br><br><br><br> reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f >NUL 2>nul <br><br><br><br> reg add "HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f >NUL 2>nul <br><br><br><br> goto :EOF

    Disclaimer: Follow these steps to temporarily turn off real-time Microsoft Defender antivirus protection in Windows Security. However, keep in mind that if you do so, your device may be vulnerable to threats. So please turn on it immediately once issue fixed.

    The above commands do not necessarily disable Windows Defender 100%, because a certain part of the registry files need to be accessed with System user privileges that can be modified, and in this case, you need to use a third-party privilege extraction tool as a baseline for executing the commands. You can search for a reputable extractor by yourself.

    Hope it helps! If any update, welcome to share with us.

    Best regards,

    Chandy |Microsoft Community Support Specialist

    5 people found this answer helpful.
    0 comments
  4. Anonymous
    2023-09-24T08:07:16+00:00

    Disclaimer: Follow these steps to temporarily turn off real-time Microsoft Defender antivirus protection in Windows Security. However, keep in mind that if you do so, your device may be vulnerable to threats. So please turn on it immediately once issue fixed.

    The above commands do not necessarily disable Windows Defender 100%, because a certain part of the registry files need to be accessed with System user privileges that can be modified, and in this case, you need to use a third-party privilege extraction tool as a baseline for executing the commands. You can search for a reputable extractor by yourself.

    Is it really true we have to use a third party tool to change anything with the System permission? I understand giving the US->Snowden->Russia backdoors into all PC's is a decent way to get out of the Antitrust issue (but not the trust issue, that was permanently ruined); but it just means now we have to buy MS tools from an Israeli company since they aren't included. I understand how it all worked out, I just think there should be a label on the package of Windows Pro that says "Full functionality is not included - check with Mossad for the REAL CD Key, Windows DOUBLE POWER shell, Sup-R-gpedit, and to get rid of that keylogger we included for free since dos"

    4 people found this answer helpful.
    0 comments
  5. Anonymous
    2023-09-24T11:12:00+00:00

    Hello, arioom

    Yes, as you can see, its probably possible to disable defender to some extent in the form of registry modifications, for the applications you mentioned that are fully controlled in the background. It seems like it may be beyond my ability to do so, as these incidental programs can start automatically at any time, which is really based on the design of the system making it behave that way.

    I will try to keep the thread open for other moderators to post valuable ideas here.

    Have a good day!

    2 people found this answer helpful.
    0 comments