Awesome! Appreciate your update :)
To help others with a similar issue, consider rating the thread to help others, and close it. Microsoft Community is always available to assist you with any questions about Microsoft products.
Have a great week.
Windows Defender Policy Reverting After Reboot on Windows 11 VM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
We have created a virtual machine with Windows 11 Pro. In the Local Group Policy Editor, we go to "Turn off Microsoft Defender Antivirus" and set it to "Enabled". We have also turned off Tamper Protection under Virus & Threat Protection. However, after restarting the system, the setting reverts back to "Not Configured". Please provide the correct steps and a better solution.
Windows for home | Windows 11 | Settings
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
9 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 72%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sumit D - IA 169.2K Reputation points Independent Advisor2025-04-14T13:55:08+00:00 The exe is on the releases page - just run the file and it would do the job:
https://github.com/ionuttbara/windows-defender-...
Hope that helps, and rely on us for any further inquiries. All the best.
-
Anonymous
2025-04-14T06:58:56+00:00 I have also try to suspend process MsMp.exe and MpDefenderCoreService.exe runs in Taskmanager Performance monitoring , but its comes error Access denied
-
Anonymous
2025-04-14T06:47:48+00:00 Hi Summit,
When i have uncheck WinDefend error comes Failed to disable "WinDefend"
and also i can not find any Policy Agent in Services.
Also i have checked #2 Solution but did not Worked.
-
Sumit D - IA 169.2K Reputation points Independent Advisor
2025-04-12T13:34:13+00:00 Hi Nishit,
I'm Sumit, here to answer your query at the Microsoft Community.
Apologies for any inconvenience you are experiencing. I am happy to help you today.
There are two solutions to this - the thing is Windows Security thinks some malware disabled it.
#1 taken from https://www.tenforums.com/antivirus-firewalls-s...
Get Autoruns 13.98 from here:https://learn.microsoft.com/en-us/sysinternals/...
Scroll to the bottom of the page for the download link.
Install Autoruns, and then run the program.
Go to Options and UNcheck everything except: "Hide Empty Locations"
In the Filter" box type: Windows Defender
You should get about 5 results. UNcheck them all except: Policy Agent
Close Autoruns and reboot the computer.
Now type Services in the taskbar search box. In the Services window Stop and Disable all the Windows Defender entries.
#2:
https://learn.microsoft.com/en-us/answers/quest...
Using the Registry Editor:
Open the Start Menu, type regedit, and press Enter to open the Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
Look for a DWORD named **DisableAntiSpyware**. If it doesn't exist, create it by right-clicking on the right pane, selecting **New** -> **DWORD (32-bit) Value**, and naming it DisableAntiSpyware. Set its value to **1**.
Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.
Create new DWORDs named **DisableBehaviorMonitoring**, **DisableOnAccessProtection**, and **DisableScanOnRealtimeEnable**, and set all their values to **1**.
Using PowerShell:
As an additional measure, you can use PowerShell to disable Windows Defender Services.
Open PowerShell as an Administrator and run the following commands:
Set-MpPreference -DisableRealtimeMonitoring $true
Please do remember that disabling Windows Security PUTS YOUR COMPUTER at risk.
Hope that helps, and rely on us for any further inquiries. All the best.
Disclaimer:
The link included is a non-Microsoft website that would provide accurate and safe information. Watch out for ads on the site that are frequently classified as PUP (Potentially Unwanted Products). There is no need to buy paid products to fix your computers as they sometimes do more harm than good.