Del via


DisableAntiSpyware

Important

The DisableAntiSpyware (and DisableAntivirus) registry keys were intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. These legacy settings are no longer necessary, as Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program on the device. These settings aren't intended for consumer devices, and as a result, Microsoft has removed these registry keys. To improve the security posture of our customers and ensure parity across our offerings (SKUs), setting DisableAntiSpyware or DisableAntivirus (and disabling Microsoft Defender Antivirus) on client/server endpoints is ignored for devices that are onboarded to Microsoft Defender for Endpoint. This change is included in Microsoft Defender antimalware platform version 4.18.2108.4 and later (see KB405623). This setting is protected by tamper protection, which is available in all editions of Windows 10, version 1903 and later. Tamper protection is enabled by default for consumers and new enterprise customers. The impact of removing DisableAntiSpyware is limited to versions of Windows 10 prior to 1903 using Microsoft Defender Antivirus. This change does not impact non-Microsoft antivirus connections to the Windows Security app. Those connections will still work as expected.

DisableAntiSpyware specifies whether to disable Microsoft Defender Antivirus. Microsoft Defender Antivirus is an application that can prevent, remove, and quarantine malicious software, including spyware.

Values

Value Description
false
(DisableAntiSpyware-0)
Turns on Microsoft Defender. This is the default value.
If set by policy/GPO this setting force enables Microsoft Defender Antivirus even if non-Microsoft antivirus software is installed.
true
(DisableAntiSpyware-1)
Turns off Microsoft Defender Antivirus, as well as non-Microsoft antivirus software and apps.
This setting is not applicable to devices running platform version 4.18.2108.4 or newer, and onboarded to any of the following subscriptions:
- Microsoft Defender for Cloud
- Windows Server w/ Microsoft 365 E3 or E5
- Windows Client w/ Microsoft Defender for Endpoint Plan 1 or 2 (or Microsoft 365 E3 or E5)
- Microsoft Defender for Business
- Microsoft Defender for Individuals
- Windows Client

Solution providers, such as ISVs, should use the Windows Security Center APIs provided by Microsoft Virus Initiative (MVI), to register with Windows Security Center.

Valid Configuration Passes

specialize

oobeSystem

offlineServicing

Parent Hierarchy

Security-Malware-Windows-Defender | DisableAntiSpyware

Applies To

  • Windows Server
  • Windows Client