• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

How to disable Windows Defender in Windows 10 1909

Status
Not open for further replies.
Except for the fact that known safe sites occasionally end up with drive-by infections.

Anyway, I hope this solution works for you.
CCleaner site got hacked and then put malware into their app, even though it is owned by Avast!, the popular freeware anti-virus (and yes, at that time it was owned by avast not by Piriform). Not only that, hackers tried to do that again in 2019! :eek:
From wikipedia:
((After Piriform was acquired by Avast, in September 2017, CCleaner 5.33 was compromised by the incorporation into the distributed program of the Floxif trojan horse that could install a backdoor, enabling remote access to 2.27 million[33] infected machines.[34][35] Forty of the infected machines received a second-stage payload that appears to have targeted technology companies Samsung, Sony, Asus, Intel, VMWare, O2, Singtel, Gauselmann, Dyn, Chunghwa and Fujitsu.[36][37] On 13 September, Piriform released CCleaner 5.34 and CCleaner Cloud 1.07.3191, without the malicious code.[38]
On October 21, 2019, Avast disclosed a second security breach during which hackers tried again to insert malware inside CCleaner releases. This attempt was unsuccessful.[39]))

reference: https://en.wikipedia.org/wiki/CCleaner#Malware_infection

(Just to say it is a legit news. I was there at that time when the first hack happend and it made the web panic about it)

EDIT: You can use Malwarebytes free edition, it has manual scan. Once you close it, nothing runs out of it. https://www.malwarebytes.com/mwb-download/thankyou/
 
Last edited:
I just googled "disable windows defender"
If you did the gpedit.msc move go for the regedit move :
  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type regedit, and click OK to open the Registry.
  3. Browse the following path:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  4. Right-click on the Windows Defender (folder) key, select New, and click on DWORD (32-bit) Value.
  5. Name the key DisableAntiSpyware and press Enter.
  6. Double-click the newly created key and set the value from 0 to 1.
  7. Click OK.
  8. Right-click on the Windows Defender (folder) key, select New, and click on Key.
  9. Name the key Real-Time Protection and press Enter.
  10. Right-click on the Real-Time Protection (folder) key, select New, and click on DWORD (32-bit) Value.
  11. Name the key DisableBehaviorMonitoring and press Enter.
  12. Double-click the newly created key and set the value from 0 to 1.
  13. Click OK.
  14. Right-click on the Real-Time Protection (folder) key, select New, and click on DWORD (32-bit) Value.
  15. Name the key DisableOnAccessProtection and press Enter.
  16. Double-click the newly created key and set the value from 0 to 1.
  17. Click OK.
  18. Right-click on the Real-Time Protection (folder) key, select New, and click on DWORD (32-bit) Value.
  19. Name the key DisableScanOnRealtimeEnable and press Enter.
  20. Double-click the newly created key and set the value from 0 to 1.
  21. Click OK.
After completing the steps, simply restart your computer to disable the Windows Defender Antivirus permanently.
If you change your mind, you can always revert the changes using the same instructions, but on step No. 3, right-click the DisableAntiSpyware key, and select Delete. Then inside the Windows Defender (folder) key, right-click the Real-Time Protection (folder) key and select Delete to remove key and its content. Finally, restart your device to complete reverting the changes.

You don't need third party programs to do this or else you are just lazy :p
Third party programs tend to let you think they can block telemetry. Ok but they tend to break the store and many things you could find useful by deleting them...
You want a good thing for your paranoia obsessions ? :D Get a firewall (the windows one is just crap) and lose some time asking for ANY connections. It's time consumming the first days but once you got your firewall rules set up without having your system broken you are gold.
Also you don't need to have a 24/7 antivirus if you think you know what you are doing. Once a month download a trial from Kaspersky or Bitdefender (depends if you are more Russia or USA) and scan the whole system to be sure it's fine. A good program I know too is Rogue Killer. Take the free version (no autoupdate, no custom scan) and run it once a month if you feel your computer is in danger :D
Some people want to cut all the microsoft telemetry but take 24/7 antispyware/antivirus which spy them all day long...that's nonsense.
I won't judge if you want to feel safe but the question is, is everything really safe with 24/7 programs scanning all your datas ? I still can't answer this. Up to you.

Edit : about firewalls I use NetLimiter 4 Pro and it's doing the job. Many firewalls can do the job, it's just a bit of work being harassed by connections demands, checking what the services asking for internet are doing and all but it's a good move in my opinion.
 
Last edited:
^^^That won't hold...it will revert. At least it did for me in the past..
 
Except for the fact that known safe sites occasionally end up with drive-by infections.
Adblocking neuters the possibility of a drive-by infection from taking hold unless you whitelist the site. Never know maybe I'm placing to much trust in TPU's ads they display for having the site whitelisted.

I do check periodically check with a offline scanner for the possible infection, and nothing has turned up although it could be evading detection.
 
Last edited:
^^^That won't hold...it will revert. At least it did for me in the past..
Unlike the policies, the regedit is THE powerful stuff, if it reverts because of a major update, just do it again it doesn't bite.
 
Another annoying thing with 1909 is that excluded files/folders can still be flagged as malware when memory resident. Good for most, PITA for hacks...
 
I've had that experience as well. Changing the folder names is much easier and more effective that the process detailed above, and more easily reversed.
If you change the folder's name it implies you took ownership of the folder so...it's not that good if you want to reverse the process xD
We are talking about registry keys you can just delete.
About group policies if they just don't act, you also can force them if they don't "work" :
gpupdate /force
You can disable cortana and a lot of nasty stuff there, you can easily revert the changes.
Clearly if you took everything OFF in the security panel, did the gpedit stuff & the registry edition (it's just adding keys you can remove them) there is no need to break folders' permissions.
 
If you change the folder's name it implies you took ownership of the folder so...it's not that good if you want to reverse the process xD
Not if you do it from outside a running session of Windows. If you do it from a bootable USB drive, no Windows User session is started and folder permissions are ignored.

We are talking about registry keys you can just delete.
Registry keys can be restored during an update, whether automatic or manual.
 
Not if you do it from outside a running session of Windows. If you do it from a bootable USB drive, no Windows User session is started and folder permissions are ignored.
It's a lot more of effort than adding 4 registry keys but well it's up to you after all.
Registry keys can be restored during an update, whether automatic or manual.
And can be added again but I understand some could be pissed to do the process again.
 
I know what files I download (from very trusted sources), what sites I browse, which emails don't trust, and if I'm unsure I use virustotal.com to check some files that I dl from less trusty sources. I assure you, I'm without any AV and didn't have a virus/malware running on the system in many years. I don't need AV, that's why I want it disabled.

No joke I had a bud in Afghanistan during the deployment that said the same thing. Turns out he had a crap ton of infected files.:laugh:
 
I just googled "disable windows defender"
If you did the gpedit.msc move go for the regedit move :
  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type regedit, and click OK to open the Registry.
  3. Browse the following path:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  4. Right-click on the Windows Defender (folder) key, select New, and click on DWORD (32-bit) Value.
  5. Name the key DisableAntiSpyware and press Enter.
  6. Double-click the newly created key and set the value from 0 to 1.
  7. Click OK.
  8. Right-click on the Windows Defender (folder) key, select New, and click on Key.
  9. Name the key Real-Time Protection and press Enter.
  10. Right-click on the Real-Time Protection (folder) key, select New, and click on DWORD (32-bit) Value.
  11. Name the key DisableBehaviorMonitoring and press Enter.
  12. Double-click the newly created key and set the value from 0 to 1.
  13. Click OK.
  14. Right-click on the Real-Time Protection (folder) key, select New, and click on DWORD (32-bit) Value.
  15. Name the key DisableOnAccessProtection and press Enter.
  16. Double-click the newly created key and set the value from 0 to 1.
  17. Click OK.
  18. Right-click on the Real-Time Protection (folder) key, select New, and click on DWORD (32-bit) Value.
  19. Name the key DisableScanOnRealtimeEnable and press Enter.
  20. Double-click the newly created key and set the value from 0 to 1.
  21. Click OK.
After completing the steps, simply restart your computer to disable the Windows Defender Antivirus permanently.
If you change your mind, you can always revert the changes using the same instructions, but on step No. 3, right-click the DisableAntiSpyware key, and select Delete. Then inside the Windows Defender (folder) key, right-click the Real-Time Protection (folder) key and select Delete to remove key and its content. Finally, restart your device to complete reverting the changes.

You don't need third party programs to do this or else you are just lazy :p
Third party programs tend to let you think they can block telemetry. Ok but they tend to break the store and many things you could find useful by deleting them...
You want a good thing for your paranoia obsessions ? :D Get a firewall (the windows one is just crap) and lose some time asking for ANY connections. It's time consumming the first days but once you got your firewall rules set up without having your system broken you are gold.
Also you don't need to have a 24/7 antivirus if you think you know what you are doing. Once a month download a trial from Kaspersky or Bitdefender (depends if you are more Russia or USA) and scan the whole system to be sure it's fine. A good program I know too is Rogue Killer. Take the free version (no autoupdate, no custom scan) and run it once a month if you feel your computer is in danger :D
Some people want to cut all the microsoft telemetry but take 24/7 antispyware/antivirus which spy them all day long...that's nonsense.
I won't judge if you want to feel safe but the question is, is everything really safe with 24/7 programs scanning all your datas ? I still can't answer this. Up to you.

Edit : about firewalls I use NetLimiter 4 Pro and it's doing the job. Many firewalls can do the job, it's just a bit of work being harassed by connections demands, checking what the services asking for internet are doing and all but it's a good move in my opinion.
I use Tinywall.
 
Adblocking neuters the possibility of a drive-by infection from taking hold unless you whitelist the site. Never know maybe I'm placing to much trust in TPU's ads they display for having the site whitelisted.

I do check periodically check with a offline scanner for the possible infection, and nothing has turned up although it could be evading detection.

W1zzard is good about maintaining this site and he doesn't allow just any kind of ad. I don't block ads here and on one gaming site. Everywhere else I use Adblocker to block ads but more and more sites are getting to where you can't access the article you are looking to read unless you turn off Adblocker. There may be a way around this but I don't know what that would be.
 
Windows Defender is more than A/V protection, even when you install another a/v product Windows will still continue to download defender definition updates.
 
Similarly, I assume he opens e-mails just from people he trusts.
Except spammers spoof legitimate email addresses as SOP (standard operating procedure). So opening only from trusted addresses is no guarantee it is safe either. In fact, if one of your "trusted" :rolleyes: contacts or organizations is compromised and your email address is stolen, there's a good chance you will receive malicious content that appears to be from your contact. :(
It's like some anti-vaccine movement.
That's another good way to look at it. I also look at it like the cocky young driver who believes he or she is such a good driver that they could never cause or even get into an accident, and therefore, don't need insurance. :(
Adblocking neuters the possibility of a drive-by infection from taking hold unless you whitelist the site
Except neutering is permanent, can't be bypassed or undone. Adblocking ensures none of that and works only with browsers. They don't do anything with emails, email attachments, downloads, direct connections (via infected USB devices), or hacking via networks.
Windows Defender is more than A/V protection
Exactly.
W1zzard is good about maintaining this site and he doesn't allow just any kind of ad.
But even he can't keep his third eye open 24/7/365. Nor can he protect posters from all malicious links 24/7 other posters post, or ensure sites referenced in posts and articles/reviews remain safe.
 
Has anyone bothered to search LINK
 
Yes guys that site is Safe... I wouldn't link it if it wasn't
 
Yes guys that site is Safe...
Since any site can be hacked, it is difficult to declare it is safe and always will be safe - especially since, just like here at TPU, it is likely the site owners and administrators didn't develop the site software. TPU uses XenForo, for example. All we can really say is the owners/administrators here at TPU make this site "trustworthy".

All I can say about Windows Central is my years of experience with it say, it is trustworthy too.
 
I guess OP doesn't use condoms either.
 
i hope you don't take your computer to other peoples networks, no point in spreading the infections around
 
I haven't had a virus detection on my computer in at least 10 years and I still would never run Windows without an antivirus running. For that, I would have to have complete faith in the ability of the administrators of every web site I visit to keep their servers 100% safe 24/7/366 ('cause of leap year) and that's just never going to happen. And of course there is the aforementioned email thing...
 
I would recommend a personal firewall or similar software but not windows, the very first thing a hacker learns on is windows defender and firewall because it's what he/she has immediate access to. Go with one of these, at least you'll have some protection that's a better choice than windows.

 
I would recommend a personal firewall or similar software but not windows, the very first thing a hacker learns on is windows defender and firewall because it's what he/she has immediate access to. Go with one of these, at least you'll have some protection that's a better choice than windows.


Your aware a firewall is entirely about how you set it up right? Any firewall is Swiss cheese at default
 
Status
Not open for further replies.
Back
Top