How to disable Windows Defender in Windows 10 1909

[daerragh]

Hi. I'm using Win 10 Pro version, so I opened gpedit.msc, navigated to "Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus" to enable 2 policies: "Turn off Windows Defender Antivirus" and "Disable Realtime Protection".

In previous versions of Win 10 (before 1903) this completely settled the problem. However, in the latest Win 10 1909, the Defender process MsMpEng.exe is still running and periodically I get Windows notifications that "Windows Defender has performed a scan and found no threats". So, in all, these both policies in gpedit.msc have managed to disable the realtime protection, but Win Def still scans the PC periodically.

I'd like to disable Win Def so that even its process won't be running. Can it be done in gpedit.msc?
I also can't disable Win Def in services.msc (WinDefend service) because its configuration window is all greyed out. Can it be disabled in Sc.exe (the command line tool to manage services)? If so, how?

 

[Assimilator]

Why would you even disable it?

 

[Bill_Bright]

Because it is ill-advised to run without an antimalware solution installed, I don't believe it is possible to disable Windows Defender without installing a 3rd party security solution. Plus, I note now it is called Microsoft Defender because it is much more than just a malware scanner for Windows, the OS. For example, the built in firewall is part of Microsoft Defender.

If you don't want Microsoft Defender, the antimalware scanner, running full time, simply install a 3rd party scanner. Microsoft Defender's scanner will happily step out of the way.

That said, I agree with Assimilator and would wonder why. I use Defender, with no problems or regrets.

 

[DeathtoGnomes]

Why would you even disable it?

Good question.

@ OP, If the settings dont work out for ya have a look thru the Task Scheduler.

 

[daerragh]

I know what files I download (from very trusted sources), what sites I browse, which emails don't trust, and if I'm unsure I use virustotal.com to check some files that I dl from less trusty sources. I assure you, I'm without any AV and didn't have a virus/malware running on the system in many years. I don't need AV, that's why I want it disabled.

 

[thesmokingman]

Okay...

 

[64K]

I like Defender. I wouldn't think of disabling it. Some people say that you can use your rig online with no Antivirus program as long as you are careful but my experience has been different. I was on a reputable gaming site many years ago and had AVG Free running and clicked on a seemingly harmless flash video and picked up a virus. An AVG scan wouldn't remove it and for the first and only time even MalwareBytes couldn't remove it. I used MSconfig to stop it from running on startup but it just kept coming back. There was a tutorial online how to remove it but that didn't work either. I had to wipe the drive and reload the OS. I switched the antivirus program to another.

There are nasties out there even on reputable sites.

 

[lexluthermiester]

I don't need AV, that's why I want it disabled.

Ok, since you've been properly warned and want to anyway, here's how;
You need to use either a WinPE boot drive or a Linux live disc with NTFS support(most have such).
Open the file manager and rename all of the following folders to encase them in brackets.
For example; C:\Program Files\Windows Defender -> C:\Program Files\[Windows Defender]

The list of folders to rename is as a follows;
C:\Program Files\Windows Defender
C:\Program Files (x86)\Windows Defender
C:\ProgramData\Microsoft\Windows Defender

This will disable Windows Defender in a reversible way. This can be done with any program or app that is undesired which Windows will not let you remove.

You can also use a utility call WinAeroTweaker which has a function to disable Windows Defender, but this can easily be re-enabled by the OS. Renaming the folders can not be reversed by the OS very easily.

 

[biffzinker]

There's a anti-tamper setting turned on that prevents Windows Defender from being disabled, and other settings tampered with by a rouge app.

If you toggle that setting off then you can completely disable Windows Defender with the existing Group Policy change.

Edit:
Go to Settings, scroll down, click Update & Security
Click Windows Security in the left panel then Click Virus & Thread Protection
Scroll down to virus & threat protection settings, and click manage settings
Scroll down to Tamper Protection, and toggle off.

 

[daerragh]

There's a anti-tamper setting turned on that prevents Windows Defender from being disabled, and other settings tampered with by a rouge app.

If you toggle that setting off then you can completely disable Windows Defender with the existing Group Policy change.

How do I do this?

 

[lexluthermiester]

How do I do this?

It will not work if Windows, or an update, turns it back on and reenables WD.

The only way to keep it disabled is to change the folder names.

I have been and currently do this myself. Granted I use a third party antimalware suite because I have more trust in them and their apps don't make irritating and intrusive changes without asking first. I delete the folders listed above and a few more because I have no intention of ever allowing WD and it's associated services to run on my personal systems. Unlike others, I do not trust Microsoft and do not run Windows in a default configuration.

 

[biffzinker]

It will not work if Windows, or an update, turns it back on and reenables WD.

It's stayed off for me even after updates have been applied.

How do I do this?

I added a edit to my reply above yours that should point you in the right direction.

 

[notb]

I know what files I download (from very trusted sources), what sites I browse, which emails don't trust, and if I'm unsure I use virustotal.com to check some files that I dl from less trusty sources. I assure you, I'm without any AV and didn't have a virus/malware running on the system in many years. I don't need AV, that's why I want it disabled.

Have you considered a possibility that you didn't have a virus for years exactly because a security suit is built into your system? Into most systems "around" you?

You know sites you browse. Lets challenge that. What do you know about virustotal.com? Do you know who is behind this site?

 

[lexluthermiester]

It's stayed off for me even after updates have been applied.

Weird. I've watched it get re-enabled, depending on the update applied.

 

[daerragh]

There's a anti-tamper setting turned on that prevents Windows Defender from being disabled, and other settings tampered with by a rouge app.

If you toggle that setting off then you can completely disable Windows Defender with the existing Group Policy change.

Edit:
Go to Settings, scroll down, click Update & Security
Click Windows Security in the left panel then Click Virus & Thread Protection
Scroll down to virus & threat protection settings, and click manage settings
Scroll down to Tamper Protection, and toggle off.

View attachment 141477

Thanks a lot! Disabling the tamper protection and enabling the two policies in gpedit.msc from the first post did the trick and now even MsMPEng.exe (the main defender process) is not running = approximately 100MB RAM saved and a bit quicker boot time . Good thing is the Windows Firewall is still running as intended.

 

[lexluthermiester]

Thanks a lot! Disabling the tamper protection and enabling the two policies in gpedit.msc from the first post did the trick and now even MsMPEng.exe (the main defender process) is not running = approximately 100MB RAM saved and a bit quicker boot time . Good thing is the Windows Firewall is still running as intended.

Glad you have a solution you're happy with. You will have to watch it though as future updates are applied. If it does become a problem, the folder renaming method will work in a way only you can reverse.

 

[daerragh]

You will have to watch it though as future updates are applied.

I'll keep an eye on them.

TPU forums are the best. You are always the quickest to respond.

 

[matthewmatics]

This worked great for me. I deleted them. I was just messing around seeing what I could get away with.....I had the OS stripped pretty dang good and no issues!

How to delete a service in Windows - gHacks Tech News

Remove a Service in Windows 11/10/7 and lower using 3 easy ways: cmd command, Windows registry edit, free Autoruns software. Click here to learn how.

www.ghacks.net

Oddly, I didn't mess with defender though. I saw no reason but I will probably kill it too just to see...

 

[oobymach]

To disable defender use shutup 10, get it here.

O&O ShutUp10++ – Free antispy tool for Windows 10 and 11

With the freeware O&O ShutUp10++, unwanted Windows 10 and 11 features can be disabled and the transfer of sensitive personal data onto Microsoft prevented.

www.oo-software.com

Apply all settings, restart pc.

To stop security center run regedit and edit the following 2 locations

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc

Change the Start dword value to 4 on both to disable security center.

To get rid of the security center warning message do the following

1 Tap on the Windows-key, type gpedit.msc, and hit the Enter-key. This starts the Group Policy Editor on the system.
2 Use the sidebar to go to User Configuration > Administrative Templates > Start Menu and Taskbar.
3 Locate Remove Notifications and Action Center there. If the list is not sorted alphabetically, click on the "setting" column title to do so. This makes it easier to find the policy.
4 Double-click on the policy.
5 Set it to enabled.
6 Restart the PC

 

[lexluthermiester]

Use shutup 10, get it here.

O&O ShutUp10++ – Free antispy tool for Windows 10 and 11

With the freeware O&O ShutUp10++, unwanted Windows 10 and 11 features can be disabled and the transfer of sensitive personal data onto Microsoft prevented.

www.oo-software.com

Enable everything, restart pc.

That's a good one too!

 

[matthewmatics]

Shut up 10 doesn't hold at least one setting...I can't remember which one though. A update may have fixed it?

 

[Bill_Bright]

Yeah, I used to think I was smarter than all the bad guys and that I could never ever, not once slip up and accidentally click on something I shouldn't, or that the most trusted sites could never be hacked.

Good luck.

 

[matthewmatics]

I look forward to that ^^ .LOL. It keeps us current.

 

[rtwjunkie]

I know what files I download (from very trusted sources), what sites I browse, which emails don't trust, and if I'm unsure I use virustotal.com to check some files that I dl from less trusty sources. I assure you, I'm without any AV and didn't have a virus/malware running on the system in many years. I don't need AV, that's why I want it disabled.

Except for the fact that known safe sites occasionally end up with drive-by infections.

Anyway, I hope this solution works for you.

 

[notb]

Except for the fact that known safe sites occasionally end up with drive-by infections.

Similarly, I assume he opens e-mails just from people he trusts.
Did they also disable Defender? Do they also open just the sites they trust?

It's like some anti-vaccine movement.