After Windows 10 v.1809 Microsoft enable Tamper Protection in Windows Defender. Tamper Protection are prevented from taken actions such as Disabling virus and threat protection, Disabling real-time protection, Turning off behavior monitoring, Disabling antivirus (such as IOfficeAntivirus (IOAV)), Disabling cloud-delivered protection, Removing security intelligence updates, Disabling automatic actions on detected threats.
For this reason every action to disable Windows Defender from Group Policy or registry will failed
Today will be discuss different ways to disable Windows Defender.
Why to Turn Off Windows Defender
It's very important to understand the impact that we can have when Turn Off Windows Defender in a PC of a Home user or in a Company environment.
Windows Defender has the ability to turn off automatically when recognize that another Antimalware solution installed. So you don't need to do anything when you setup a new Antimalware solution.
However when you don't have any other Antimalware solution then it's not recommended to turn off Windows Defender permanently. You will be unprotected from every single threat in the Internet.
Imagine that the door of your house is open all day. Would you ever do that?
The only reason to turn off the Windows Defender is if you want to test a software, track performance of your pc or anything that must avoid for small period of time the Windows Defender.
When you will finish with your job must be enable it again.
The impact will be much bigger if keep turn off the Windows Defender in a company environment if you have it as antimalware solution.
I can hear you to say that Windows Defender it's not good as other antimalware solution. It's not updated frequently ! Why to use it?
It's better to have something instead of nothing.
Turn Off Windows Defender in a PC for a Home user
I hope to understand the impact to run off Windows Defender permanently and the only reason that will turn off is a temporary period of time.
For a home user or a standalone PC/Laptop it's very simple to turn off Windows Defender.
Follow the steps below:
- Click the Start button -- Settings
- Click on Update and Security
- Click Windows Security
- Click in Virus and threat Protection
- A faster way is to click Start and type Windows Security.
- Click Manage settings from Virus & threat protection settings
- Click on bar Real time Protection to turn off
- Anytime that you want to enable it just click again in bar Real-time protection to turn it on again.
One thing to keep is if your restart the computer Windows Defender will automatically turn on.
Also another one thing to keep is that after v.1809 you can't change any value from registry related with the Windows Defender in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender.
If you try it you will get the following error
Turn off Windows Defender on PC/Server in a Company environment
In a corporate PC or Server it's more complicated because you have to face different factors as IT Pro.
Let's examine first which are the most common reasons to turn off the Windows Defender temporary in a corporate PC or Server.
- Troubleshooting performance issues.
- Update errors
- Application interference. Sometime maybe block application that use it in the company
If you have a standalone Server or PC that you want to do some tests then you can follow the same steps from previous section related with the Home user.
But when you have multiple PC or Servers that must be turn off the Windows Defender then you have to resolve a different task.
Microsoft has made more difficult to disable Windows Defender after Windows v.1809 include the Tamper protection as wrote in the beginning.
Group Policy it's not applied in Windows Defender anymore.
The only ways to turn off the Windows Defender are the followings
Turn off Windows Defender using Intune Microsoft Endpoint Manager
If you want to disable Windows Defender in multiple devices without need to do it manual one way is with the Intune Microsoft Endpoint Manager.
Unfortunately only those that has Intune can follow the instructions.
Before proceed the devices that you would like to apply the policy must be MDM Compliance
- Login to Microsoft 365 Tenant
- Click in Admin from the left side
- Click Endpoint Manager from the left side
- Click Endpoint Security from the left side
- Click on Antivirus.
- Create a Policy
- In Platform select Windows 10 and later
- In the Profile select Windows Defender Antivirus and click Create
- Type a Name for the Profile.Click Next
- Expand the Real-time protection.
- In the Turn on real-time protection select Disable.
- Click Next
- Leave the Default Scope Tags.
- In the Assignment select which devices wants to apply the Policy. Click Next
- Click Create
- Wait until device update with the new Intune policy
Turn off Windows Defender using Microsoft Defender for Endpoint
Another one way that can use to Turn off Windows Defender is from Microsoft Defender for Endpoint Console which is an extra service in Microsoft 365.
You can read how can do it from Microsoft Docs in Configure Microsoft Defender for Endpoint in Intune