8

I have Windows 10 ver 2004. Since Windows Defender changed to Microsoft Defender Antivirus I'm unable to turn it off. In Local Group Policy (gpedit.msc) under Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus there is a key "Turn off Microsoft Defender Antivirus". Every time I check "enable" and log out or reboot the key is back to "Not configured". How to keep it disabled permanently, and therefore turn off Microsoft Defender Antivirus essentially?


(source: windowscentral.com)

Glorfindel
  • 4,158
IGRACH
  • 478

4 Answers4

8

I have successfully removed the windows defender service with no side effects so far, other than windows notifying you that the defender service could not start.

Windows 10 Version 2004 build 19041.450

This eliminated defender from the PC

Use a bootable offline registry editor of choice, I used a windows 7 64bit ERD disc to do it, not publicly available but can be found. It has a registry editor.

Once booted into the registry editor navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend

delete the WinDefend key

I would export the key first, then if you want Defender back you can Merge the saved key back into the registry and reboot.

The key may be returned after certain Windows updates, so you will have to delete it again, thanks IGRACH

Moab
  • 58,769
0

I think I found out a very good workaround for the POLICY Setting getting reset to "Not Configured" every time you restart Group Policy Editor. I had the same problem and guessed out (correctly) that it was MsMpEng.exe running in the background that was resetting the policy back to "Not Configured".

So, before making any changes to the policy, head over to Task Manager, then to Performance Monitor from the Performance tab. Find MsMpEng.exe in any of the tabs in it (mostly on top in Memory or CPU tabs) and click on Suspend Process.

Then make the changes as required in the Group Policy Editor. It won't get reverted back. Please reply if it works, or didn't work.

NOTE :- Keep the MsMpEng.exe process suspended for as long as you like XD

Yash Kalwani
  • 1
0

Use IceSpringDesktopHelper to block it without reboot.

Github: https://github.com/baijifeilong/IceSpringDesktopHelper

Snapshot:

enter image description here

BaiJiFeiLong
  • 111
-1

I've managed to delete registry entry without booting from ERD or LiveCD. Just follow the instructions from this guide, disable service from autoruns and then delete registry entry from regedit.

Peregrino69
  • 5,004
iMISHRA
  • 1