8

Quite simply I'm looking for a way to disable Microsoft's security essentials service from the command line, you used to be able to run the command (as admin)

net stop MsMpSvc

but that was somehow rendered useless after an update (err 5:access denied) .

I then even ran a shell as 'SYSTEM' user (which is the user that MsMpSvc runs under) but alas still get an access denied message using the commands taskkill (for msmpeng.exe) and stop-service with the -force argument.

Is there a way around this?

Yes I'm aware of the security implications of this

Nifle
  • 34,998
regularjoe
  • 221
  • 2
  • 3
  • 7

6 Answers6

2

The Microsoft Antimalware service is protected in various places against being disabled, because this is an attack vector used by certain types of malware. Unfortunately when we have cause to legitimately disable the service, we are then unable to do so.

Ross Presser
  • 1,470
1

Override the permissions with SubInACL, set the service to manual in the registry, then reboot.

There is no point in killing a service that is designed to not be killed, you disable its boot entry instead.

Tamara Wijsman
  • 57,881
0

Solution for my Windows 7: How to disable the "culprit" MsMpEng.exe. Backstory: My old Windows 7 drove me nuts executing MsMpEng.exe for hours whenever I started the system. I search the net and tried whatever "solutions" I could find to solve the problem. Nothing worked on this Windows 7. Windows Defender wrongly said it is disabled. Finally my simple solution that worked for me:

  1. Boot to Safe Mode with the usual Windows desktop.
  2. Kill the again running MsMpEng.exe with 100% cpu, which worked.
  3. Remove/Rename C:\Program Files\Microsoft Security Client\MsMpEng.exe
  4. Job done (probably until next update of Windows 7).

Notes

  • Yes, Windows 7 still gets updates.
  • Find out where MsMpEng.exe is really located.
  • All the obvious solutions to disable Windows Defender failed.
  • To schedule when Windows Defender should run failed.
  • After EVERY boot MsMpEng.exe ran for hours until it finished.
  • After I applied my solution I could work normally immediately after every boot.
Alex
  • 1
0

Try using the sc command to configure the state of the service:

sc config MsMpSvc start=disabled

Then if the service is stopped you can use net stop or sc stop to stop the service. It depends on your version of Windows, but you need to ensure that the command prompt was opened with Administrative access:

http://technet.microsoft.com/en-us/library/cc947813%28v=ws.10%29.aspx

Dion Pezzimenti
  • 524
  • 2
  • 9
-2

Open microsoft security essentials

go to settings

press on the tab called "real-time protection"

untick the checkmark box to disable real-time protection

that's it.

Gnurt
  • 1
-2

Disabling MSE does nothing to stop MsMpEng from taking top priority right at start-up and maxing out your computer's CPU and RAM until it's damn good and ready. You cannot change the priority. You cannot temporarily disable it while some other CPU-sucking Microsoft application [e.g. the virus known as Windows Update] is running.

Whoreson.

Wal Ford
  • 1