7

I have Windows 10 ver 2004. Since Windows Defender changed to Microsoft Defender Antivirus I'm unable to turn it off. In Local Group Policy (gpedit.msc) under Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus there is a key "Turn off Microsoft Defender Antivirus". Every time I check "enable" and log out or reboot the key is back to "Not configured". How to keep it disabled permanently, and therefore turn off Microsoft Defender Antivirus essentially?


(source: windowscentral.com)

Improve this question
0

4 Answers 4

Reset to default
7

I have successfully removed the windows defender service with no side effects so far, other than windows notifying you that the defender service could not start.

Windows 10 Version 2004 build 19041.450

This eliminated defender from the PC

Use a bootable offline registry editor of choice, I used a windows 7 64bit ERD disc to do it, not publicly available but can be found. It has a registry editor.

Once booted into the registry editor navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend

delete the WinDefend key

I would export the key first, then if you want Defender back you can Merge the saved key back into the registry and reboot.

The key may be returned after certain Windows updates, so you will have to delete it again, thanks IGRACH

Improve this answer
12
  • 2
    YES. This is the way xD
    – IGRACH
    Commented Oct 8, 2020 at 20:00
  • Nice find on that!!!
    – Vomit IT - Chunky Mess Style
    Commented Oct 10, 2020 at 2:29
  • 1
    I still get notifications that my antivirus is off, but so far so good, windows stopped deleting files and making decisions for me.
    – john
    Commented Oct 27, 2020 at 16:26
  • That was noted in my answer.
    – Moab
    Commented Oct 27, 2020 at 17:27
  • 1
    And yes whole reg key is back after Windows update. You just need to delete it again.
    – IGRACH
    Commented Nov 12, 2020 at 15:10
0

I think I found out a very good workaround for the POLICY Setting getting reset to "Not Configured" every time you restart Group Policy Editor. I had the same problem and guessed out (correctly) that it was MsMpEng.exe running in the background that was resetting the policy back to "Not Configured".

So, before making any changes to the policy, head over to Task Manager, then to Performance Monitor from the Performance tab. Find MsMpEng.exe in any of the tabs in it (mostly on top in Memory or CPU tabs) and click on Suspend Process.

Then make the changes as required in the Group Policy Editor. It won't get reverted back. Please reply if it works, or didn't work.

NOTE :- Keep the MsMpEng.exe process suspended for as long as you like XD

Improve this answer
0

Use IceSpringDesktopHelper to block it without reboot.

Github: https://github.com/baijifeilong/IceSpringDesktopHelper

Snapshot:

enter image description here

Improve this answer
-1

I've managed to delete registry entry without booting from ERD or LiveCD. Just follow the instructions from this guide, disable service from autoruns and then delete registry entry from regedit.

Improve this answer
1
  • Welcome to SuperUser. Please have a look at how to write a good answer. An answer that's nothing but a link gets usually flagged for low quality, and eventually gets deleted. To prevent that you should Edit your answer and expand it so that the steps to resolving the issue are included; and leave the link as reference. Also please take the Tour to learn how Q&A sites differ from internet forums. From Review.
    – Peregrino69
    Commented Oct 4, 2021 at 21:07

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .