38
votes
Bye Windows Defender, I need to turn you back off again
Disable Windows Defender with Local Group Policy Settings
To Turn On or Off Windows Defender using Group Policy
Open the Local Group Policy Editor.
In the left pane of Local Group Policy ...
26
votes
Accepted
Does an Excluded Directory in Windows 10 Defender Also Include the Sub Directories?
Yes, excluding a directory in Defender will also exclude all files and subdirectories recursively.
- 408
26
votes
Accepted
How to monitor Windows Defender real time protection?
You can do this using ProcMon from SysInternals: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Run ProcMon as administrator.
Open the Filter (Filter > Filter...).
Create a Filter ...
- 43.2k
21
votes
Why has Windows Defender started removing shortcuts on 13 January 2023?
Disable (turn Off) the ASR rule "Block Win32 API calls from Office macros".
Ours was set to Warn, so you wouldn't expect it to delete or block access to files, but it did anyway!
I don't ...
- 845
19
votes
Does an Excluded Directory in Windows 10 Defender Also Include the Sub Directories?
sub directories are excluded, too. documented here: https://support.microsoft.com/en-sg/help/4028485/windows-10-add-an-exclusion-to-windows-defender-antivirus
- 579
19
votes
Accepted
Bye Windows Defender, I need to turn you back off again
The safest way to do this is to uninstall Avast! (in Programs and Features) and then to reinstall it. That will ensure that MS hasn't removed any part of the Avast! suite's protection. Reinstalling ...
- 31.6k
19
votes
Accepted
Windows defender flags an app but Norton says it's fine
I would scan the offending binary (if not too big) on Virus total. This will automatically provide a report from over 60 different anti virus products and if they detect it.
Then you can decide who to ...
- 358
17
votes
Bye Windows Defender, I need to turn you back off again
Disable Windows Defender with Local Registry Settings
If you're not able to use Group Policy then see To Turn On or Off Windows Defender using a REG file.
WARNING: Before working in the Windows ...
17
votes
Accepted
Your IT administrator requires a security scan of this item - *what* item?
I'd look in the eventlog to find out what the problem is.
The path would be:
Event Viewer > Applications and Services logs > Microsoft > Windows > Windows Defender > Operational
- 62.4k
15
votes
Accepted
How can you turn Core Isolation Memory Integrity back off again in Windows 10 build 17127 and later
I've been wondering about this, too; fortunately, it seems that it's as easy as setting the following registry key to 0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\...
- 166
13
votes
Accepted
Why has Windows Defender started removing shortcuts on 13 January 2023?
Because it is buggy...
[Short answer to the question "Why has Windows Defender started removing shortcuts today (13/01/2023)?"]
This issue is resolved in security intelligence update build ...
- 19.1k
12
votes
How to permanently disable Windows Defender Real Time Protection with GPO?
Regedit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
New > DWORD DisableAntiSpyware
Set it to 1
Reboot
If it doesn't work then one more step:
Regedit.exe
HKEY_LOCAL_MACHINE\...
- 243
11
votes
Does an Excluded Directory in Windows 10 Defender Also Include the Sub Directories?
Yes, subdirectories are covered by exclusions. HOWEVER, exclusions only apply to scanning, not to Real-Time Protection. If Real-Time Protection is active, every loaded executable is scanned, even ...
- 457
11
votes
Accepted
How to read the entire "Unauthorized changes blocked" message?
Alas that's the shortest I managed to find:
It's in the
Event Viewer
Application and Services
Microsoft
Windows
Windows Defender
Operational
The info about the program that triggered the ...
- 3,630
10
votes
Why has Windows Defender started removing shortcuts on 13 January 2023?
Problem tracked also by Microsoft at Microsoft 365 Admin Center as "MO497128: Some users are unable to utilize the Application shortcuts on the Start menu and taskbar".
Also set the delayed ...
- 101
9
votes
Disabling Microsoft Antimalware service
OK appears the UI has changed, at least with windows 10 "creators update":
Settings app -> "Update & Security" -> Windows Defender -> "Open Windows Defender ...
- 2,244
9
votes
Accepted
Suppress "Windows Defender Antivirus did not find any threats..." notification on Windows 10
You can turn off Enhanced Notifications for Windows Defender:
Press Windows + i.
Click Update & Security.
From the Update & security sidebar, click Windows Defender.
Scroll to the Enhanced ...
- 915
9
votes
Script to add Regkey Exception to Windows Defender
Not really an answer, but I do it through the registry here is the info:
File and folder exclusions are stored in the registry key below.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
...
- 199
9
votes
Windows Defender won't delete or restore quarantined threat
Let's fix the issue from Command prompt.
First open Command Prompt as Administrator. Then run cd "%ProgramFiles%\Windows Defender". Now run MpCmdRun.exe -restore -listall and you will get a ...
- 8,664
9
votes
Is this a Trojan? Random Windows 10 Microsoft Defender Antivirus sample submission message. What is this?
Best guess would be that because the built-in Defender routines can't fully recognise or analyse the content, it's asking you if you will allow that data to be sent to "Microsoft central" ...
- 50k
8
votes
Accepted
Windows Defender: Disable real time; keep scheduled and on demand scanning
The "Turn off real-time protection" Group Policy setting, located under Computer Configuration\Administrative Templates\Windows Components\Windows Defender should do what you want.
In my system, ...
- 1,577
8
votes
Accepted
My own backup program was detected as "Win32/Bearfoos.A!ml" virus
I would choose Ramhound's comment as the answer:
"You will need to report the false positive to Microsoft, unless you report the false positive, Windows Defender will continue to detect it as ...
- 151
8
votes
Windows defender flags an app but Norton says it's fine
Assuming the SmartScreen warning message was along the lines of
Windows SmartScreen prevented an unknown application from running. Running this application might put your PC at risk.
... all that ...
- 5,884
7
votes
Accepted
Temporarily Stop All Microsoft Windows Defender Processes In Windows 10
A Step-by-Step Guide to Temporarily Disabling Windows Defender and then Re-Enabling it on Windows 10
Initial One-Time Setup #1 - #4 per PC
1. Make a Windows Defender Folder Exclusion
First to start,...
7
votes
How to monitor Windows Defender real time protection?
Microsoft offers now for this purpose Microsoft Defender Antivirus Performance Analyzer:
A PowerShell command-line tool that helps you determine files, file
extensions, and processes that might be ...
- 71
7
votes
Can't disable Windows Defender via Group Policy or the Registry
I found the solution. It turns out that Windows Defender is so ingrained within Windows 10 that it comes with its own "anti-tamper" protection.
This does two things: prevents you from creating the ...
- 333
7
votes
Accepted
Microsoft Defender Antivirus is disabled, but back to normal after reboot. How to disable it permanently?
I have successfully removed the windows defender service with no side effects so far, other than windows notifying you that the defender service could not start.
Windows 10 Version 2004 build 19041....
- 58.4k
6
votes
Accepted
How does Windows Defender know that an antivirus has been installed?
Windows Defender will only know if you have an antivirus program running if that antivirus program reports itself to your windows system. Here is a link that says this from Microsoft themselves: Link
- 972
Only top scored, non community-wiki answers of a minimum length are eligible