How to disable Windows 10 defender service (W10 1909)

Question

On Windows 10 1909 enterprise, I have a process "Antimalware Service executable", within which the service: "Windows defender antivirus service"; which takes 115BM of memory.

However, in group policy, "Windows defender antivirus" I have "Turn off Windows defender antivirus" enabled, which help says:

This policy setting turns off Windows Defender Antivirus.

If you enable this policy setting, Windows Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.

As well as "Turn off real-time protection" enabled (but this should not change a thing since the sus-mentionned parameter was turned off).

If I remember well the process was not running in 1809 with this policy. How can I in the end disable the process ? Is this a bug ?

Answer 1

The correct action is to disable the Tamper protection in Windows security/virus&threat protection settings. Even without the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = 1 the group policy Turn off Windows defender antivirus to enabled will have effect.

Registry keys should be used as last option.

Answer 2

Another method. Go to Settings, Security, Virus & threat protection, Manage settings, Tamper protection. Set to Off. Then add this:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

Answer 3

After a fresh windows installation make sure you do all the windows updates. For some reason windows wont always find all the needed/recent updates for your device right away so let your PC on for a day or two, restart every 5-6 hours and check for windows updates during these two days. After these two days, make sure every device in device manager is working properly (no unknown devices or yellow triangles under devices), so either install windows optional updates (which should install the appropriate drivers), or download the drivers for your device yourself.

At the last day of the updates, use window's cleaner to clean the window's updates cache:

restart, and check for updates one last time.

After these are done:

Disable tamper protection in windows defender and then use:

winaerotweaker to disable windows update (and other crap) and restart,
IObit Unlocker or Unlocker to remove Antimalware Service Executable folder and file from your hard drive.

Additionally:

WPD.exe to disable telemetry and restart,
OOSU10.exe to disable whatever is left and restart.

Win-Debloat-Tools to debloat your system (they have some in-depth tweaks) and restart.

Finally, its useful to follow a video as this as every year, new people find new ways to debloat windows.

Remember that after a windows update, some of the disabled features might get re-installed/re-enabled. Make sure you have automatic windows updates turned off (check for windows updates when you want to check) and every now and then check the window's features configuration (if they got re-enabled).

I have achieved less than 2.5 GB ram usage with the above tools.

For daily use I recommend using BCuninstaller to uninstall files (its a deep uninstaller but open-source) in combination with everything which is a tool that can search everything in your PC, to delete leftovers from uninstalled programs (as BCuninstaller can't find everything).

Tools like CCleaner are good for registry cleaning and important: startup programs disabling. Disabling program's auto-update features and just enabling them once every 3-4 months just for the updates to happen, is a great way to save some GBs of ram. There are some startup stuff you might disable from CCleaner and ruin your day, like you can disable the Wifi completely, the printer capability and the audio of windows. They are reversible, just find out which service was the one for audio/wifi/printer and re-enable it.

After doing all of the above, you might want to do something to reduce latency (includes unlocking all cores of your CPU, using a debloater for your Nvidia drivers etc.), I recommend this video.

Answer 4

There are two options. You can use Defender Remover / Defender Disabler tool.

Or privacy.sexy script. Type in 'defender' in search and there are various scripts available to disable various functions of Microsoft Defender.

However, I do not suggest checking Microsoft Defender firewall since it will eventually cause issues with your system when you try to use Windows installer (msi files) for example and it won't be able to add firewall rules and installer process might fail with "Setup Wizard ended prematurely" type of errors.

Answer 5

One hacky solution that actually worked for me:

• Boot into an Ubuntu Live from a USB stick (or any other live usb operating system of your choice)
• Mount the drive with your windows installation and go to C:\ProgramData\Microsoft directory
• Here you'll find the "Windows Defender" directory. Rename it to anything else, for example "Windows Defender Nostartup"
• You may probably also want to rename the "Windows Defender Advanced Threat Protection" directory. I did.
• Now boot back into your windows installation, and you'll see that finally the nagging "Windows Antivirus Protection" process is not in the task manager. Yay!

Luckily, absence of "Windows Defender" directory does not appear to get in the way of the system startup, which was a kind of gamble.