How do I completely turn off Windows Defender from PowerShell?
Solution 1
After going for hours through the docs: https://docs.microsoft.com/en-us/powershell/module/defender/index?view=win10-ps
Just decided to uninstall it. This works on WS 2016 with PS 5.1.
Remove-WindowsFeature Windows-Defender, Windows-Defender-GUI
The below didn't work for me (from a blog dated 2011-2012), but give it a try before you uninstall:
Get-Service WinDefend | Stop-Service -PassThru | Set-Service -StartupType Disabled
Later edit: Found a way for Windows 10, tested on 20H2 only. Please add a comment if it works for previous builds.
Set-MpPreference -DisableRealtimeMonitoring $true
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
Solution 2
from windows server 2016 you could try
uninstall-windowsfeature -name windowsserverantimalware
Solution 3
For example you can use something like this - > Run PowerShell console as Administrator - > Paste to console and hit enter
Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Full list of options with description available at: https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps
Related videos on Youtube
02 : 17
05 : 51
08 : 52
06 : 34
03 : 50
Geoffrey McCosker
Updated on September 18, 2022Comments
-
Geoffrey McCosker over 1 year
Set-MpPreference -DisableRealtimeMonitoringdisables the first one, what are the specific switches to disable the others you see when you open the UI? I have not found a clear example of this in the docs and I don't feel like running EVERY disable switch because MS docs are bad.
-
KERR over 5 yearsI had to use "Set-MpPreference -DisableRealtimeMonitoring $true" to disable it on Win10 1809.
-
-
KERR over 5 yearsThis doesn't appear to work on Win10 (tested on v1809).
-
Admin almost 2 yearsI can't downvote, but here's my warning: This script breaks the service completely for me. I'm unable to turn it back on after running the script even after a reboot. -
Admin almost 2 yearsActually there is an update to my post. I did not mention that Windows made it on purpose impossible to turn completely off Windows defender's real time protection, you can only turn off some features like cloud based protection, but it will always remain active somehow, even with this script. to be able to turn it off completely you must manually turn off "Tampler protection", because this is what windows wants to avoid, to be able to turn off Defender protection by script. Now I am not saying that its not possible with any kind of malware, kali linux attack or something like that.
-
Admin almost 2 yearsTo answer your question, you should be able to turn it on again manually but the script makes some reboot tasks. To avoid it get to this path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp" and delete \disable-defender.lnk script because this causes the defender of windows to turn off completely