How to permanently disable Windows Defender Real Time Protection with GPO?

gpo windows-defender
62,859

Solution 1

In newer versions of Windows, Group Policy settings for Microsoft Defender are reverted back.
To prevent this, before changing them:

  1. Open Resource Monitor (type resmon.exe in the search box)
  2. Overview
  3. Find MsMpEng.exe in the list
  4. Right-click > Suspend Process

In newer versions of Windows, Tamper Protection was added.
Tamper Protection must be disabled before changing Group Policy settings, otherwise these are ignored.

  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

To permanently disable real-time protection:

  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  3. Enable Turn off real-time protection
  4. Restart the computer

To permanently disable Microsoft Defender:

  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  3. Enable Turn off Microsoft Defender Antivirus
  4. Restart the computer

Solution 2

  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  • New > DWORD DisableAntiSpyware
  • Set it to 1
  • Reboot

If it doesn't work then one more step:

  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection (create this key if not existing)
  • New > DWORD DisableBehaviorMonitoring; set it to 1
  • New > DWORD DisableOnAccessProtection; set it to 1
  • New > DWORD DisableScanOnRealtimeEnable; set it to 1
  • Reboot

You can also save the code below to disable_realtime_protection.reg and run

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001

Solution 3

I tried all suggestions here prior to today and tried this, this, this.

The only thing that works right now, Jan 2021, is a version of this. I have to run this every time I boot Windows 10. Sometimes even during the day, Defender will enable itself. Argh! So i have to run it again. Because of all this manual labor, I set up a Shortcut Key Ctrl + Shift + Alt + F12 to run the disable command. After pressing that shortcut I have to still answer Yes to the "Allow this program to make changes" dialog.

Steps

  1. Right click on your desktop then select New then Shortcut. Leave this on your desktop so that Windows finds the shortcut key.
  2. In the Target box type this code.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Set-MpPreference -DisableRealtimeMonitoring $true
  1. In the Shortcut key box press any key you want to use to run this shortcut. I used Ctrl + Shift + Alt + F12.

enter image description here

  1. Press Advanced then enable Run as administrator.

enter image description here

  1. Press OK twice. You're done.

You should know that Windows will keep annoying you with notifications to turn on virus protection. It's non stop madness ... in the battle to reclaim CPU power from the sharp clutches of Mr. Evil Real-time Defender of MS. Just ignore it.

I hope MS sees this and fixes this because it's so obtrusive of them to force real-time defender on all the time. It grinds my fast computer to a crawl.

Share:
62,859
joe-jeff
Author by

joe-jeff

Updated on January 15, 2022

Comments

  • joe-jeff
    joe-jeff over 2 years

    I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO, Real-Time Protection is shown as off. However after a reboot the Protection is magically enabled again.

    GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.

    In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.

    I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I configure group policies using C#?
Setting GPO security filter with powershell Set-GPPermissions cmdlet
Pyinstaller .exe throws Windows Defender [no publisher]
Uninstall Pre-installed Norton Internet Security, And Enable Windows Defender?
(Urgent) Windows 10 reboot stuck at "Preparing Windows" with Defender trying to remove "virus"
How can I fix Windows Defender error code in Windows 8.1?
Failiure to update Windows defender virus & spyware definition - 0x8024402c
How can I set up Windows Defender in Windows 10 to scan removable devices like in Windows 8.1?
Is it safe to remove Windows Defender?
Do I need Norton Internet Security if my Windows 8 machine has Windows Defender?