question

ivanmatic-7206 avatar image
1 Vote"
ivanmatic-7206 asked GabrielCatanha-9234 published

Can't disable Windows Defender by using group policies

I have recently installed Win 10 Pro
No matter how many times i try to disable Defender Antivirus with Group Policy Editor (Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus) by activating the policy "Turn off Windows Defender Antivirus" and clicking OK, Windows just ignores all my attempts and revert it back on like nothing happened...

It just turns Turn off Windows Defender Antivirus from enabled back to Not configured
When i close gpedit and open it back again i can see it's back to Not configured

I've been using PC's for 25 years without Antiviruses by using only common sense and Process Explorer
Why is Microsoft forcing me to use something i don't want on my own computer?

windows-10-securitywindows-group-policy
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hey,

I think I found out a very good workaround for the POLICY Setting getting reset to "Not Configured" every time you restart Group Policy Editor. I had the same problem and guessed out (correctly) that it was MsMpEng.exe running in the background that was resetting the policy back to "Not Configured".

So, before making any changes to the policy, head over to Task Manager, then to Performance Monitor from the Performance tab. Find MsMpEng.exe in any of the tabs in it (mostly on top in Memory or CPU tabs) and click on Suspend Process.

Then make the changes as required in the Group Policy Editor. It won't get reverted back. Please reply if it works, or didn't work.




3 Votes 3 ·
11553993 avatar image 11553993 ProphetOfRegret-0662 ·

Great idea! Worked on lastest insider release. This must be the best way to handle WD.

0 Votes 0 ·

Awesome. Totally works

0 Votes 0 ·
TeemoTang-MSFT avatar image
0 Votes"
TeemoTang-MSFT answered TeemoTang-MSFT commented

Sorry, my fault.
I test again on my two devices, one is 2004 and another is 20H2. The Group policy method on 2004 machine succeed and on 20H2 machine failed, just like yours.
57957-2004png.jpg
On 20H2 machine, after I enabled Turn off Windows Defender Antivirus and restart computer, Windows Defender is not turned off even this policy return back Not Configured.
57934-2009.jpg
So I search online and find out this good case, try the tool named Autoruns to disable Windows Defender service.
https://www.tenforums.com/antivirus-firewalls-system-security/167105-unable-disable-windows-defender-1909-a.html



2004png.jpg (123.7 KiB)
2009.jpg (123.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

it worked, thnx for effort

0 Votes 0 ·

you are welcome

0 Votes 0 ·
learn2skills avatar image
0 Votes"
learn2skills answered learn2skills edited

@ivanmatic-7206

I found the solution. It turns out that Windows Defender is so ingrained within Windows 10 that it comes with its own "anti-tamper" protection.

This does two things: prevents you from creating the registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender by giving you a generic error message and also renders the group policy change ineffective.

In order to disable this, I had to follow these instructions:

  1. Go to Virus & threat protection

  2. Click on Manage Settings

  3. Turn off Tamper Protection

  4. Proceed to enable the group policy Turn off Windows Defender Antivirus in Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus or add the registry key.

  5. Restart PC

refer - https://superuser.com/questions/1500683/cant-disable-windows-defender-via-group-policy-or-the-registry

Please don’t forget to Accept the answer and up-vote wherever the information provided helps you, this can be beneficial to other community members.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Tamper Protection is off the whole time

0 Votes 0 ·
TeemoTang-MSFT avatar image
0 Votes"
TeemoTang-MSFT answered ivanmatic-7206 commented

Your method is correct.
When you install some 3rd party antivirus (AV) programs, they may automatically turn off Microsoft Defender Antivirus. In this case you may not be able to turn on Microsoft Defender Antivirus again until the 3rd party AV program has been disabled (turned off) or completely uninstalled.
If you have a 3rd party AV program installed and disable Microsoft Defender Antivirus, this will also disable periodic scanning.
If you have Windows 10 build 18305 or higher installed, you will need to turn off Tamper Protection to be able to disable Microsoft Defender Antivirus.

Refer to this article below for detailed steps
https://www.tenforums.com/tutorials/5918-how-turn-off-microsoft-defender-antivirus-windows-10-a.html
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

i don't want to turn it on i wanna turn it off, did you even read my question?
i don't want any antivirus and Tamper Protection is off the whole time

0 Votes 0 ·

The link introducing how to turn off by GPO and registry, did you even read my post?

0 Votes 0 ·
  1. literally the title of my question is that i can't disable Windows Defender by using group policies and you are sugesting me that i should disable it by using group policies

  2. Microsoft disabled turning off Defender by registry last year (https://pureinfotech.com/windows-10-removes-disableantispyware-disable-defender/)

I guess Microsoft is my nanny, it knows better than i do what i need on my PC










0 Votes 0 ·
ivanmatic-7206 avatar image
0 Votes"
ivanmatic-7206 answered

yeah i do have 20H2, i'm gonna check it

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Mark-Heitbrink avatar image
0 Votes"
Mark-Heitbrink answered davidfishwick-0973 published

Hi ivanmatic-7206

since August 2020 (Microsoft Defender Antimalware platform Version 4.18.2007.8, KB 4052623) you can not longer disable Windows Defender by Group Policy for Security Reason. The only way to disable it, is to install a 3rd Party Antiviurs, that disables Defender via API or disable it manually as an Administrator by clicking it.

https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Not true. I can still disable Defender with the registry (i'm on 20h2) and my defender malware engine is up to date The article actually states that it only applies to versions of windows prior to 1903 (which are out of date anyway).

0 Votes 0 ·