Windows 11 Group Policy Windows Defender Broken?

Stan Kasper 1,376 Reputation points
2021-10-13T22:25:35.297+00:00

I use Windows Group Policy. I have set the Microsoft Defender Antivirus polity off but when I reboot it changes and is back on. Here is what the policy says:

This policy setting turns off Microsoft Defender Antivirus. 

If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.

If you disable this policy setting, Microsoft Defender Antivirus will run regardless of any other installed antivirus product.

If you do not configure this policy setting, Windows will internally manage Microsoft Defender Antivirus. If you install another antivirus program, Windows automatically disables Microsoft Defender Antivirus. Otherwise, Microsoft Defender Antivirus will scan your computers for malware and other potentially unwanted software.

Enabling or disabling this policy may lead to unexpected or unsupported behavior. It is recommended that you leave this policy setting unconfigured.

If the policy is enabled ' If you enable this policy setting, Microsoft Defender Antivirus does not run, and will not scan computers for malware or other potentially unwanted software.'

That is not what is happening. Please give me an option to disable Defender that works.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,208 questions
0 comments
Accepted answer
  1. Leon Laude 85,666 Reputation points
    2021-10-14T06:04:58.647+00:00

    Hi @Stan Kasper ,

    As I mentioned in your other post over here: https://learn.microsoft.com/en-us/answers/questions/589666/windows-11-group-policy-defender-antivirus.html
    This is by design and is not broken, configuring the setting to true will not change the Microsoft Defender Antivirus behavior on client devices, this GPO only applies for Windows Server, this could of course be more clear in the GPO description.

    The link below tells more about this:
    https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware

    ----------

    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,
    Leon

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,366 Reputation points
    2021-10-14T09:48:12.083+00:00

    Hi there,

    Permanently disabling Windows Defender can be challenging. Methods that worked in Windows 10 don’t seem to work in Windows 11 anymore. What seems to work though is taking ownership of the Windows Defender executable and remove all permissions from it. This way the system principal can’t start the Microsoft Defender services. Having a third-party AV software is one method that turns off Microsoft Defender.

    If the reply is helpful, please Upvote and Accept it as an answer

    0 comments