DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program on the endpoint. This setting is not intended for consumer devices, and we’ve decided to remove this registry key. Also, to improve the security posture of our customers and ensure parity across our offerings (SKUs), setting DisableAntiSpyware (and disabling Microsoft Defender Antivirus) on client endpoints will be ignored for customers using Microsoft 365 E3 or E5. This change is included in Microsoft Defender Antimalware platform version 4.18.2108.4 and later (see KB405623). This setting is protected by tamper protection, which is available in all editions of Windows 10, version 1903 and later. Tamper protection is enabled by default for consumers and new enterprise customers. The impact of removing DisableAntiSpyware is limited to versions of Windows 10 prior to 1903 using Microsoft Defender Antivirus. This change does not impact non-Microsoft antivirus connections to the Windows Security app. Those connections will still work as expected.
DisableAntiSpyware specifies whether to disable Microsoft Defender Antivirus. Microsoft Defender Antivirus is an application that can prevent, remove, and quarantine malicious software, including spyware.
|true||Turns off Microsoft Defender Antivirus, as well as third-party antivirus software and apps.|
|false||Turns on Microsoft Defender. This is the default value.|
Setting this value to true will not change Microsoft Defender Antivirus behavior on client devices (both managed and unmanaged). This setting only applies to Windows Server.
Valid Configuration Passes
Security-Malware-Windows-Defender | DisableAntiSpyware
- Windows Server