Prevent users from seeing or interacting with the Windows Defender Antivirus user interface

Applies to:

You can use Group Policy to prevent users on endpoints from seeing the Windows Defender Antivirus interface. You can also prevent them from pausing scans.

Hide the Windows Defender Antivirus interface

In Windows 10, versions 1703, hiding the interface will hide Windows Defender Antivirus notifications and prevent the Virus & threat protection tile from appearing in the Windows Security app.

With the setting set to Enabled:

Screenshot of Windows Security without the shield icon and virus and threat protection section

With the setting set to Disabled or not configured:

Screenshot of Windows Security showing the shield icon and virus and threat protection section

Note

Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually configure the notifications that appear on endpoints

In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning that says, "Your system administrator has restricted access to this app."

Warning message when headless mode is enabled in Windows 10, versions earlier than 1703

Use Group Policy to hide the Windows Defender AV interface from users

  1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.

  2. Using the Group Policy Management Editor go to Computer configuration.

  3. Click Administrative templates.

  4. Expand the tree to Windows components > Windows Defender Antivirus > Client interface.

  5. Double-click the Enable headless UI mode setting and set the option to Enabled. Click OK.

See Prevent users from locally modifying policy settings for more options on preventing users form modifying protection on their PCs.

Prevent users from pausing a scan

You can prevent users from pausing scans, which can be helpful to ensure scheduled or on-demand scans are not interrupted by users.

Use Group Policy to prevent users from pausing a scan

  1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click Edit.

  2. Using the Group Policy Management Editor go to Computer configuration.

  3. Click Administrative templates.

  4. Expand the tree to Windows components > Windows Defender Antivirus > Scan.

  5. Double-click the Allow users to pause scan setting and set the option to Disabled. Click OK.