Skip to content

How to permanently disable Windows Defender in Windows 10 21H2

It appears that Microsoft made it harder to get rid of Windows Defender in the latest versions of their out-of-control OS.

Previously, in version 1607 for instance, you could simply disable it by opening the Local Group Policy Editor (just start typing it in the Start Menu to find it), going to Computer Configuration => Administrative Templates => Windows Components => Microsoft Defender Antivirus and setting “Turn off Microsoft Defender Antivirus” to “Enabled”.
Later on, they added a “Tamper Protection” in Windows Security settings that you must first turn off in order to be able to enable the above-mentioned policy (see below for more details).

Now, they made it so that if you only do those 2 things, or equivalent stuff described for instance there or there, Windows Defender will eventually (and much sooner than later) re-enable itself, removing your added registry keys and/or policies. It took me a few days of “trial and error” (or should I say, trial and getting screwed by MS) to figure it out, and maybe what I ended up doing is a bit overkill, but here is what worked for me:

Step 1: disable everything in the Virus & threat protection settings (you should be able to search for these straight from the start menu or from the settings “app”). Which, as I’m writing those lines, is:

  • Real-time protection (the one that said “yay you can disable me but f*** you I’ll re-enable myself very fast anyway, haha, screw you, user”)
  • Cloud-delivered protection
  • Automatic sample submission
  • Tamper protection

Probably only the 4th one is truly needed here, as step 2 should take care of the rest, but it doesn’t cost much to click a few extra buttons, does it?

Step 2: go lock all this in the Local Group Policy Editor. Run it by typing its name in the start menu, or also via Windows key + R then “gpedit.msc”, then navigate to Computer Configuration => Administrative Templates => Windows Components => Microsoft Defender Antivirus and:

  • Set “Turn off Microsoft Defender Antivirus” to “Enabled” (yup, so intuitive, you need to enable a “disable-ation”… Microsoft is still Microsoft…)
  • Set “Turn off routine remediation” to “Enabled” too

Then go into the “Real-Time Protection” subfolder and:

  • Set “Turn off real-time protection” to “Enabled”
  • Set “Turn on behavior monitoring” to “Disabled”
  • Set “Scan all downladed files and attachments” to “Disabled”
  • Set “Monitor file and program activity on your computer” to “Disabled”

And that’s “all”. So simple. So user-friendly.
With all this, you’re still able to run quick scans manually if you wish, but they shouldn’t run on their default daily schedule anymore. And the virus database should still be kept up-to-date.
Reverting the changes is easily done by removing those policies and changing the settings back to what they were. I guess just removing some of the policies might even be enough, considering Windows Defender’s tendency to turn itself back on spontaneously.

That’s all folks, until the next stupid update that changes stuff you don’t want changed.

Posted in Windows 10.

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA