disable-windows-defender.github.io icon indicating copy to clipboard operation
disable-windows-defender.github.io copied to clipboard

Published 20 hours ago verified publisher icon disable-windows-defender

Disabling Windows Defender via the registry is no longer possible in recent Windows 10 versions

Open Calinou opened this issue 4 years ago • 9 comments

Alternatives are welcome. Feel free to post if you have any ideas :slightly_smiling_face:

Calinou avatar Oct 03 '20 09:10 Calinou

Sorry I was blind side by that message I did not see it sorry about thanks for the response

ginger007tb avatar Oct 03 '20 22:10 ginger007tb

Haven't tried, but here: https://github.com/Crocodile1337/AV-Disabler

sakkamade avatar Oct 16 '20 16:10 sakkamade

Haven't tried, but here: https://github.com/Crocodile1337/AV-Disabler

Not there :(

SuperJMN avatar Jun 23 '21 13:06 SuperJMN

So, I have a personal method to disable the Defender using regedit and it works even without rebooting. It works on Windows 10, Windows 11 23H2, 22H2, Windows Insider Beta. So firstly, if you dont want to have any problems with permissions, download any tool that allows to launch applications with TrustedInstaller permissions. What I use is Winaero tweaker, search for tweak called "run as trustedinstaller" and then type regedit and launch. But first disable all settings in windows defender settings like tampering protection etc everything.

Also remember, when you create something click on dword 32bit

The method and steps:

go to:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender and in this folder click on it and create a dword 32bit and name it DisableAntiSpyware, and put 1
  2. in the same folder create a DisableAntiVirus dword and put 1. By now it should disable AntiMalwareService executable, but still continue on this method.
  3. in the same folder find a folder called real-time protection (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection) and there create DisableRealtimeMonitoring and set 1, also create DpaDisabled and set 1
  4. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender and in this folder create DisableAntiSpyware & DisableRealtimeMonitoring and set all to 1
  5. from there, go to real-time protection folder and create these: DisableBehaviorMonitoring, DisableOnAccessProtection, DisableRealtimeMonitoring, DisableScanOnRealtimeEnable and set all to 1
  6. from there go to spynet folder and there set SpyNetReporting to 0 (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet)
  7. close regedit
  8. open task scheduler as administrator and check all the folders and tasks for any windows defender related tasks and disable or delete them, if needed you can do it with trustedinstaller perms but it is usually not needed this time.
  9. you're free to go! let me know if this worked (don't go into defender settings because it might trigger reset of the 1. and 2. step or something)

STEPS IF IT DIDN'T WORK AND ANTIMALWARE SERVICE IS STILL RUNNING: Make sure to repeat the steps above again and see if it works.

backup plan: Go into safe mode with internet access and disable windows defender antivirus services If you can't, you can also try with powershell: Set-Service -Name "SERVICE-NAME" -Status stopped -StartupType disabled (e.g. BITS/bits) or if that didnt work sc config "SERVICE-NAME" start=disabled

backup plan #2: Go into safe mode and just do the steps at the beginning.

FooqX avatar Dec 27 '22 17:12 FooqX

@Calinou

FooqX avatar Dec 30 '22 13:12 FooqX

I am pretty busy these days (and don't use Windows actively), so I can't test this extensively to make sure it works as expected. It looks good on the surface but I'm worried about the high number of steps it requires (plus the TrustedInstaller privileges).

Thanks for doing this research effort still :slightly_smiling_face:

Calinou avatar Dec 30 '22 14:12 Calinou

Alright! Btw here's a simplified version (all steps still present, just so you can faster understand this) Important: Disable tampering protection, real-time protection, and everything else in the Windows Security settings (dont touch other settings like firewall or vbs, etc) before proceeding.

  1. Launch regedit with TrustedInstaller privileges using e.g. Winaero Tweaker, AdvancedRun, or look into some cmd/pwsh command. Because otherwise it would throw errors when writing to the registry values, because you have no permissions, even as an Administrator. Also, it will throw write errors even with TrustedInstaller permissions if real-time protection and other settings aren't disabled.

  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender | DisableAntiSpyware (1), DisableAntiVirus (1)

  3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection | DisableRealtimeMonitoring (1), DpaDisabled (1)

  4. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | DisableAntiSpyware (1), DisableRealtimeMonitoring (1), DisableAntiVirus (1)

  5. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | DisableBehaviorMonitoring (1), DisableOnAccessProtection (1), DisableRealtimeMonitoring (1), DisableScanOnRealtimeEnable (1)

  6. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet | SpyNetReporting (0) Optional: Open taskschd.msc, Task Scheduler Library => Microsoft => Windows => Windows Defender, and disable everything. Note: 2. step may reset after a big windows update and you may have to redo it again, but after that it surely disables completely (even the AntiMalwareService executable, and in services, the defender service is stopped and startup type is Manual)

FooqX avatar Dec 31 '22 09:12 FooqX

Update: Works in Windows Insiders Beta build, and on the 23H2 version. Works as expected! Update 2: Works in Windows Insiders Release Preview build 24H2.

FooqX avatar Mar 21 '24 17:03 FooqX

image

FooqX avatar Mar 21 '24 17:03 FooqX