How to Permanently Disable Microsoft Defender Antivirus on Windows 11 and 10

Microsoft Defender is the built-in antivirus program on Windows 10/11 and Windows Server that is enabled and configured by default. In this article, we’ll look at how to turn off Microsoft Defender on Windows 11 completely or suspend it.

When you install a third-party antivirus in Windows 10 or 11, the built-in Microsoft Defender Antivirus is automatically disabled. In some cases, it doesn’t happen and you may need to disable Microsoft Defender manually.

Contents:

• Turn off Defender Antivirus Protection on Windows 11 and 10
• How to Disable Microsoft Defender Antivirus in Windows 11 Permanently?

Turn off Defender Antivirus Protection on Windows 11 and 10

In some cases, you may need to suspend Microsoft Defender Antivirus protection without affecting important system services. For example, when Microsoft Defender prevents a system program or tool from running or installing. To run such an app, you have to stop Windows Defender Real-time Protection.

1. Open Settings -> Privacy and Security -> Windows Security  (or run a quick access URI command: ms-settings:windowsdefender ) in Windows 11;
   
   If the Microsoft Defender Security app doesn’t open or shows a blank screen, you can fix it by reinstalling Microsoft.SecHealthUI UWP app.
2. Open Virus and threat protection and click Manage Settings; 
3. Move the Real-time protection toggle to Off. 
4. Confirm that you want to stop antivirus protection in the UAC prompt.

To resume Windows Defender protection, move the toggle to On. Also, Microsoft Defender Real-time Protection is enabled automatically after you restart the computer.

You can use the following PowerShell command to disable real-time protection (see how to manage Windows Defender settings using PowerShell):

Set-MpPreference -DisableRealtimeMonitoring $true

However, this command doesn’t work as expected in Windows 11 and the latest Windows 10 builds. The matter is that in Windows 10 1903 or later, a new Microsoft Defender feature is enabled by default: Microsoft Defender Tamper Protection.

Tamper protection provides additional protection for core Microsoft Defender security features. In particular, it prevents unauthorized changes of antivirus settings, suspension of real-time protection, and disabling of cloud protection. If the Tamper Protection is enabled, you won’t be able to disable Real-Time Protection in Microsoft Defender using PowerShell.

You can only disable Tamper Protection manually from Windows Security GUI. Navigate to Virus and threat protection section, scroll down and switch the Tamper Protection toggle to Off.

After disabling Tamper Protection, you will be able to disable Microsoft Defender Real-time Protection using the PowerShell command shown above.

How to Disable Microsoft Defender Antivirus in Windows 11 Permanently?

In earlier Windows 10 builds and in Windows Server 2016, you could completely disable Windows Defender using the Turn off Windows Defender Antivirus GPO option located in Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender Antivirus section of the Local Group Policy Editor (gpedit.msc) or using the DisableAntiSpyware registry parameter under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender:

New-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force

Also, you can disable Real-Time Protection using the GPO option Turn on behavior monitoring or with the registry parameter DisableBehaviorMonitoring =1.

Starting from Windows 10 1903 release, you cannot use these GPO options or registry parameters to disable Microsoft Defender, because these settings are shielded by Tamper Protection. The methods previously used to disable Microsoft Defender Antivirus don’t work on Windows 11.

To completely disable Windows Defender Antivirus on Windows 11, you need to boot your computer to Safe Mode.

1. Run msconfig;
2. Go to the Boot tab;
3. Select Safe boot -> Minimal in the boot options section;
4. Click OK and restart your computer. 
5. Your computer will boot into Safe Mode;
6. Then open the Registry Editor (regedit.exe), go to the reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and disable the startup of the following services:
   • Sense
   • WdBoot
   • WdFilter
   • WdNisDrv
   • WdNisSvc
   • WinDefend

   To do it, change the Start parameter value to 4. 

   Change the Start value for all services specified above manually or using the following PowerShell script:
   $regpath='HKLM:\SYSTEM\CurrentControlSet\Services'
Set-ItemProperty -Path ($regpath+"\WinDefend") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\Sense") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdFilter") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdNisDrv") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdNisSvc”) -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdBoot") -Name Start -Value 4


   To re-enable Microsoft Defender in Windows, set the following default values of the Start registry entry for services:

   • Sense — 3
   • WdBoot — 0
   • WdFilter — 0
   • WdNisDrv — 3
   • WdNisSvc — 3
   • WinDefend — 2
7. Run msconfig and disable the Safe Mode. Then restart your computer and boot as usual;
8. Disable the following four tasks in Task Scheduler (taskschd.msc): Microsoft –> Windows –> Windows Defender. 
   Get-ScheduledTask “Windows Defender Cache Maintenance” | Disable-ScheduledTask
Get-ScheduledTask “Windows Defender Cleanup” | Disable-ScheduledTask
Get-ScheduledTask “Windows Defender Scheduled Scan” | Disable-ScheduledTask
Get-ScheduledTask “Windows Defender Verification” | Disable-ScheduledTask

You can disable the Scheduler tasks using PowerShell.

Run the Windows Security app and make sure that Microsoft Defender Antivirus is now disabled. You should see the message: Threat service has stopped. Restart it now. 

So we have looked at how to disable Microsoft Defender Antivirus on Windows 10 and 11.