How to Turn Off Real Time Protection Windows 10 Permanently
Microsoft Defender is in Windows 11 the default anti-virus/malware solution just like it was in Windows 10. It protects your computer against malware and virus threats. Even though it's one of the best antivirus solutions on the market today, you still might want to turn off Windows Defender for testing purposes or on devices that are not connected to the internet.
Keep in mind that Windows Defender is turned off automatically when you install another antivirus application. So you don't need to worry about that.
In this article, I will explain how you can fully turn off Windows Defender in Windows 11 and how to stop it temporarily.
Turn Off Windows Defender Temporarily
We are first going to take a look at how to stop Windows Defender temporarily. In Windows 11 we will need to open the Windows Security app for this.
- Open the Start Menu
- Type Windows Security
- Open the Windows Security App
- In the Windows Security screen open the Virus & Threat protection.
- Click on Manage Settings under Virus & Threat protection settings
We can now disable the Real-time protection which should be enough for most testing purposes. When you turn it off you will get a warning, just click yes to disable the Windows Defender.
The Real-time protection will automatically turn back on after a short time. If you open the task manager you will see that the Microsoft Defender Antivirus service is still running. Also when you reboot your computer the process is automatically started again.
Disable Windows Defender in Windows 11 Permanently
Permanently disabling Windows Defender can be challenging. Methods that worked in Windows 10 don't seem to work in Windows 11 anymore. I have tested pretty much every possible method that was described for Windows 10, but every time Windows Defender was able to automatically start up again.
I have tried disabling Windows Defender with:
- gpedit – The setting Turn off Microsoft Defender Antivirus is reset after reboot
- Disabeling the services from the startup – Settings are reverted within 2 minutes after reboot
- Removing the Wdboot driver – Setting is reverted as well
I have two options that seem to work and last. The first is through taking ownership of the Windows Defender executable and removing all permissions from it. This way the system principal can't start the Microsoft Defender services.
The second option is by editing a couple of registry items, which disable the startup of services related to Windows Defender.
Step 1 – Boot into Safe Mode
The first step is to boot into Safe Mode. Without Safe Mode, we can't take ownership of the MsMpEng.exe file.
- Press Windows key + R to open the run dialog
- Type msconfig and press enter
- Select the boot tab
- Under Boot opties enable "Safe boot"
- Press Ok and restart your computer
Step 2 – Take Ownership of Defender
The next step is to take ownership of the Windows Defender application folder. This way we can hopefully also prevent any updates from Defender.
- Open Explorer
- Navigate to c:\programdata\Microsoft\Windows Defender\
- Open the properties of the folder Platform (right-click > select properties)
- Select the Security tab
- Click on Advanced
- Change the Owner
- Click on Advanced > Find Now and select Administrators
- Click Ok (twice) to take ownership
Step 3 – Remove All Permissions
We now have ownership of the Windows Defender application. All we now need to do is remove all users/principals from the list.
- Select each Permission entry
- Click Remove
- Do that for all users/entries in the list
- Make sure you select Replace owner on subcontainers and objects
- Select Replace all child object permi…
- Click Apply
Step 4 – Disable Safe boot and reboot
To reboot back to the normal version of Windows 11 we need to disable the safe boot option. Open MSConfig again and remove the safe boot option:
- Windows key + R
- Type msconfig <enter>
- Open the tab Boot
- Unselect safe boot
- Restart your computer
If you now open the Windows Security app in Windows 11 you will see that Virus & Threat Protection is completely gone.
Using RegEdit to disable Windows Defender in Windows 11
An alternative way to disable Windows Defender in Windows 10 or 11 is to use the registry. For this, you will also need to boot into safe mode. Follow step 1 from the previous chapter to boot into safe mode.
Once booted in safe mode:
- Press Windows key + R
- Type regedit <enter> to open the registry
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
- Change the following folders the key Start to 4
- Sense
- WdBoot
- WdFilter
- WdNisDrv
- WdNisSvc
- WinDefend
Follow step 4 from the previous chapter to reboot Windows back to normal mode.
Revert the change
If you no longer want to disable Windows Defender you can easily revert the change. You will need to restart into safe mode again and give System and TrustedInstaller full access permission on the Platform folder.
Wrapping Up
Keep in mind that you are vulnerable to virus and malware infection without an antivirus application. I don't recommend disabling defender purely because it takes too much CPU. If you find that Windows Defender is consuming too many resources then try another antivirus solution.
How to Turn Off Real Time Protection Windows 10 Permanently
Source: https://lazyadmin.nl/win-11/turn-off-windows-defender-windows-11-permanently/