Microsoft Defender Antivirus (Windows Defender) is the built-in antivirus in Windows 10/11 and Windows Server, enabled and configured by default. This article explains how to completely disable Microsoft Defender in Windows 11 or temporarily pause it.
In Windows 11 and 10, installing a third-party antivirus should automatically disable the built-in Microsoft Defender. In some cases, this does not happen automatically, and you may need to manually disable Microsoft Defender.
In certain scenarios, you may need to temporarily disable Microsoft Defender protection without affecting critical system services. For example, when running or installing a system application or utility that is blocked by Microsoft Defender, you need to pause real-time protection.
Temporarily Pausing Microsoft Defender Protection in Windows 11 and 10
1. Navigate to the following settings section in Windows 11:
Settings > Privacy & Security > Windows Security > Open Windows Security
Or use the quick access command: ms-settings:windowsdefender.
2. Open the Virus & Threat Protection section.
3. Click Manage settings under Virus & Threat Protection Settings.
4. Toggle the Real-time protection switch to Off.
5. Confirm pausing antivirus protection in the UAC privilege elevation prompt.
To restore Windows Defender protection, toggle the switch back on. Real-time protection for Microsoft Defender will also automatically re-enable after a system restart.
6. You can also disable Windows Defender using a PowerShell command, but you must first disable Tamper Protection, located in the same section as Real-time protection, slightly further down. Tamper Protection provides additional security for core Microsoft Defender components, preventing unauthorized changes to antivirus settings, pausing real-time protection, or disabling cloud protection.
After disabling Tamper Protection, run the following PowerShell command:
Set-MpPreference -DisableRealtimeMonitoring $true
In earlier versions of Windows 10 and Windows Server 2016, you could fully disable Windows Defender using the Group Policy setting Turn off Microsoft Defender Antivirus located in Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus via the Local Group Policy Editor (gpedit.msc).
Alternatively, you could use the DisableAntiSpyware registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender, corresponding to this policy:
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -ForceTo disable real-time protection, the Turn off Microsoft Defender Antivirus policy or the DisableBehaviorMonitoring = 1 registry key in the same registry branch was used.
However, starting with Windows 10 version 1903 and in Windows 11, these Group Policy settings and registry keys no longer work for disabling Microsoft Defender due to the new Tamper Protection feature (described above). Methods previously used to disable Microsoft Defender Antivirus are no longer effective in these Windows versions.
Completely Disabling Microsoft Defender via Registry and Safe Mode
To fully disable Windows Defender components, boot your computer into Safe Mode:
1. Launch the msconfig utility.
2. Go to the Boot tab, select Safe boot > Minimal, and restart the computer.
3. Open the Registry Editor (regedit.exe).
4. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and disable the startup of the following services:
– Sense
– WdBoot
– WdFilter
– WdNisDrv
– WdNisSvc
– WinDefend
Set the Start parameter to 4 for each service.
Alternatively, modify the Start parameter for these services using the following PowerShell script:
$regpath='HKLM:\SYSTEM\CurrentControlSet\Services'
Set-ItemProperty -Path ($regpath+"\WinDefend") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\Sense") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdFilter") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdNisDrv") -Name Start -Value 4
Set-ItemProperty -Path ($regpath+"\WdNisSvc") -Name Start -Value 4
To re-enable Microsoft Defender in Windows, set the following default Start values for each service:
– Sense — 3
– WdBoot — 0
– WdFilter — 0
– WdNisDrv — 3
– WdNisSvc — 3
– WinDefend — 2
5. Run msconfig, disable Safe Mode, and restart the computer in normal mode.
Disabling Windows Defender Scheduled Tasks
Open Task Scheduler using taskschd.msc or search for “Task Scheduler”.
Disable all four tasks in the Microsoft > Windows > Windows Defender section.
Alternatively, disable the scheduled tasks using PowerShell:
Get-ScheduledTask "Windows Defender Cache Maintenance" | Disable-ScheduledTask
Get-ScheduledTask "Windows Defender Cleanup" | Disable-ScheduledTask
Get-ScheduledTask "Windows Defender Scheduled Scan" | Disable-ScheduledTask
Get-ScheduledTask "Windows Defender Verification" | Disable-ScheduledTask
Launch the Windows Security app and verify that Microsoft Defender is now disabled. You should see the message: Real-time protection is off. Your device is vulnerable.
By following this guide, you can either temporarily or permanently disable Microsoft Defender in Windows 11 and Windows 10.
