Video Guide: How to completely Disable Microsoft Defender Antivirus

bob3d said:

The following code (which I did NOT compose) was highly useful in disabling Windows Defender for me. I got it from one of Freebooter's videos:

Code:

:: How to Permanently Disable Windows Defender Antivirus in Windows 11
@Echo Off & Cls
net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)
:_Start
Cls & Mode CON  LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
Echo.
Echo.     
Echo         Type (D) letter to Disable Windows Defender
Echo.     
Echo.       
Echo         Type (E) letter to Enable Windows Defender 
Echo.     
Set /p input=^>
If /i  Not %input%==D (Goto :_Ex) Else (Goto :_Disable)
:_Ex
If /i  Not %input%==E  (Goto :_Start) Else (Goto :_Enable)
:_Disable
PowerShell Checkpoint-Computer -Description "Enable Windows Defender" -RestorePointType "MODIFY_SETTINGS"
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
Cls & Mode CON  LINES=5 COLS=48 & Color 04 & Title - WARNING -
 Echo.
 Echo.
 Echo            Windows Defender Disabled
Ping -n 5  localhost > Nul
Goto :Reboot
:_Enable
 Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"  /f
Cls & Mode CON  LINES=5 COLS=48 & Color E0 & Title - WARNING -
 Echo.
 Echo.
 Echo            Windows Defender Enabled
Ping -n 5  localhost > Nul
:Reboot
Cls & Mode CON  LINES=11 COLS=42 & Color 0E & Title FreeBooter
Echo.
Echo.
Echo    THIS COMPUTER WILL REBOOT
Echo.
Echo.
Echo    PLEASE SAVE ALL WORK IN PROGRESS
Echo.
Echo.
Echo    PRESS 'ENTER' KEY TO RESTART COMPUTER
Pause >Nul
Shutdown  -r  -t 5  -c "REBOOTING SYSTEM" 2>&1 > Nul
Exit

After doing this, I went to Windows\System32\smartscreen.exe and renamed it smartscreen.exe.old since it is part of WIndows Defender and would still run even after all of the above had been performed.

Now I just have my Antivirus of my choice running without having Windows Defender running in the background.

bob

Click to expand...

For this batch script to work, you have to disable Tamper Protection.

bob3d said:

I went to Windows\System32\smartscreen.exe and renamed it smartscreen.exe.old since it is part of WIndows Defender and would still run even after all of the above had been performed.

Now I just have my Antivirus of my choice running without having Windows Defender running in the background.

Click to expand...

thanks for the tip!

OAT said:

Good luck gathering the crowd then.

I suspect the expression of not caring about performance was a bit over the top; I give you that.
Talking about performance, please kindly modify your thread title with the word Video so we don't waste our time trying to help somebody worthy of it.
Thank you.

Click to expand...

I dunno if i qualify as a crowd but maybe a handful more and we got it lolol

ShamrockRig said:

Well heres one, Personally i don't use any AV at all, Windows defender stuff etc is all off. Why you may ask? I personally dont need it, The best AV is the one between you're ears. I know how to keep my house in order without it and touch wood, had more virus's back in the day with av's installed than i do now without it( 0 yes really 0) and thats maybe been since 2016 or so.

Click to expand...

Nonsense - you have just been lucky.

cereberus said:

Nonsense - you have just been lucky.

Click to expand...

Highly doubt that, Isn't unheard of for people not to run AV's. It really isn't rocket science lol.
7 years of rolling luck. Yup...

ShamrockRig said:

Highly doubt that, Isn't unheard of for people not to run AV's. It really isn't rocket science lol.
7 years of rolling luck. Yup...

Click to expand...

10+ years for me.

Gone are the days of XP when you could earn a full time living removing viruses and other malware from people's computers.

LesFerch said:

In general, you shouldn't have to permanently disable Windows Defender. If you choose to use a different AV, it's installer will disable Windows Defender (and re-enable Defender upon uninstall). And if it's a machine set up for some special purpose (maybe where maximum performance is needed), and doesn't need AV (maybe it's totally offline), just disabling Windows Defender's real time protection should be sufficient.

I can't think of any common scenario where Windows Defender really needs to be disabled, but I'm sure there are some niche reasons.

Edit: I see from Spartan's answer that other AV solutions may not totally disable all Windows Defender services. That's something I've never checked closely. Good to know.

Click to expand...

Spartan said:

PS: and here's the link about protection you asked for: Comparison

Click to expand...

Blimey ! Kaspersky stands first !

cineman195 said:

Blimey ! Kaspersky stands first !

Click to expand...

comparisons are 100% useless as these are always made in the past -- any new threat can be "released" at any time. WD is really for domestic machines on the latest versions of W11 as good as it gets - and its real time protection is also good. It's based on the security provided by Ms s Azure cloud servers which now have US military and NSA certification - so you won't get much better than that -- at least on domestic machines.

Unless you are 100% paranoid don't bother with 3rd party stuff whether paid for or not. If it helps "peace of mind" then that's a different argument - but as a technical improvement it's not.

If you have highly sensitive material keep it off the net if you are worried -- and if you need to distribute it - either do it personally or use the old fashioned "Snail Mail". In most countries even J.C himself couldn't find a specific package once it's gone into the mail.

As the Ukranians are showing in their war with Russia -- old fashioned "Analog" systems can still be unbelievably effective even in a high speed digital age.

I loved that pic of them shooting down a Russian drone with an old fashioned wooden crossbow -- the drone's radar couldn't detect the heat pattern that a missile would have generated or employ electronic counter measures against a missile's targeting system


Cheers
jimbo

Stigg said:

10+ years for me.

Gone are the days of XP when you could earn a full time living removing viruses and other malware from people's computers.

Click to expand...

Exactly! Could even earn a good living on the old sevenforums security section when it was relevant haha, But especially since then its gotten so so much better. im gonna say that 97% of virus's give or take are user error, it generally 9/10 really is lack of knowledge on the users part.