I can't find any information on how to disable Windows Defender in Windows 10. There is some information about how to do it in the previews, but the configuration pages have changed with the final release.
Specifically, I want to stop and disable the Windows Defender Service.
- Using
net stop windefend
from an elevated command prompt gives 'access denied' - Stop and startup type are greyed out in sevices.msc, even when logged on as administrator
- There doesn't seem to be a GUI way to disable UAC in Windows 10
Has anyone figured out how to disable Defender in Windows 10?
Todd WilcoxTodd Wilcox48611 gold badge55 silver badges1414 bronze badges
11 Answers
Sonic adventure 2 ancient light. You are able to do this using a Group Policy.
open
gpedit.msc
navigate to
Computer Configuration > Administrative Templates > Windows Components > Windows Defender
Turn off Windows Defender
= EnabledIf you then try to open Windows Defender you'll see this:
And even though in Settings it may appear to be on, the Service is not running:
more info:
and http://www.download3k.com/articles/How-to-Turn-Off-Windows-Defender-Permanently-in-Windows-10-01350
Aaron HoffmanAaron Hoffman
I found another way using the registry.
Using this article, I changed the startup type for the Defender services and drivers (!!) in the registry while logged on as an administrator. Here's a brief run-down:
- Browse the registry to
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
. - Look for services starting with 'wd' that have 'Windows Defender' in the Description value. A possibly incomplete list is: wdboot, wdfilter, wdnisdrv, wdnissvc, windefend.
- Change the
Start
value for each service to0x4
(hex 4, decimal 4). - Reboot.
48611 gold badge55 silver badges1414 bronze badges
- Extract
- Double-click
DisableDefender.reg
By far the most effective and clean way to permanently disable Windows Defender in Windows 10 is via Group Policy, as described by Aaron Hoffman. Unfortunately, Windows 10 Home lacks the necessary tools.
Here's a registry file that contains the changes made by gpedit.msc on a Windows 10 Pro machine. It's been tested on Windows 10 Home as well. Save the file as
DisableDefender.reg
with Windows-style line endings and double-click it to import it into your registry.If you ever want to re-enable Defender, change
00000001
to 00000000
on both lines.You can download the files to disable and re-enable defender from Gist.
ZenexerZenexer86711 gold badge88 silver badges1717 bronze badges
To disable Windows Defender completely (not just the Real-Time protection) you can:
- Install another security suite (as Ramhound mentioned).
- If you're willing to use a third party application, you could use NoDefender: http://msft.gq/pub/apps/NoDefender.zip
More information about NoDefender can be found here: http://winaero.com/blog/nodefender-disable-windows-defender-in-windows-10-with-few-clicks/
user5071535user5071535
I have written the batch file and registry files that should completely disable Windows Defender in Windows 10. Download game burnout paradise pc.
- Save the following files into the same folder.
- Run
Disable Windows Defender.bat
as administrator. - After the batch file is done, restart.
- Run
Disable Windows Defender.bat
again as administrator. - Windows Defender should be completely disabled now.
Disable Windows Defender.bat
Disable Windows Defender objects.reg
Disable Windows Defender features.reg
Disable Windows Defender services.reg
OwnRegistryKeys.bat
OwnRegistryKeys.ps1
73411 gold badge99 silver badges1919 bronze badges
The easy powershell method is here from an answer I posted on a question later marked duplicate for this.
The easiest way to do this would be to use powershell to disable it, the command you probably want is this
For an article on using powershell to disable/enable Windows Defender check here: http://wmug.co.uk/wmug/b/pwin/archive/2015/05/12/quickly-disable-windows-defender-on-windows-10-using-powershell
![Windows Defender Greyed Out Windows Defender Greyed Out](/uploads/1/2/3/7/123708492/881337951.jpg)
Here is the technet article for a more detailed look at available defender cmdlets: https://technet.microsoft.com/en-us/library/dn433280.aspx
AbraxasAbraxas3,36444 gold badges2121 silver badges3939 bronze badges
It would be helpful to understand why you cannot stop a particular service.
- I'm the administrator; worse than failure can't the Administrator administrate?!
It's because of the security permissions on the WinDefend service.
Note:
WinDefend
is the actual name of the 'Windows Defender Antivirus Service'If you run from a command line:
where
sdshow
means 'Displays a service's security descriptor.'
You'll get the security descriptor:
This is quite the ugly blob, and it's completely undocumented by Microsoft, but we'll have a stab at decoding it. First by word-wrapping:
The
D:
means this is a discretionary access control list. An Access Control List is made up of a number of Access Control Entries (ACE):D:
discretionary access control list- ACE1:
A;;CCLCSWRPLOCRRC;;;BU
- ACE2:
A;;CCLCSWRPLOCRRC;;;SY
- ACE3:
A;;CCLCSWRPLOCRRC;;;BA
- ACE4:
A;;CCLCSWRPLOCRRC;;;IU
- ACE5:
A;;CCLCSWRPLOCRRC;;;SU
- ACE6:
A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
- ACE7:
A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736
- ACE1:
Each ACE is a set of 5 semicolon terminated settings, followed by who it applies to.
Looking first at who they apply to, a random blog article decode some of them(archive.is):
BU
: Built-in usersSY
: Local SystemBA
: Built-in administratorsUI
: Interactively logged-on userSU
: Service logon userS-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
: Trusted InstallerS-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736
:
You can get the name associated with an SID by running:
Each ACE contains a list of permissions that the user is being allowed or denied.
D:
discretionary access control list- ACE 1:
A;;CCLCSWRPLOCRRC;;;
Built-in users - ACE 2:
A;;CCLCSWRPLOCRRC;;;
Local system - ACE 3:
A;;CCLCSWRPLOCRRC;;;
Built-in administrators - ACE 4:
A;;CCLCSWRPLOCRRC;;;
Interactive user - ACE 5:
A;;CCLCSWRPLOCRRC;;;
Service logon user - ACE 6:
A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;
Trusted installer - ACE 7:
A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;
S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736
- ACE 1:
Breaking down the remaining semicolon separated sections in an ACE:
- ACE:
A;;CCLCSWRPLOCRRC;;;
- AceType:
A
ACCESS_ALLOWED_ACE_TYPE - AceFlags: (none)
- AccessMask:
CC LC SW RP LO CR RC
CC
: CREATE_CHILDLC
: LIST_CHILDRENSW
: SELF_WRITERP
: READ_PROPERTYLO
: LIST_OBJECTCR
: CONTROL_ACCESSRC
: READ_CONTROL
- ObjectGuid: (none)
- InheritObjectGuid: (none)
- AceType:
The leading
A
means Allowed, and the permissions are two-letter codes:D:
discretionary access control list- ACE 1: Allow,
CC LC SW RP LO CR RC
, Built-in users - ACE 2: Allow,
CC LC SW RP LO CR RC
, Local system - ACE 3: Allow,
CC LC SW RP LO CR RC
, Built-in administrators - ACE 4: Allow,
CC LC SW RP LO CR RC
, Interactive user - ACE 5: Allow,
CC LC SW RP LO CR RC
, Service logon user - ACE 6: Allow,
CC LC SW RP LO CR RC DC WP DT SD WD WO
, Trusted installer - ACE 7: Allow,
CC LC SW RP LO CR RC DC WP DT SD WD WO
, S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736
- ACE 1: Allow,
And this is where i'm going to have to stop to save my work. This detour into how to stop the Windows Defender service is interesting and all: but i've already stopped it, and my PC is still misbehaving.
Spoiler:
- How to specify permissions to services in Windows by using SDDL? *(archive.is)
- How to Convert SID to Username and Vice Versa(archive.is)
- The Security Descriptor Definition Language of Love (Part 2)(archive.is)
- 2.5.1.1 Syntax(archive.is)
13.3k4040 gold badges111111 silver badges164164 bronze badges
I found that the following procedure works well; it doesn't remove or disable Windows Defender, but it disables Windows Defender SERVICE, stops all start-up and real-time scanning, and prevents Windows Defender Real-Time Scan from turning itself back on. (It leaves Windows Defender in-place, so you can use it to perform on-demand scanning of suspicious files.)
PROCEDURE:
- Find, download, install 'SysInternals' program suite.
- Run program 'AutoRuns'.
- Find 'Windows Defender Service'.
- Uncheck the box.
- Restart your computer.
After doing that, my startup time decreased from 20min to 5min, and memory usage after startup (before launching any apps) decreased from 2.1GB to 1.2GB. And when I looked in 'Services', I found that 'Windows Defender Service', while still there, is now marked 'NOT running, Disabled'.
Robbie HatleyRobbie Hatley
![Activate windows defender windows 10 Activate windows defender windows 10](/uploads/1/2/3/7/123708492/616688673.png)
The easiest way I've found is to open an administrator command prompt and run:
Then reboot. I have not been able to find away to shutdown the service once it is started with out a reboot.
jcofflandjcoffland
It is not so easy to reliably and totally disable the Windows Defender. There is a PowerShell script that uninstalls Windows Defender, but you may not be able later to install it back. This script requires two reboots.
Just download the Debloat-Windows-10 and follow these steps, provided by the author:
- Unpack the archive;
- Enable execution of PowerShell scripts:PS> Set-ExecutionPolicy Unrestricted
- Unblock PowerShell scripts and modules within this directory:PS > ls -Recurse *.ps1 | Unblock-FilePS > ls -Recurse *.psm1 | Unblock-File
- Run
scriptsdisable-windows-defender.ps1
- Reboot the computer (either usual way or via the
PS > Restart-Computer
) - Run
scriptsdisable-windows-defender.ps1
one more time. - Reboot the computer again.
This is not the easiest way, but very reliable and resilient.
There are also the scripts to remove unnecessary programs like BingFinance, Skype, OneDrive, etc - if you don't need them.
The archive does also contain lot of scripts that you may find useful.
Please be aware that these scripts irreversible delete files and can delete vital functions of Windows. For example, they may totally disable the Start menu!
Don't run
disable-ShellExperienceHost.bat
from this package, otherwise the Start Menu will stop opening.Maxim MasiutinMaxim Masiutin
I managed to disable it using Autoruns; under the services tab there is an entry WinDefend, untick the box and reboot.
FreddyFlaresFreddyFlares
Not the answer you're looking for? Browse other questions tagged windowswindows-10 or ask your own question.
My Surface Pro 4 tablet has been upgraded to Windows 10 Creator Update successfully. Last night I executed an infected exe file stupidly and that make my tablet acting up to pop up dialog and also disable Windows Defender. Then I get Malwarebytes to clean it up completely and re-enable WD in group policy. However, I open the Settings app and go to Updates & security > Windows Defender menu, it shows “some settings are managed by your organization” and the Cloud Protection and Automatic Sample submission are greyed out and set to OFF, while I am able to turn on/off the Real-time protection.
Find Defender On This Computer
The options should be controlled by Group Policy settings, so I press Win + R keys, type gpedit.msc and click OK to access it. I go to Computer Configuration > Administrative Templates > Windows Components, go to the Windows Defender folder, but there is no Policy about cloud protection and all are on Not configured state.
I search on internet and notice that a few people also can not turn on Cloud Based Protection & Automatic sample submission after Windows 10 Creator Update because the options are grep out.
How to fix cloud based protection greyed out in Windows Defender
* First make sure you are signed in as an administrator. For restricted users, those related settings should be greyed out. If you have installed third-part Antivirus software like AVG, disable it and return to check if the options are available.
* Your Windows settings over privacy might be changed by something or during the updating process. O&O Software has released the latest version of O&O ShutUp 10 1.5, It can help you lock down privacy settings in Windows 10 and improve privacy in the new Creator’s Update.
I download the O&O ShutUp 10 tool and install it on my Surface Pro 4 and open it. O&O ShutUp 10 offers a long list of switches, such as tracking of app starts. I click “Undo all changes (factory reset)” button, then my problem is resolved.
How to fix cloud based protection greyed out in Windows Defender
* First make sure you are signed in as an administrator. For restricted users, those related settings should be greyed out. If you have installed third-part Antivirus software like AVG, disable it and return to check if the options are available.
* Your Windows settings over privacy might be changed by something or during the updating process. O&O Software has released the latest version of O&O ShutUp 10 1.5, It can help you lock down privacy settings in Windows 10 and improve privacy in the new Creator’s Update.
I download the O&O ShutUp 10 tool and install it on my Surface Pro 4 and open it. O&O ShutUp 10 offers a long list of switches, such as tracking of app starts. I click “Undo all changes (factory reset)” button, then my problem is resolved.