In this blog post, we will look at how to turn off Microsoft Defender using Group Policy on Windows devices. In general, disabling or turning off Microsoft Defender (previously Windows defender) is not encouraged by Microsoft, which is why the process is intentionally more difficult. If you turn off Microsoft Defender Antivirus real-time protection manually, it will be re-enabled the next time you reboot your device. Even if you create a Group Policy to disable this setting, it may be ignored if Tamper Protection is enabled in the security settings.
Disabling Microsoft Defender is not something you would normally do on client devices, as it plays an important role in protecting your system against threats, malware, and viruses. It is generally recommended to keep it running unless you have a valid reason to turn it off. Such as when another antivirus solution is being used in a managed environment or when working in a lab environment where turning it off has no impact on data or users. If you encounter issues executing files from specific locations, you can exclude a folder or file from Defender scans instead of disabling Microsoft Defender entirely.
Contents
Turn Off Microsoft Defender using GPO
To turn off Microsoft Defender using GPO, follow below steps:
- Login to a domain control with domain administrator privileges.
- Open Group Policy Management Console (gpmc.msc).
- Right-click on Group Policy Object > New and provide the name of group policy object, e.g., disabling defender. Click OK.
As previously mentioned, the steps to disable Microsoft Defender using Group Policy may not work if Tamper Protection is enabled on the target device. If you are managing your devices using Microsoft Defender for Endpoint, you may be able to use the Defender portal to disable it. Microsoft does not provide any Group Policy, Intune policy, or registry changes to disable tamper protection.
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection and Enable the setting Turn off real-time protection.
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus and Enable the setting Turn off Microsoft Defender Antivirus.
Turn Off Microsoft Defender Manually
If you are performing testing on a computer and want to turn off Microsoft Defender temporarily, you can make this change manually. Let’s go through the steps.
- Turn off Tamper Protection. Open Windows Security > Virus & threat protection > Click Manage settings under Virus & threat protection settings. Scroll down on the page to find Tamper Protection. Use the toggle switch to turn it off.
Tamper protection is a capability in Microsoft Defender for Endpoint that helps protect certain security settings, such as virus and threat protection, from being disabled or changed.
- Run the following command to turn off Microsoft Defender real-time protection. After executing the command, go back to the Virus & threat protection settings to confirm that real-time protection is turned off.
Set-MpPreference -DisableRealtimeMonitoring $true
- To enable Real-time protection again, run below command:
Set-MpPreference -DisableRealtimeMonitoring $false