Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to permanently disable Windows Defender Real Time Protection with GPO? [closed]

Tags:

I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO, Real-Time Protection is shown as off. However after a reboot the Protection is magically enabled again.

GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.

In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.

I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.

like image 389
joe-jeff Avatar asked Jun 03 '20 13:06

joe-jeff


People also ask

How do I permanently close real-time protection?

Select Start and type "Windows Security" to search for that app. Select the Windows Security app from the search results, go to Virus & threat protection, and under Virus & threat protection settings select Manage settings. Switch Real-time protection to Off.

How do I turn off real-time protection in group policy?

To disable real-time protection in Group policy In the left pane of Local Group Policy Editor, expand the tree to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection.

How do I stop real-time protection from turning back on automatically?

Under Virus & Threat protection, click on Manage Settings. Tamper Protection should be turned on by default. Click on Tamper Protection and set it to off.

How do I enable permanently disabled Windows Defender?

You can access it by going to “Start -> Settings -> Privacy & security.” Select “Windows Security” or “Windows Defender,” depending on your version of Windows. In Windows 10, you'll see an option to turn off different options.


1 Answers

In newer versions of Windows, Group Policy settings for Microsoft Defender are reverted back.
To prevent this, before changing them:

  1. Open Resource Monitor (type resmon.exe in the search box)
  2. Overview
  3. Find MsMpEng.exe in the list
  4. Right-click > Suspend Process

In Windows 10 1903, Tamper Protection was added.
Tamper Protection must be disabled before changing Group Policy settings, otherwise these are ignored.

  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

To permanently disable real-time protection:

  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  3. Enable Turn off real-time protection
  4. Restart the computer

To permanently disable Microsoft Defender:

  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  3. Enable Turn off Microsoft Defender Antivirus
  4. Restart the computer
like image 170
Atom 12 Avatar answered Sep 18 '22 17:09

Atom 12