18

I'm running Windows 10 and I I don't want an antimalware. I know what I'm doing and I'm not gonna be downloading torrents or random exe's from sites I don't know. So far I tried turning off Windows Defender, but the process is still running.

My last resort would be deleting MsMpEng.exe from C:\Program Files\Windows Defender.

If I try to end it from Task Manager, it says "The operation could not be completed... Access is denied"

And turning it off from the Windows Defender app did not work either, as it is not Windows 7 or Windows 8.1, and if I turn it off from there it kept running.

Kirill2485
  • 1,047
  • 7
  • 17
  • 34
  • I did this https://superuser.com/questions/494163/disabling-microsoft-antimalware-service/1669084#1669084 There is probably a better way, and I don't know how permanent this will be either. – Xantium Aug 12 '21 at 18:18

1 Answers1

11

To disable the Defender run regedit.exe, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender, take ownership of this registry key (inside regedit.exe (still applies to Windows 10) or via the 3rd party tool RegOwnershipEx) and set the values DisableAntiSpyware and DisableAntiVirus both to 1.

enter image description here
click to enlarge

Note, if you only see 1 of the values, change this one.

In newer Windows 10 Versions (1703, 1709, 1803) you need to go key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender, create a DWORD DisableAntiSpyware and set it to 1:

enter image description here

Attention: DisableAntiSpyware is ignored for Windows 10 (1903 and newer versions) since August 2020:

DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we’ve decided to remove this registry key. This change is included with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher KB 4052623. Enterprise E3 and E5 editions will be released at a future date. Note that this setting is protected by tamper protection. Tamper protection is available in all Home and Pro editions of Windows 10 version 1903 and higher and is enabled by default. The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus.

magicandre1981
  • 97,301
  • 30
  • 179
  • 245
  • 2
    This doesn't work. `Cannot edit DisableAntiSpyware: Error writing the value's new contents.` – Steven Lu Mar 20 '18 at 04:12
  • @StevenLu I added the solution for latest Windows 10 builds. – magicandre1981 Mar 20 '18 at 16:20
  • After doing this as well as switching Realtime protection off in the Windows Defender Settings, it seems that the process has gone away. I am happy now. Thanks. – Steven Lu Mar 20 '18 at 17:54
  • For me, no matter what permissions I set, I still get access denied. I've seen a lot of similar hits on google for people giving themselves full permissions and still not being able to edit the key. I haven't been able to find a solution. – NibblyPig Feb 02 '20 at 19:09
  • @NibblyPig [try Winaero Tweaker](https://winaero.com/blog/winaero-tweaker-0-16-1-is-out/) – magicandre1981 Feb 03 '20 at 15:37
  • Didn't work for me. Tried turning off the scheduled tasks related to windows defender. Disabling protection in settings. I get the cannot edit error in regedit. Did the updated Win 10 reg value to disable. Tried a file deletion tool that required a reboot to delete MsMpEng.exe. Tried disabling the services. Going to boot in safe mode and see what I can do. – brettville May 21 '20 at 17:23
  • @StevenPenny have you tried the second key location? – magicandre1981 Jun 22 '20 at 17:09
  • I fix like this https://superuser.com/a/1562968 – Zombo Jun 22 '20 at 17:14
  • "Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program." Shouldnt this be trivial to fake? We just need to install a fake antivirus app? How does it know this? – Victorio Berra Dec 07 '20 at 21:33
  • the AV suites use an API to tell Windows that they are a AV suite and can turn off Defender. But this is not documented and not released to public. – magicandre1981 Dec 08 '20 at 05:52
  • I came back here with a new windows install (this time version 2004) and not only did this not work, neither did the updated information. I posted an answer here https://superuser.com/a/1623868/98199 for how i resolved it. They renamed it again. I think the group policy is the best way to get this turned off, since you can turn off real-time protection, but it will come back after a while (even without a reboot!) so this permanent method really is necessary. – Steven Lu Feb 06 '21 at 04:37