8

Quite simply I'm looking for a way to disable Microsoft's security essentials service from the command line, you used to be able to run the command (as admin)

net stop MsMpSvc

but that was somehow rendered useless after an update (err 5:access denied) .

I then even ran a shell as 'SYSTEM' user (which is the user that MsMpSvc runs under) but alas still get an access denied message using the commands taskkill (for msmpeng.exe) and stop-service with the -force argument.

Is there a way around this?

Yes I'm aware of the security implications of this

Nifle
  • 34,203
  • 26
  • 108
  • 137
regularjoe
  • 221
  • 2
  • 3
  • 7

6 Answers6

2

The Microsoft Antimalware service is protected in various places against being disabled, because this is an attack vector used by certain types of malware. Unfortunately when we have cause to legitimately disable the service, we are then unable to do so.

Ross Presser
  • 1,401
  • 1
  • 13
  • 19
1

Override the permissions with SubInACL, set the service to manual in the registry, then reboot.

There is no point in killing a service that is designed to not be killed, you disable its boot entry instead.

Tamara Wijsman
  • 57,083
  • 27
  • 185
  • 256
  • My intention was to toggle the service off/on while running Windows. Regardless I have no reason to do this anymore. – regularjoe Jan 04 '16 at 16:50
0

Solution for my Windows 7: How to disable the "culprit" MsMpEng.exe. Backstory: My old Windows 7 drove me nuts executing MsMpEng.exe for hours whenever I started the system. I search the net and tried whatever "solutions" I could find to solve the problem. Nothing worked on this Windows 7. Windows Defender wrongly said it is disabled. Finally my simple solution that worked for me:

  1. Boot to Safe Mode with the usual Windows desktop.
  2. Kill the again running MsMpEng.exe with 100% cpu, which worked.
  3. Remove/Rename C:\Program Files\Microsoft Security Client\MsMpEng.exe
  4. Job done (probably until next update of Windows 7).

Notes

  • Yes, Windows 7 still gets updates.
  • Find out where MsMpEng.exe is really located.
  • All the obvious solutions to disable Windows Defender failed.
  • To schedule when Windows Defender should run failed.
  • After EVERY boot MsMpEng.exe ran for hours until it finished.
  • After I applied my solution I could work normally immediately after every boot.
Alex
  • 1
0

Try using the sc command to configure the state of the service:

sc config MsMpSvc start=disabled

Then if the service is stopped you can use net stop or sc stop to stop the service. It depends on your version of Windows, but you need to ensure that the command prompt was opened with Administrative access:

http://technet.microsoft.com/en-us/library/cc947813%28v=ws.10%29.aspx

Dion Pezzimenti
  • 524
  • 2
  • 9
  • 1
    Thanks but running that as both Administrator and SYSTEM still gets an access denied error. – regularjoe Mar 28 '13 at 17:30
  • You should be able to do it using your own credentials so long as you are a local administrator on the machine. Then start the command prompt with administrative rights by right clicking and selecting 'Run as Administrator'. I tried in on my Win8 laptop and a virtual Server 2008 R2 machine. It executed successfully on both. – Dion Pezzimenti Mar 28 '13 at 17:32
  • Hmm, I'm on win7 so maybe that could be the problem, I tried it with plain old local admin, still errors. – regularjoe Mar 28 '13 at 17:43
  • Well alternatively since CLI isn't working there is always the GUI method: http://www.askvg.com/windows-7-services-that-can-be-safely-set-to-manual/ – Dion Pezzimenti Mar 28 '13 at 17:44
  • Mmm, I want to automate the process. – regularjoe Mar 28 '13 at 17:52
  • Also the GUI route is not possible either. – regularjoe Mar 28 '13 at 18:05
  • That is bizarre! Try it on another machine just for the sake of trying. See if you get similar results on that machine... if you have the resources to try this. – Dion Pezzimenti Mar 28 '13 at 18:05
  • Well I could try it in a virtual machine, I know its not just me there are other posts around the internet about this http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/why-cant-i-control-the-msmpsvc-service/1c7cad27-f7c8-4951-a583-fc4d899d3c61 – regularjoe Mar 28 '13 at 18:14
  • Think about it though. If it were simple to automate the process of disabling, that would open up an attack vector for malware to disable it. – Ross Presser May 02 '17 at 08:54
-2

Open microsoft security essentials

go to settings

press on the tab called "real-time protection"

untick the checkmark box to disable real-time protection

that's it.

Gnurt
  • 1
-2

Disabling MSE does nothing to stop MsMpEng from taking top priority right at start-up and maxing out your computer's CPU and RAM until it's damn good and ready. You cannot change the priority. You cannot temporarily disable it while some other CPU-sucking Microsoft application [e.g. the virus known as Windows Update] is running.

Whoreson.

Wal Ford
  • 1