Can't disable Windows Defender via Group Policy or the Registry

This didn't work; Windows Defender, and it's modules, remained active.

I tried disabling it via the Registry, adding the following key with a value of 1 , but received Error while renaming :

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware 

Has Microsoft changed something in the latest release that prevents users from turning Windows Defender off?

10 Answers 10

I found the solution. It turns out that Windows Defender is so ingrained within Windows 10 that it comes with its own "anti-tamper" protection.

This does two things: prevents you from creating the registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender by giving you a generic error message and also renders the group policy change ineffective.

In order to disable this, I had to follow these instructions:

1. Go to Virus & threat protection
2. Click on Manage Settings
3. Turn off Tamper Protection
4. Proceed to enable the group policy Turn off Windows Defender Antivirus in Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus or add the registry key.
5. Restart PC

Note: Some versions of W10 do not have group policy editor, in this case you will have to edit the registry manually.

The group policy and the DisableAntiSpyware registry key are now deprecated. Windows reset them automatically after restart.

In Windows 10 21H1 switching Tampering protection off in Security Center widget and then setting Turn off Microsoft Defender Antivirus policy in gpedit.msc results in:

• Registry setting for this policy DisableAntiSpyware=dword:00000001 disappears immediately. Despite that:
• Virus protection does switch off;
• Switching virus protection off retains after rebooting;
• Microsoft Defender's services still run and protect their registry settings so you cannot edit them;
• To switch virus protection back on use Windows Security widget.

So this method switches off virus protection but not Defender's services.

Another way to switch off Microsoft Defender with different results:

1. Disable Windows Security Center (wscsvc) service using registry editor : set "Start" to 4. It is impossible (I didn't manage) to change this value via Services snap-in, "sc" utility etc.
2. Reboot.
3. Run gpedit.msc and set Turn off Microsoft Defender Antivirus policy setting to "On". After few seconds Microsoft Defender Antivirus (WinDefend) service start value automatically changes from 2(auto) to 3(manual).

• Now magically I can edit Microsoft Defender's registry values, protected before disabling Security Center. For example it is now possible to set WinDefend service "Start" value to 4(disabled) as well as other Defender's services e.g. Windows Defender Advanced Threat Protection Service (Sense) etc;
• Turn off Microsoft Defender Antivirus policy and it's registry value retain;
• If I set Security Center service "Start" value back to 2(automatic) and reboot, Turn off Microsoft Defender Antivirus policy setting and it's registry value retain also;
• I cannot switch virus protection back on in Windows Security widget: virus protection settings are now inaccessible. Instead I see that "Your antivirus protection settings are managed by your organization". So policy does work!
• To return all virus protection settings back I must go to gpedit.msc and set Turn off Microsoft Defender Antivirus policy back to "Unconfigured". After some short time registry "Start" value of Microsoft Defender Antivirus (WinDefend) service automatically changes to 2(auto). Then this service starts. Access to virus protection settings in Windows Security widget returns. Registry settings of Defender's services become protected and uneditable again.

This Microsoft article says that Turn off Microsoft Defender Antivirus policy ( DisableAntiSpyware=dword:00000001 ) since recently works only on servers, not on clients. But in fact it works on clients but in pretty sophisticated way:)