Disable Windows Defender in Windows 11
- Thread starter jlsupremo
- Start date
Hellbovine
Well-Known Member
1) Manually open security center and turn off "Real time scanning" and "Tamper protection".
2) Save a .reg file to your desktop that has the 3 policy keys that Garlin put together. Double click it, then click yes/okay to install those keys.
3) Reboot the computer, then see if Defender is disabled now.
4) You can also try disabling both the visible services as well as the hidden services too, I think there are 5 in total? Look for WdFilter, WdNisDrv, WdNisSvc, Sense, WinDefend.
5) You could also use NTLite and just fully remove Defender entirely instead of disabling it.
2) Save a .reg file to your desktop that has the 3 policy keys that Garlin put together. Double click it, then click yes/okay to install those keys.
3) Reboot the computer, then see if Defender is disabled now.
4) You can also try disabling both the visible services as well as the hidden services too, I think there are 5 in total? Look for WdFilter, WdNisDrv, WdNisSvc, Sense, WinDefend.
5) You could also use NTLite and just fully remove Defender entirely instead of disabling it.
Last edited:
NTLite already sets
DisableRealtimeMonitoring
DisableBehaviorMonitoring
DisableScanOnRealtimeEnable
DisableOnAccessProtection
TamperProtection
DisableAntiSpyware (not DisableAntiVirus as far as I know, but I see online there is confusion around that, so do let me know of any references)
All of this in Windows Defender Disable in Settings.
It's just that no one reads the warning on the Apply page Preview before processing:
First disable Tamper Protection manually in settings, reboot, yes, reboot. Then reload C:\Windows with NTLite and disable Defender with that single option.
Either way, the reg file works. But order of execution is important.
Unless the Tamper Protection flag is disabled in the image, after the system boots there is no way to change it outside of the Security Center (and rebooting). Therefore the reg file must be integrated in the image, and not applied in Post-Setup.
When Tamper Protection is enabled, all the other Defender settings can't be touched by command line. A reboot is always required since tamper protection is applied at boot time.
Unless the Tamper Protection flag is disabled in the image, after the system boots there is no way to change it outside of the Security Center (and rebooting). Therefore the reg file must be integrated in the image, and not applied in Post-Setup.
When Tamper Protection is enabled, all the other Defender settings can't be touched by command line. A reboot is always required since tamper protection is applied at boot time.
Sorry I didn't fully understand, but I need to clear the doubt I'm doing this in an iso image, so first I need to check the tamper protection option - disable.
after disassembling the image, reassembling it to disable the other windows defender options? I'm not using the registry file, I'm simply turning off everything in the Windows Defender option in Ntlite.
ddlnegocios
Member
Allright... I'll start over again. I extracted my untouched install.wim file (W11 23H2); downloaded the Reg File and I'm going to Add it as you taught here.
ddlnegocios
Member
ok
ddlnegocios
Member
Hi...
Three validated alternatives to Disable Defender in Windows 11 - all versions. Make sure to read everything.
All thanks to Pureinfotech, Garlin and Windows OS Hub. I only put them all together in one single post and adapted the methods to NTLite procedures.
Open NTLite and Load your install.wim file.
► METHOD 1: Integrating Registry Entries - #1 Easiest way [No Services Deactivation]
Based in disabling Tamper Protection and 12 Defender Settings. Integrate the Attached Registry File W11 - Disable Microsoft Defender.
► METHOD 2 (Garlin's Method): Integrating Registry Entries - #2 Easiest way [With Services Deactivation]
Based in disabling Tamper Protection, 3 Defender Settings and 4 Defender Services. Integrate the Attached Registry File W11 - Disable Microsoft Defender (Garlin's Method).
► METHOD 3: Following NTLite options
In resume, this method is the same as the last one (Garlin's), but using NTLite paths.
* Step 1: Disable 1 Setting of Microsoft Defender
On Left Panel, go to Configure > Settings > Window Defender
* Step 2: Disable 6 Services of Microsoft Defender (Windows Defender):
On left panel, go to Configure > Services
That's it! Microsoft Defender is now Permanently Disabled.
► Optional: Disable or Remove 4 Windows Defender Scheculed Tasks:
For sure, Defender's already disabled. But if you want even more guarantee, you can Disable/Remove a few tasks of it. Select one option.
After clean install of windows, in first boot, open Task Scheduler > Task Scheduler Libray > Microsoft > Windows > Windows Defender
Important: After you intall your desired AntiVirus, careful with "Microsoft Defender Antivirus periodic scanning for threats" option. If you switch to ON, in all circunstances Defender will be re-enabled. Re-apply one of the Reg Files in Safe Mode (Disable Tamper Protection & Defender first) and reboot the OS.
More Info: The alternatives above have different principles of deactivation, but they're interconnected. If you change one, you affect the other and that's why both work. Pick One and Go Ahead.
References: PureInfoTech, Garden's Method, Windows OS Hub
Three validated alternatives to Disable Defender in Windows 11 - all versions. Make sure to read everything.
All thanks to Pureinfotech, Garlin and Windows OS Hub. I only put them all together in one single post and adapted the methods to NTLite procedures.
Open NTLite and Load your install.wim file.
► METHOD 1: Integrating Registry Entries - #1 Easiest way [No Services Deactivation]
Based in disabling Tamper Protection and 12 Defender Settings. Integrate the Attached Registry File W11 - Disable Microsoft Defender.
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"ForceUpdateFromMU"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001► METHOD 2 (Garlin's Method): Integrating Registry Entries - #2 Easiest way [With Services Deactivation]
Based in disabling Tamper Protection, 3 Defender Settings and 4 Defender Services. Integrate the Attached Registry File W11 - Disable Microsoft Defender (Garlin's Method).
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
; Microsoft Defender Antivirus Mini-Filter Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter]
"Start"=dword:00000004
Microsoft Defender Antivirus Network Inspection System Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
"Start"=dword:00000004
; Microsoft Defender Antivirus Network Inspection Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
"Start"=dword:00000004
; Microsoft Defender Antivirus Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000004► METHOD 3: Following NTLite options
In resume, this method is the same as the last one (Garlin's), but using NTLite paths.
* Step 1: Disable 1 Setting of Microsoft Defender
On Left Panel, go to Configure > Settings > Window Defender
- Tamper Protection - Disabled
- Windows Defender - Disabled
* Step 2: Disable 6 Services of Microsoft Defender (Windows Defender):
On left panel, go to Configure > Services
- WdNisSvc - Disabled
- WinDefend - Disabled
- WdFilter - Disabled
- WdNisDrv - Disabled
That's it! Microsoft Defender is now Permanently Disabled.
► Optional: Disable or Remove 4 Windows Defender Scheculed Tasks:
For sure, Defender's already disabled. But if you want even more guarantee, you can Disable/Remove a few tasks of it. Select one option.
1. Disable Tasks in Windows
After clean install of windows, in first boot, open Task Scheduler > Task Scheduler Libray > Microsoft > Windows > Windows Defender
- Disable the four tasks
2. Remove Tasks in NTLite ("to remove" is the only option offered)
On left panel, go to Remove > Scheduled Tasks > Windows Defender- Windows Defender Cache Maintenance - Remove
- Windows Defender Cleanup - Remove
- Windows Defender Scheduled Scan - Remove
- Windows Defender Verification - Remove
Important: After you intall your desired AntiVirus, careful with "Microsoft Defender Antivirus periodic scanning for threats" option. If you switch to ON, in all circunstances Defender will be re-enabled. Re-apply one of the Reg Files in Safe Mode (Disable Tamper Protection & Defender first) and reboot the OS.
More Info: The alternatives above have different principles of deactivation, but they're interconnected. If you change one, you affect the other and that's why both work. Pick One and Go Ahead.
References: PureInfoTech, Garden's Method, Windows OS Hub
Last edited:
ddlnegocios
Member
For Method 1, you can ask the Author here:
How to disable Defender Antivirus permanently on Windows 11 - Pureinfotech
To disable the Microsoft Defender Antivirus permanently on Windows 11, open the Registry and configure these keys and DWORDs. Works in 2023.
pureinfotech.com
For Method 2 [3 is the same as 2, but only adapted for NTLite paths], you can ask the Author here:
How to Permanently Disable Microsoft Defender Antivirus on Windows 11 and 10 | Windows OS Hub
Microsoft Defender is the built-in antivirus program on Windows 10/11 and Windows Server that is enabled and configured by default. In this article, we’ll look at how to turn off…
woshub.com
All thanks to Windows OS Hub and Pureinfotechand . I only adapted the method to NTLite procedures.
Now all users can check these procedures by themselves and draw their conclusions and even compare with your Registry Entry (post #13). Maybe, they will see some similarities - especially considering method 2.
Best regards
Last edited:
WOSHub is generally the better source on technical info. And it matches my instructions, except for removing scheduled tasks (optional items).
No idea where PureInfoTech is going...
There are two strategies to solve most Windows problems:
Most of the solutions offered by technical experts fall into #1. Tech bloggers mostly fall into #2.
No idea where PureInfoTech is going...
There are two strategies to solve most Windows problems:
1. Start at the earliest point (offline image), and remove/edit features before they install or configure itself.
2. Wait until you're logged on, and end up with 3x the labor.
Most of the solutions offered by technical experts fall into #1. Tech bloggers mostly fall into #2.
Hellbovine
Well-Known Member
It's not mentioned often in these discussions, so I just want to point out to readers that NTLite can actually uninstall Defender, which results in the smallest image size, and performance is the absolute best, since all the drivers and services are removed, making it have zero overhead.
However, unless this was fixed, the downside to uninstalling the Defender component is that it will also remove the Security Center app as well, which is a separate interface used to toggle many important security features. Those settings could still be toggled manually via direct registry tweaking, but the interface is much easier to use, since these settings happen to be numerous and complicated.
Also, I agree with Garlin that the least number of tweaks should be used, and I think after seeing all the solutions out there, the absolute minimum number of reg keys needed to disable Defender is probably just 1-3 keys at most, which my experience tells me is a combination of "DisableAntiSpyware", "DisableRealtimeMonitoring", and "TamperProtection". Everything else is likely unnecessary, snakeoil, or operator-error from not using them properly.
However, unless this was fixed, the downside to uninstalling the Defender component is that it will also remove the Security Center app as well, which is a separate interface used to toggle many important security features. Those settings could still be toggled manually via direct registry tweaking, but the interface is much easier to use, since these settings happen to be numerous and complicated.
Also, I agree with Garlin that the least number of tweaks should be used, and I think after seeing all the solutions out there, the absolute minimum number of reg keys needed to disable Defender is probably just 1-3 keys at most, which my experience tells me is a combination of "DisableAntiSpyware", "DisableRealtimeMonitoring", and "TamperProtection". Everything else is likely unnecessary, snakeoil, or operator-error from not using them properly.
ddlnegocios
Member
Method 1 and Method 2 have different principles of deactivation. You guys must have noticed already - 1 it does not include Services Deactivation; 2 it does include.
Since Method 1 Does Not include Services Deactivation, if we let only the "minimum number of reg keys needed to disable Defender" (3, as you said), it won't work. Defender will stay disabled only in the first boot of windows. After that, Defender will re-enable itself. That's why Mauro Huculak (Pureinfotech) included more settings deactivation - 12 instead.
Now, talking about Method 2 which Includes Services Deactivation... Observing with more attention, Yes, I do must agree with you that Garlin's Method is better considering the idea of disabling less stuffs and getting same results. I'll fix this. I'll call Method 2 of "Method 2 (Garlin's Method)".
Thanks
Last edited:
ddlnegocios
Member
Done.
ddlnegocios
Member
ô loko, brasileiro papai???
AsadAlrafidain
New Member
I actually like the details in method 3 despite requiring more work...thanks for compiling these information
Last edited:
AsadAlrafidain
New Member
Hellbovine Sir, can you Disable (or uninstall ) security center altogether but leave firewall ? or has it become integrated with security center and defender ?
also, is "Microsoft Defender Firewall" the new name for old windows firewall ?
also, is "Microsoft Defender Firewall" the new name for old windows firewall ?