search

disable-windows-defender / disable-windows-defender.github.io

NOTICE: No longer effective on latest Windows 10 versions. .reg files to permanently disable and restore Windows Defender on Windows 10
https://disable-windows-defender.github.io/
Creative Commons Zero v1.0 Universal
77 stars 16 forks source link

Disabling Windows Defender via the registry is no longer possible in recent Windows 10 versions #3

Open Calinou opened 4 years ago

Calinou commented 4 years ago

Alternatives are welcome. Feel free to post if you have any ideas :slightly_smiling_face:

ginger007tb commented 4 years ago

Sorry I was blind side by that message I did not see it sorry about thanks for the response

sakkamade commented 4 years ago

Haven't tried, but here: https://github.com/Crocodile1337/AV-Disabler

SuperJMN commented 3 years ago

Haven't tried, but here: https://github.com/Crocodile1337/AV-Disabler

Not there :(

FooqX commented 1 year ago

So, I have a personal method to disable the Defender using regedit and it works even without rebooting. It works on Windows 10, Windows 11 23H2, 22H2, Windows Insider Beta. So firstly, if you dont want to have any problems with permissions, download any tool that allows to launch applications with TrustedInstaller permissions. What I use is Winaero tweaker, search for tweak called "run as trustedinstaller" and then type regedit and launch. But first disable all settings in windows defender settings like tampering protection etc everything.

Also remember, when you create something click on dword 32bit

The method and steps:

go to:

  1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender and in this folder click on it and create a dword 32bit and name it DisableAntiSpyware, and put 1
  2. in the same folder create a DisableAntiVirus dword and put 1. By now it should disable AntiMalwareService executable, but still continue on this method.
  3. in the same folder find a folder called real-time protection (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection) and there create DisableRealtimeMonitoring and set 1, also create DpaDisabled and set 1
  4. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender and in this folder create DisableAntiSpyware & DisableRealtimeMonitoring and set all to 1
  5. from there, go to real-time protection folder and create these: DisableBehaviorMonitoring, DisableOnAccessProtection, DisableRealtimeMonitoring, DisableScanOnRealtimeEnable and set all to 1
  6. from there go to spynet folder and there set SpyNetReporting to 0 (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet)
  7. close regedit
  8. open task scheduler as administrator and check all the folders and tasks for any windows defender related tasks and disable or delete them, if needed you can do it with trustedinstaller perms but it is usually not needed this time.
  9. you're free to go! let me know if this worked (don't go into defender settings because it might trigger reset of the 1. and 2. step or something)

STEPS IF IT DIDN'T WORK AND ANTIMALWARE SERVICE IS STILL RUNNING: Make sure to repeat the steps above again and see if it works.

backup plan: Go into safe mode with internet access and disable windows defender antivirus services If you can't, you can also try with powershell: Set-Service -Name "SERVICE-NAME" -Status stopped -StartupType disabled (e.g. BITS/bits) or if that didnt work sc config "SERVICE-NAME" start=disabled

backup plan #2: Go into safe mode and just do the steps at the beginning.

FooqX commented 1 year ago

@Calinou

Calinou commented 1 year ago

I am pretty busy these days (and don't use Windows actively), so I can't test this extensively to make sure it works as expected. It looks good on the surface but I'm worried about the high number of steps it requires (plus the TrustedInstaller privileges).

Thanks for doing this research effort still :slightly_smiling_face:

FooqX commented 1 year ago

Alright! Btw here's a simplified version (all steps still present, just so you can faster understand this) Important: Disable tampering protection, real-time protection, and everything else in the Windows Security settings (dont touch other settings like firewall or vbs, etc) before proceeding.

  1. Launch regedit with TrustedInstaller privileges using e.g. Winaero Tweaker, AdvancedRun, or look into some cmd/pwsh command. Because otherwise it would throw errors when writing to the registry values, because you have no permissions, even as an Administrator. Also, it will throw write errors even with TrustedInstaller permissions if real-time protection and other settings aren't disabled.

  2. _HKEY_LOCALMACHINE\SOFTWARE\Microsoft\Windows Defender | DisableAntiSpyware (1), DisableAntiVirus (1)

  3. _HKEY_LOCALMACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection | DisableRealtimeMonitoring (1), DpaDisabled (1)

  4. _HKEY_LOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows Defender | DisableAntiSpyware (1), DisableRealtimeMonitoring (1), DisableAntiVirus (1)

  5. _HKEY_LOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | DisableBehaviorMonitoring (1), DisableOnAccessProtection (1), DisableRealtimeMonitoring (1), DisableScanOnRealtimeEnable (1)

  6. _HKEY_LOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet | SpyNetReporting (0) Optional: Open taskschd.msc, Task Scheduler Library => Microsoft => Windows => Windows Defender, and disable everything. Note: 2. step may reset after a big windows update and you may have to redo it again, but after that it surely disables completely (even the AntiMalwareService executable, and in services, the defender service is stopped and startup type is Manual)

FooqX commented 7 months ago

Update: Works in Windows Insiders Beta build, and on the 23H2 version. Works as expected! Update 2: Works in Windows Insiders Release Preview build 24H2.

FooqX commented 7 months ago

image