How to Disable Windows Defender Using PowerShell?

by

In this tutorial, I will explain how to disable Windows Defender using PowerShell. Windows Defender, now known as Microsoft Defender Antivirus, is a built-in security feature in Windows 10 and Windows 11 designed to protect your computer from malware and other security threats.

However, there are instances where you might need to disable it, such as when running certain applications or troubleshooting system issues. I will show you the steps to disable Windows Defender using PowerShell.

Note: Ensure you have administrative privileges on your computer. Disabling Windows Defender requires elevated permissions.

Disable Windows Defender Using PowerShell

Now, let me show you step-by-step how to disable Windows Defender using PowerShell.

Step 1: Open PowerShell as Administrator

To disable Windows Defender, you need to run PowerShell with administrative privileges. Follow these steps:

  1. Press Windows + X and select Windows PowerShell (Admin) from the menu.
  2. If prompted by User Account Control (UAC), click Yes to allow PowerShell to make changes to your device.

Step 2: Disable Real-Time Protection

Real-time protection is a key feature of Windows Defender that actively scans files and processes for malware. To disable it, use the following PowerShell command:

Set-MpPreference -DisableRealtimeMonitoring $true

This command will turn off real-time protection, but Windows Defender will still be active in the background.

Read Install Snipping Tool in Windows 11 Using PowerShell

Step 3: Disable Windows Defender Antivirus

To completely disable Windows Defender Antivirus, you need to modify the system registry. Here’s how:

  1. Open PowerShell as Administrator.
  2. Run the following commands to disable Windows Defender services:
Set-MpPreference -DisableRealtimeMonitoring $true
Set-MpPreference -DisableBehaviorMonitoring $true
Set-MpPreference -DisableBlockAtFirstSeen $true
Set-MpPreference -DisableIOAVProtection $true
Set-MpPreference -DisablePrivacyMode $true
Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true

Step 4: Disable Tamper Protection

Tamper Protection is a security feature that prevents unauthorized changes to Windows Defender settings. To disable it, follow these steps:

  1. Open the Windows Security app by searching for “Windows Security” in the Start menu.
  2. Navigate to Virus & threat protection > Virus & threat protection settings.
  3. Toggle off Tamper Protection.

Step 5: Modify the Registry to Disable Windows Defender Permanently

To disable Windows Defender permanently, you need to edit the Windows Registry. Here’s how:

  1. Press Windows + R, type regedit, and press Enter to open the Registry Editor.
  2. Navigate to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  1. Right-click on the Windows Defender key, select New > DWORD (32-bit) Value, and name it DisableAntiSpyware.
  2. Double-click on DisableAntiSpyware and set its value to 1.

Step 6: Restart Your Computer

After making these changes, restart your computer to apply the settings. Windows Defender should now be disabled.

Read Get an IP Address Using PowerShell in Windows

Re-enabling Windows Defender using PowerShell

If you need to re-enable Windows Defender, follow these steps:

  1. Open PowerShell as Administrator.
  2. Run the following command:
Set-MpPreference -DisableRealtimeMonitoring $false
  1. Re-enable Tamper Protection via the Windows Security app.
  2. Modify the registry to delete the DisableAntiSpyware key or set its value to 0.
  3. Restart your computer.

Conclusion

In this tutorial, I explained how to disable Windows Defender using PowerShell. I have also shown how to re-enable Windows Defender using PowerShell as and when needed.

You may also like:

100 PowerShell cmdlets download free

100 POWERSHELL CMDLETS E-BOOK

FREE Download an eBook that contains 100 PowerShell cmdlets with complete script and examples.