Bye Windows Defender, I need to turn you back off again

63

20

I am running Windows 10 on a fairly recent laptop. I'm using Avast (free version) as antivirus and before the update, Windows Defender was turned off as it should be in case a third party antivirus is installed.

Yesterday I received a notification of an available update for the OS. I ran the update on shut down, and this morning when turning the computer on, it completed the updating procedure in about 1 hour.

The update, as far as I can tell, restored a lot of bloatware that was installed on the PC at the time of the purchase, installed some additional Visual Studio components and some new applications, and it turned on Windows Defender.

I find this all weird since Avast was (and still is) running fine as usual, but now I have a resource hog (Windows Defender) sucking on my PC resources. Furthermore Cortana is running in the background even though I disabled it...

Why has this thing happened and how can I turn Windows Defender off? Since apparently it has not detected that Avast is running, it somehow turned itself back on again.

mickkk

Posted 2016-09-04T17:03:38.737

Reputation: 885

23Windows Defenser recieved changes so it can run along side of third-party security. It can still be turned off. You don't have to disable it unless you want to – Ramhound – 2016-09-05T04:16:33.533

45As a sidenote: this happened because this update (Version 1607 "Anniversaty Update") was in fact not an update but an upgrade, which uses a different installation method, the same as when upgrading from an older Windows version. This upgrade process tends to reset a lot of stuff. Also check your privacy settings! – Michael Borgwardt – 2016-09-05T08:36:40.947

You may find this useful: How to disable (signature-based) real-time scanning and leave behavior monitoring enabled in Windows Defender?

– Marc.2377 – 2016-09-05T17:58:49.977

18To be fair, Windows Defender is among the LEAST demanding anti-virus on Windows 10. The entire thing, including the UI, and the two services takes up just under 80MB of memory while idle. It also takes less than a second to stop a background scan on user activity, and I tend to never actually notice it doing its thing. This doesn't speak to its efficacy of course, but to say it is a resource hog (compared to Avast of all the bloat-filled AV packages!) is just wrong. – Drunken Code Monkey – 2016-09-06T16:45:40.010

1@MichaelBorgwardt you are right, some privacy settings were reset too.. – mickkk – 2016-09-09T21:33:09.513

1@DrunkenCodeMonkey I disagree with you, maybe it's just on my machine, but it was taking 250MB of memory which I found absurd. Avast or AVG, from my personal experience, tend to run much smoother and use less resources. But then again, I think this update messed something up, so under "normal" circumstances you may well be right. – mickkk – 2016-09-09T21:35:21.297

Answers

21

The safest way to do this is to uninstall Avast! (in Programs and Features) and then to reinstall it. That will ensure that MS hasn't removed any part of the Avast! suite's protection. Reinstalling Avast! will then disable Defender correctly.

Merely shutting Windows Defender does not guarantee that third-party AV will be working properly.

Postscript: As has noted in comments, recent Windows updates reinstall Defender, even though third-party AV has already been installed. There is not much impact, I find, except on cold boot, but scheduled scans can be disabled in Scheduled Tasks. For example, using Nisoft's TaskSchedulerView, right-click on an item and select Disable.

Windows Defender scheduled scan

Also turn off scans and the alert message in the Windows Defender Security Center that Defender.

Insecurity Center alerts

DrMoishe Pippik

Posted 2016-09-04T17:03:38.737

Reputation: 13 291

So how does he know whether a future automatic update wont break avast? Sounds like another evil schema to kill competition to me :/ – akostadinov – 2016-09-07T12:52:42.277

Correct: MS updates change things at a very low level, so it can do things like disabling AV, destroying a Linux partition (http://www.myce.com/news/windows-10-anniversary-update-kills-linux-partions-80128/), etc.

– DrMoishe Pippik – 2016-09-07T14:18:52.680

wow, this thing needs to be touched only inside a heavily firewalled VM and only for the task then shut it off. – akostadinov – 2016-09-07T20:20:15.773

The same can be said for Linux updates, or Mac updates... update mechanisms have the power to do anything to the OS, including installing a different OS. – DrMoishe Pippik – 2016-09-08T13:53:02.267

dunno about macs, but obviously you have not maintained linux. Linux plays well with others. Sure updates can do everything. But in 10-15 years I've not seen an update to linux that breaks any other OS installed on same disk. While major windows updates have regularly done so. And this is evil. – akostadinov – 2016-09-09T18:38:58.667

This option worked for me. – mickkk – 2016-09-18T10:00:20.773

38

Disable Windows Defender with Local Group Policy Settings

To Turn On or Off Windows Defender using Group Policy

  1. Open the Local Group Policy Editor.

  2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

    Computer Configuration/Administrative Templates/Windows Components/Windows Defender

    enter image description here

  3. In the right pane of Windows Defender in Local Group Policy Editor, double click/tap on the Turn off Windows Defender policy to edit it. (see screenshot above)

  4. Do step 5 (on) or step 6 (off) below for what you would like to do.

  5. To Turn On Windows Defender

    A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

    NOTE: Not Configured is the default setting.

  6. To Turn Off Windows Defender

    A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)

    enter image description here

  7. When finished, you can close the Local Group Policy Editor if you like.

  8. If you are turning on Windows Defender, then open Windows Defender, and click/tap on Start now if needed. (screenshot below)

source

Restart the Computer afterwards to confirm and ensure everything becomes effective.

Pimp Juice IT

Posted 2016-09-04T17:03:38.737

Reputation: 29 425

As of 2019 this doesn't work. This group policy is configured, but "Windows Defender Antivirus Service" is still running, still impossible to stop, and still eating CPU / battery power. – RomanSt – 2019-11-27T12:45:44.003

You could always look over the https://superuser.com/questions/1097306/temporarily-stop-all-microsoft-windows-defender-processes-in-windows-10/1097424#1097424 post and see if something there could possibly help. Hopefully if you need to stop the antivirus and threat protection service on the OS, it will be temporary only anyway. If you're going with another AV software solution, hopefully it'll have the logic built in to tell it how to interactive with Windows Defender whether leave it enabled or stop it, etc. What version of Windows are you running, the current 2019 year means nothing really.

– Pimp Juice IT – 2019-11-27T20:09:38.420

18

Disable Windows Defender with Local Registry Settings

If you're not able to use Group Policy then see To Turn On or Off Windows Defender using a REG file.

WARNING: Before working in the Windows Registry, it is always a good idea to back it up first, so that you have the option of restoration, should something go wrong. This article shows the different ways to back up and restore the Windows Registry or its Hives.

To Turn On or Off Windows Defender using a REG file

The .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

DisableAntiSpyware DWORD

(delete) = On
1 = Off

To hide Windows Defender notification icon: (when turned off)

Code: 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Windows Defender"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=-

To show Windows Defender notification icon: (when turned on)

Code:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"WindowsDefender"=hex:06,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
  46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
  00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,\
  53,00,41,00,53,00,43,00,75,00,69,00,4c,00,2e,00,65,00,78,00,65,00,22,00,00,\
  00

  1. Do step 2 (on) or step 3 (off) below for what you would like to do.

  2. To Turn On Windows Defender

    NOTE: This is the default setting.

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Turn_On_Windows_Defender.reg: Download

  3. To Turn Off Windows Defender

    A) Click/tap on the Download button below to download the file below, and go to step 4 below.

    Turn_Off_Windows_Defender.reg: Download

  4. Save the .reg file to your desktop.

  5. Double click/tap on the downloaded .reg file to merge it.

  6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

  7. If you are turning off Windows Defender, sign out and sign in to apply.

  8. If you are turning on Windows Defender, then open Windows Defender to apply.

  9. If you like, you can now delete the downloaded .reg file.

source

Pimp Juice IT

Posted 2016-09-04T17:03:38.737

Reputation: 29 425

Asked: 2016-09-04T17:03:38.737

Viewed: 11 802 times

Active: 2017-12-07T15:36:50.990