5
2
So, I need to automatically disable Windows Defender for certain virtual machines via a PowerShell script. Previous to the May update, one could set the DisableAntiSpyware
and DisableRoutinelyTakingAction
in the registry and Defender was disabled.
Now with version 1903, this doesn't seem to work anymore. Even with disabling the Anti temper protection via registry and rebooting, I only get a permission denied when trying to set the two registry values.
Does anyone have ideas how I could solve this? I tried using the Invoke-CommandAs to do this as SYSTEM, however this didn't work either sadly.
Please provide some details on the properties of those two keys. You might want to try adding the user who runs the script to the list of users with read/write access. – Ramhound – 2019-06-12T17:29:19.400
So, are you saying, you want no AV on those hosts? Historically, if so, MP gets disabled when you install another AV solution. – postanote – 2019-06-13T05:25:54.657
The two keys disable the on-demand scanner and Windows Defender automatically taking action if it detects anything (e.g. scheduled scan). Yes, I want no AV on these hosts. They're just virtual machines for security research, so an AV on those would be pretty annoying. – Nirusu – 2019-06-13T07:52:31.837
The typical answer to OP's question would be to use Set-MpPreference -DisableRealtimeMonitoring $true Set-MpPreference -DisableRealtimeMonitoring $false However, it seems that since 1903 update (the Windows version which OP is asking about), Microsoft has disabled this ability - and there seems to be a complete lack of information about it online right now. – OrangeIsALie – 2019-06-24T19:52:52.203