Disabling Microsoft Antimalware service

67

9

I can't disable the Microsoft Antimalware service (MsMpSvc/MsMpEng.exe). I tried using services.msc, but the Startup Type drop-down is grayed out and I can't change it to Disabled nor stop the service. I also tried msconfig, but when I click Apply, the service gets enabled again. I even tried net stop msmpsvc and got system error 5 (access denied).

Any suggestions?

Italo

Posted 2012-10-27T17:15:13.990

Reputation: 771

Install an antivirus application, such as AVG. – Andy – 2015-06-05T00:17:23.867

Stupid thing had 5 GB of memory on my (Windows 10) PC just now. Couldn't even start FF without it crashing. Ended up having to restart. – Andrew – 2017-12-12T04:01:48.453

That thing is going off. Along with its design. – Andrew – 2017-12-12T04:02:17.463

Do you have admin rights on the computer? – None – 2012-10-27T17:19:12.790

Yes, of course. – None – 2012-10-27T17:45:46.340

Which operating system? – None – 2012-10-27T21:33:04.027

6This is by design for most any anti-virus software. If turning it off were that easy, the software could not be effective against malware. – Joel Coehoorn – 2013-02-04T20:57:12.703

Answers

35

Just in case someone will face the same questions on Windows 8/8.1 - there is now build-in option to stop both Windows Defender-related services:

  • Windows Defender Network Inspection Service and
  • Windows Defender Service:

Turn off Windows Defender

Sevenate

Posted 2012-10-27T17:15:13.990

Reputation: 1 446

2It does not help for me (Win 8.1 prof). I disabled real time protection, turned off this app and there is still MsMpEng.exe consuming my CPU and disk. Computer is soo slow... – Tomas Kubes – 2014-10-28T19:56:12.173

@qub1n, well, this is kind of strange. It may sounds obvious, but have you tried to reboot your computer and after that check the check box from the image above? – Sevenate – 2014-10-30T17:01:38.470

Yes,I disabled it months ago. – Tomas Kubes – 2014-10-31T07:32:23.480

I also disabled on Windows 10 with almost the same steps. But there seems the notifications about the system at risk. But it was running all of the time when I was working and my disk was not be silenced (My computer is a bit old and it may be a special situation for this old computer but anyway there should be an error on the os), now it is ok when it is off. – Emre Guldogan – 2015-10-23T18:22:48.690

2this answer works for Windows 7. I was able to Disable Real-time protection and uncheck the "Turn on this app" option. After clicking past the dire warnings, the icon removed itself from the task bar and the unstoppable Windows service stopped. – pdwalker – 2016-04-20T18:56:25.530

@pdwalker I guess MS updated the Defender app for all OS versions at some point, so this UI now available on Windows 7 as well (when I was using Windows 7 it was not there yet). – Sevenate – 2016-04-20T19:15:04.253

On Win8.1 it does not work. The service is still running. – Anixx – 2016-05-16T20:26:22.377

1Author is using Windows 7 not Windows 8 and your answer only applies to Windows 8. – Ramhound – 2014-04-26T23:11:59.890

15

Another way to get around the protection:

  1. Go to options and
  2. Find where it says "Exclude files and folders"
  3. Then just add the "C:\" drive.

This way even if you can't disable it outright, it can't scan your computer at all.

Also do this for both Windows Defender and Microsoft Essentials.

Coding Carl

Posted 2012-10-27T17:15:13.990

Reputation: 151

4Not having it installed at all sounds like exactly the solution to the problem. Anyone going to these lengths SHOULD know that they can't expect their babysitter to keep them from destroying their machine with warez and virusez any longer. – mightypile – 2015-10-11T17:10:34.957

2That's not quite true +Karan, not having it installed at would be even better. – Jerry Asher – 2016-08-01T19:13:58.753

1Of course, don't forget to remove the exclusions once you're done with whatever you wanted to accomplish, otherwise it's as good as not having it installed at all. – Karan – 2013-07-14T03:55:29.083

7

The best way to disable the Defender is to run regedit.exe, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender, take ownership of this registry key (inside regedit.exe or via the 3rd party tool RegOwnershipEx) and set the values DisableAntiSpyware and DisableAntiVirus both to 1.

enter image description here
click to enlarge

Note, if you only see 1 of the values, change this one.

magicandre1981

Posted 2012-10-27T17:15:13.990

Reputation: 86 560

1Appears to work under Windows 10, I think... – Andrew – 2017-12-12T04:11:08.873

4

@Andrew this question is for Win7,8. For Windows 10, go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender and create the DWORDS here and set them to 1.

– magicandre1981 – 2017-12-12T16:33:16.407

Yes, your answer doesn't change any. Thanks though! – Andrew – 2017-12-16T04:40:37.127

@Andrew for me setting the values under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender works fine for my Windows 10 1709 VM – magicandre1981 – 2017-12-16T16:43:14.817

Right. What I'm saying is, there's no need to visit that link. Your answer covers both Windows 7&8 and also Windows 10. – Andrew – 2017-12-17T18:03:30.500

1This doesn't seem to work. MsMpEng.exe still runs – rolls – 2019-10-12T15:27:05.263

2

@rolls Microsoft changes this from each windows 10 version to force users into their shitty program. I'm tired of updating this all time. Try the reg from this blog

– magicandre1981 – 2019-10-13T08:30:55.897

5

OK appears the UI has changed, at least with windows 10 "creators update":

Settings app -> "Update & Security" -> Windows Defender -> "Open Windows Defender Security Center" -> "Virus & Threat protection" -> "Virus & Thread Protection settings" (button) -> "Real-time protection" slide the selector button to "off"

Now MsMpEng.exe isn't using 100% cpu and system is faster (though unprotected).

For a disk intensive build my build times went from 8m33s to 1m49s whoa!

rogerdpack

Posted 2012-10-27T17:15:13.990

Reputation: 1 181

5

Windows Defender/Microsoft Security Essentials is very tightly knit into the operating system in order to provide more security. It's best to disable it through the natural means than trying to cut it out piece by piece.

Go to your control panel, and select the entry for your Microsoft Antivirus. It might be listed as "Windows Defender" depending on your update history. Look in the 'settings' section in the Antivirus GUI for a "disable"

Depending on how updated your Windows Defender/MSE is, and how updated you received the program, these steps may vary, but the general idea is the same: disable it the way they provided you, not by trying to be crafty.

You'll find that many antiviruses will inject modifications into discrete crevasses of your operating system in the name of security.
Good rules of thumb to remember are to

  1. Always install, uninstall, disable, and so on, the way the manufacturer intended. If you fail to do so, and you don't know exactly what you're doing, start over. (e.g. Reinstall, then uninstall)
  2. Search for tools which allow you to clean up after failed operations. For example, Symantec provides the Norton Removal Tool, which will scan for leftovers of a damaged [un]installation and remove them.

jsvk

Posted 2012-10-27T17:15:13.990

Reputation: 297

2Thanks for the advice, but that is not what I asked. I can of course uninstall it, and that's what I've been doing. But installing and uninstalling all the time is not practical. I am really looking for a way of disabling it temporally. – Italo – 2012-10-30T17:48:56.523

2@Italo Disabling the antivirus via the GUI is a quicker and equally safe alternative to uninstalling. It's covered in my second paragraph. If you must use services.msc, run it as an administrator and disable the service. Note: If your username is not "Administrator", it means you are an administrator, and you must still open "services" by clicking "Run as Administrator" – jsvk – 2012-10-30T18:20:24.637

4

If you just want to shut it down temporarily:

1) Open the search bar (right side of screen)

2) Search SETTINGS and type in ADVANCED

3) Select "Advanced startup options"

4) Scroll to the bottom and select "Restart now" (computer will restart and bring you to the Advanced Startup options menu.)

5) Select "Troubleshoot" at the Advanced Startup options menu.

6) Select the "Startup settings" option.

7) Select "Disable early-launch anti-malware protection" (option #8)

8) Select the restart button and you'll be brought to windows.

Do whatever you want to do, and the next time you restart your computer it will be enabled automatically again.

SQLiteNoob

Posted 2012-10-27T17:15:13.990

Reputation: 141

3

On Windows 7, this MsMpEng.exe service is part of Microsoft Security Essentials (find it under Start > All Programs). You can disable its real-time protection, in the Settings tab:

enter image description here

However, this might not disable the MsMpEng.exe service from running, so you'd probably have to uninstall Microsoft Security Essentials for this matter:

enter image description here

Noam Manos

Posted 2012-10-27T17:15:13.990

Reputation: 771

1Doesn't seem to still work for windows 10 :| – rogerdpack – 2017-12-15T12:29:49.850

Asked: 2012-10-27T17:15:13.990

Viewed: 238 214 times

Active: 2018-07-27T14:54:47.597