Disable MsMpSvc from command line

Quite simply I'm looking for a way to disable Microsoft's security essentials service from the command line, you used to be able to run the command (as admin)

net stop MsMpSvc

but that was somehow rendered useless after an update (err 5:access denied) .

I then even ran a shell as 'SYSTEM' user (which is the user that MsMpSvc runs under) but alas still get an access denied message using the commands taskkill (for msmpeng.exe) and stop-service with the -force argument.

Is there a way around this?

_{Yes I'm aware of the security implications of this}

regularjoe

Posted 2013-03-28T17:11:09.070

Reputation: 191

Answers

The Microsoft Antimalware service is protected in various places against being disabled, because this is an attack vector used by certain types of malware. Unfortunately when we have cause to legitimately disable the service, we are then unable to do so.

Ross Presser

Posted 2013-03-28T17:11:09.070

Reputation: 1 139

Override the permissions with SubInACL, set the service to manual in the registry, then reboot.

There is no point in killing a service that is designed to not be killed, you disable its boot entry instead.

Tamara Wijsman

Posted 2013-03-28T17:11:09.070

Reputation: 54 163

My intention was to toggle the service off/on while running Windows. Regardless I have no reason to do this anymore. – regularjoe – 2016-01-04T16:50:38.540

Try using the sc command to configure the state of the service:

sc config MsMpSvc start=disabled

Then if the service is stopped you can use net stop or sc stop to stop the service. It depends on your version of Windows, but you need to ensure that the command prompt was opened with Administrative access:

http://technet.microsoft.com/en-us/library/cc947813%28v=ws.10%29.aspx

Dion Pezzimenti

Posted 2013-03-28T17:11:09.070

Reputation: 514

Think about it though. If it were simple to automate the process of disabling, that would open up an attack vector for malware to disable it. – Ross Presser – 2017-05-02T08:54:26.927

Thanks but running that as both Administrator and SYSTEM still gets an access denied error. – regularjoe – 2013-03-28T17:30:08.453

You should be able to do it using your own credentials so long as you are a local administrator on the machine. Then start the command prompt with administrative rights by right clicking and selecting 'Run as Administrator'. I tried in on my Win8 laptop and a virtual Server 2008 R2 machine. It executed successfully on both. – Dion Pezzimenti – 2013-03-28T17:32:45.857

Hmm, I'm on win7 so maybe that could be the problem, I tried it with plain old local admin, still errors. – regularjoe – 2013-03-28T17:43:32.517

Well alternatively since CLI isn't working there is always the GUI method: http://www.askvg.com/windows-7-services-that-can-be-safely-set-to-manual/

– Dion Pezzimenti – 2013-03-28T17:44:22.113

Mmm, I want to automate the process. – regularjoe – 2013-03-28T17:52:04.697

Also the GUI route is not possible either. – regularjoe – 2013-03-28T18:05:13.053

That is bizarre! Try it on another machine just for the sake of trying. See if you get similar results on that machine... if you have the resources to try this. – Dion Pezzimenti – 2013-03-28T18:05:56.707

Well I could try it in a virtual machine, I know its not just me there are other posts around the internet about this http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/why-cant-i-control-the-msmpsvc-service/1c7cad27-f7c8-4951-a583-fc4d899d3c61

– regularjoe – 2013-03-28T18:14:06.923

-2

Open microsoft security essentials

go to settings

press on the tab called "real-time protection"

untick the checkmark box to disable real-time protection

that's it.

Gnurt

Posted 2013-03-28T17:11:09.070

Reputation: 1

2Where's the command line in your answer? – Arjan – 2016-10-19T21:05:22.210

-2

Disabling MSE does nothing to stop MsMpEng from taking top priority right at start-up and maxing out your computer's CPU and RAM until it's damn good and ready. You cannot change the priority. You cannot temporarily disable it while some other CPU-sucking Microsoft application [e.g. the virus known as Windows Update] is running.

Whoreson.

Wal Ford

Posted 2013-03-28T17:11:09.070

Reputation: 1

1This is really a comment rather than a solution to the question. Well actually more of a rant than a comment. – fixer1234 – 2017-07-13T21:03:44.157

I wish I could close this old question(2013) – regularjoe – 2017-09-02T19:29:02.200