How to permanently disable Windows Defender Real Time Protection with GPO?

血红的双手。 提交于 2021-02-04 12:23:41

问题


I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO like this:

Real-Time Protection is shown as off:

However after a reboot the Protection is magically enabled again:

GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.

In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.

I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.


回答1:


In newer versions of Windows, Tamper Protection was added.
Tamper Protection must be disabled, otherwise Group Policy settings are ignored.

  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

Important. Tamper Protection must be disabled before changing Group Policy settings.

To permanently disable real-time protection:

  1. Open Local Group Policy Editor (type gpedit in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  3. Enable Turn off real-time protection
  4. Reboot

To permanently disable Microsoft Defender:

  1. Open Local Group Policy Editor (type gpedit in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  3. Enable Turn off Microsoft Defender Antivirus
  4. Reboot



回答2:


  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  • New > DWORD DisableAntiSpyware
  • Set it to 1
  • Reboot

If it doesn't work then one more step:

  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection (create this key if not existing)
  • New > DWORD DisableBehaviorMonitoring; set it to 1
  • New > DWORD DisableOnAccessProtection; set it to 1
  • New > DWORD DisableScanOnRealtimeEnable; set it to 1
  • Reboot

You can also save the code below to disable_realtime_protection.reg and run

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001



回答3:


MS has no longer supportted DisableAntiSpyware, they use many tricks to protect MsMpEng.exe and related registry item.

If you actually want to disable Windows Defender, using WinPE or WRE to edit registry offline.

--------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001
--------------------------------------------------------------------------

These items are protected online, so you cannot modify them, that's why using WinPE or WRE.




回答4:


I tried all suggestions here prior to today and tried this, this, this.

The only thing that works right now, Jan 2021, is a version of this. I have to run this every time I boot Windows 10. Sometimes even during the day, Defender will enable itself. Argh! So i have to run it again. Because of all this manual labor, I set up a Shortcut Key Ctrl + Shift + Alt + F12 to run the disable command. After pressing that shortcut I have to still answer Yes to the "Allow this program to make changes" dialog.

Steps

  1. Right click on your desktop then select New then Shortcut. Leave this on your desktop so that Windows finds the shortcut key.
  2. In the Target box type this code.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Set-MpPreference -DisableRealtimeMonitoring $true

  1. In the Shortcut key box press any key you want to use to run this shortcut. I used Ctrl + Shift + Alt + F12.

  1. Press Advanced then enable Run as administrator.

  1. Press OK twice. You're done.

You should know that Windows will keep annoying you with notifications to turn on virus protection. It's non stop madness ... in the battle to reclaim CPU power from the sharp clutches of Mr. Evil Real-time Defender of MS. Just ignore it.

I hope MS sees this and fixes this because it's so obtrusive of them to force real-time defender on all the time. It grinds my fast computer to a crawl.



来源:https://stackoverflow.com/questions/62174426/how-to-permanently-disable-windows-defender-real-time-protection-with-gpo

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!