问题
I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO like this:
Real-Time Protection is shown as off:
However after a reboot the Protection is magically enabled again:
GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.
In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.
I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.
回答1:
In newer versions of Windows, Tamper Protection was added.
Tamper Protection must be disabled, otherwise Group Policy settings are ignored.
- Open Windows Security (type
Windows Securityin the search box) - Virus & threat protection > Virus & threat protection settings > Manage settings
- Switch
Tamper ProtectiontoOff
Important. Tamper Protection must be disabled before changing Group Policy settings.
To permanently disable real-time protection:
- Open Local Group Policy Editor (type
gpeditin the search box) - Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
- Enable
Turn off real-time protection - Reboot
To permanently disable Microsoft Defender:
- Open Local Group Policy Editor (type
gpeditin the search box) - Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
- Enable
Turn off Microsoft Defender Antivirus - Reboot
回答2:
- Regedit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender- New > DWORD
DisableAntiSpyware - Set it to
1 - Reboot
If it doesn't work then one more step:
- Regedit.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection(create this key if not existing)- New > DWORD
DisableBehaviorMonitoring; set it to1 - New > DWORD
DisableOnAccessProtection; set it to1 - New > DWORD
DisableScanOnRealtimeEnable; set it to1 - Reboot
You can also save the code below to disable_realtime_protection.reg and run
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
回答3:
MS has no longer supportted DisableAntiSpyware, they use many tricks to protect MsMpEng.exe and related registry item.
If you actually want to disable Windows Defender, using WinPE or WRE to edit registry offline.
--------------------------------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001
--------------------------------------------------------------------------
These items are protected online, so you cannot modify them, that's why using WinPE or WRE.
回答4:
I tried all suggestions here prior to today and tried this, this, this.
The only thing that works right now, Jan 2021, is a version of this. I have to run this every time I boot Windows 10. Sometimes even during the day, Defender will enable itself. Argh! So i have to run it again. Because of all this manual labor, I set up a Shortcut Key Ctrl + Shift + Alt + F12 to run the disable command. After pressing that shortcut I have to still answer Yes to the "Allow this program to make changes" dialog.
Steps
- Right click on your desktop then select New then Shortcut. Leave this on your desktop so that Windows finds the shortcut key.
- In the Target box type this code.
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Set-MpPreference -DisableRealtimeMonitoring $true
- In the Shortcut key box press any key you want to use to run this shortcut. I used Ctrl + Shift + Alt + F12.
- Press Advanced then enable Run as administrator.
- Press OK twice. You're done.
You should know that Windows will keep annoying you with notifications to turn on virus protection. It's non stop madness ... in the battle to reclaim CPU power from the sharp clutches of Mr. Evil Real-time Defender of MS. Just ignore it.
I hope MS sees this and fixes this because it's so obtrusive of them to force real-time defender on all the time. It grinds my fast computer to a crawl.
来源:https://stackoverflow.com/questions/62174426/how-to-permanently-disable-windows-defender-real-time-protection-with-gpo