Fully disabled Defender but "Windows Defender Antivirus Service" runs

Page 1 of 4 123 ... LastLast

  1. Hannele2
    Posts : 80
    Windows
       New #1

    Fully disabled Defender but "Windows Defender Antivirus Service" runs


    I used the steps from here and elsewhere, to FULLY disable Windows Defender, well over a year ago.
    Mark my surprise, when I find that the "Antimalware Service executable" is eating up 25% of the processor power... I double checked everything from Group policy settings, to registry and toggle switch. Defender is still well and truly disabled... At least on paper!

    For a second I thought my machinewas affected by a very clever virus or malicious code that impersonated Windows Defender. I downloaded and installed Kaspersky to do a thorough scan. After that, I found to my astonishment that the "Antimalware Service executable" was STILL running. Normally other anti-virus solutions turn off Windows Defender! N

    Then I realised that what's actually running is a Service. I can see it in the Service tab of Task Manager. It's probably legit and Microsoft has completely ignored my wishes and pushed on something that overrides all the settings regarding Defender.
    Trying to turn off the Service does not work.

    What's going on and how to I take back control and turn this off? (Win 10 latest build)
    Last edited by Hannele2; 17 Nov 2019 at 07:30.
      My Computer
    Quote Quote

  3. FreeBooter
    Posts : 5,324
    Windows 11 Pro 64-bit
       New #2

    This batch script disables the Windows Defender and its services.


    Code:
    @Echo Off

net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)

:_Start
Cls & Mode CON  LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
Echo.
Echo.       
Echo         Type (D) letter to Disable Windows Defender   
Echo.       
Echo.
Echo.
Echo.         
Echo         Type (E) letter to Enable Windows Defender    
Echo.         



Set /p input= RESPONSE: 
If /i  Not %input%==D (Goto :_Ex) Else (Goto :_Disbale)

:_Ex
If /i  Not %input%==E  (Goto :_Start) Else (Goto :_Enable)





:_Disbale
:: Disable Windows Defender with  Group Policy. 
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f  > Nul

Cls & Mode CON  LINES=5 COLS=49 & Color 0E & Title - WARNING -
 Echo.
 Echo. 
 Echo            Windows Defender Disabled
Ping -n 5  localhost > Nul
Cls
Goto :Reboot


:_Enable
:: Enable Windows Defender with  Group Policy. 
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "0" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "0" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "0" /f > Nul
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "0" /f > Nul
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /f > Nul


Cls & Mode CON  LINES=5 COLS=49 & Color 0E & Title - WARNING -
 Echo.
 Echo. 
 Echo            Windows Defender Enabled

Ping -n 5  localhost > Nul
Cls



:Reboot 
CHOICE /C YN /M "Press Y to Reboot, N for exiting script."


If %errorlevel% == 1 ( Shutdown /r /t 0) Else (Exit)
      My Computer
    Quote Quote

  4. Hannele2
    Posts : 80
    Windows
    Thread Starter
       New #3

    FreeBooter said:
    This batch script disables the Windows Defender and its services.
    Thank you! This would have been fantastic --- if it had worked. I saved as bat file and ran as Administrator.
    Got the prompt and hit "D" for Disable.
    But it's still running...

    Fully disabled Defender but "Windows Defender Antivirus Service" runs-image.png
    Attached Thumbnails Attached Thumbnails Fully disabled Defender but "Windows Defender Antivirus Service" runs-image.png   Fully disabled Defender but "Windows Defender Antivirus Service" runs-image.png   Fully disabled Defender but "Windows Defender Antivirus Service" runs-image.png  
      My Computer
    Quote Quote

  6. TairikuOkami
    Posts : 5,451
    Windows 11 Home
       New #4

    Make sure, that the tamper protection is disabled, then run this twice as admin, then restart.

    Windows/Microsoft Defender Disable.bat at main . TairikuOokami/Windows . GitHub
    Attached Thumbnails Attached Thumbnails Fully disabled Defender but "Windows Defender Antivirus Service" runs-capture_11172019_133844.jpg  
    Last edited by TairikuOkami; 09 Apr 2021 at 13:18.
      My Computer
    Quote Quote

  7. Hannele2
    Posts : 80
    Windows
    Thread Starter
       New #5

    TairikuOkami said:
    Make sure, that the tamper protection is disabled, then run this twice as admin, then restart.[Batch] Windows Defender Disable - Pastebin.com
    That worked! Thank you! I didn't know about Tamper protection, turns out it was disabled. Apparently Microsoft pushed it quite recently. I can't remember turning it off, but it was off when I looked, after running the script.

    Any idea why this happened? What is Microsoft up to?
      My Computer
    Quote Quote

  8. TairikuOkami
    Posts : 5,451
    Windows 11 Home
       New #6

    Tamper protection was introduced in 1903, upon a clean install, it can be disabled via registry, but once WD is updated, it has to be done manually. It serves as a protection, so malware could not disable it easily. Considering, that you somewhat disabled WD a year ago, it failed to update and kept trying (@25%CPU).
      My Computer
    Quote Quote

  9. Clamarc
    Posts : 61
    Windows 10 pro 64 bits 1903 build 18362.836
       New #7

    TairikuOkami said:
    Tamper protection was introduced in 1903, upon a clean install, it can be disabled via registry, but once WD is updated, it has to be done manually. It serves as a protection, so malware could not disable it easily. Considering, that you somewhat disabled WD a year ago, it failed to update and kept trying (@25%CPU).
    Hi,
    I have two doubts:
    1 - There are two bat files, which one should I use?
    2 - At the end of the first bat, do you inform to run twice?
    would be to run the entire bat twice or are the bat part
    Disable WD services?

    thank's
    Clamarc
      My Computer
    Quote Quote

  10. muchomurka
    Posts : 913
    CP/M
       New #8

    See this post:
    How to stop “windows defender antivirus service”?
      My Computer
    Quote Quote

  12. Clamarc
    Posts : 61
    Windows 10 pro 64 bits 1903 build 18362.836
       New #9

    muchomurka said:
    See this post:
    How to stop “windows defender antivirus service”?
    Hi muchomurka,

    But aren't SecurityHealthService and Windows Defender Antivirus Service different applications? Can I disable SecurityHealthService without causing other problems on my System?

    thank's
    Clamarc
      My Computer
    Quote Quote

  13. muchomurka
    Posts : 913
    CP/M
       New #10

    Can I disable SecurityHealthService without causing other problems on my System?
    It will block Security options in Settings app. If you really want to have Security Center enabled, remark or delete the line.
      My Computer
    Quote Quote

 

  Related Discussions
Windows Defender Antivirus Service service terminated
in AntiVirus, Firewalls and System Security

Hello, I have problem with Windows Defender on Windows 10 Home (20H2 version). I'm still getting this error in Event Viewer: I already tried to use sfc /scannow and DISM /Online /Cleanup-Image /RestoreHealth but it didn't help at all. Windows...
How to stop “windows defender antivirus service”?
in AntiVirus, Firewalls and System Security

Windows 10.0.18362.778: How to permanently disable “windows defender antivirus service”? I couldn’t figure out How to permanently disable “windows defender antivirus service” 275616
Windows defender : Anomalous "Actions Needed" message/icon
in AntiVirus, Firewalls and System Security

Icon says actions needed. When open Defender it says I need a restart. When I then expand that page, all is well. How do I clear this? See attachments for how this manifests
Windows Defender tray icon, remove "!" with unused features?
in AntiVirus, Firewalls and System Security

I recently 'upgraded' to Win10 Version 1703 (Creator's), which uses Windows Defender Security Center, rather than good ol' Windows Defender. I have the tray icon in the Notification Area set to always show, but it displays a yellow exclamation...
Hello to everyone. I have been using Windows Defender as my antivirus software for some time but i recently decided to switch into a better one so i installed Kaspersky Internet Security 2017. Even though the installation was successful and...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 11:06.
Find Us




Windows 10 Forums