Disable the Windows Defender on Windows 10 20H2

Bushido1 said:

This is my only main account. I can open other software as an Administrator fine.

See the pic in post #20



Ok... the file you should be running is: Autoruns64.exe
AND you need to right click it and choose: Run as Administrator. If I don't click Run as Admin I get the same warning message you do.

I also put the Autoruns folder in C:\

From what I remember protection service cannot be stopped even if you're Admin, maybe with "backup admin" privilege, not sure, anyway why not elegantly using GPO option to disable defender?

How to Turn On or Off Microsoft Defender Antivirus in Windows 10

zebal said:

From what I remember protection service cannot be stopped even if you're Admin, maybe with "backup admin" privilege, not sure, anyway why not elegantly using GPO option to disable defender?

How to Turn On or Off Microsoft Defender Antivirus in Windows 10

I just did it a few posts ago, with Autoruns

Ah OK, there are 3 members with "B" avatar that made me confused...

If you're trying to hack MS defender try with "Backup Operators" account instead of SYSTEM

zebal said:

Ah OK, there are 3 members with "B" avatar that made me confused...

If you're trying to hack MS defender try with "Backup Operators" account instead of SYSTEM

I just used my Local account. But My Local account IS an Administrators account.
I originally did it back on 2004. But I just tested it again today...still works.



The only other thing I can think of is that I run Bitdefender Internet Security 2020. It works WITH Defender.
Maybe it changed Defender somehow, that made it possible for Autoruns to work for me.

BUT, I have seen others do it with just Autoruns.

Bushido1 said:

Regarding the post #20, I do not have a "Local account" there. I have my email address (Hotmail).

Maybe you have to ... log out (or w/e ) from your Microsoft account. If that's even possible.
I didn't hook my Win 10 install to my Microsoft account.



@zebal It's easy enough for you to test.

Just run Autoruns as admin, following the instructions in post #5 and see if you can UN-check those boxes.
You don't have to do the reboot part. OP can't even uncheck the boxes.


We know for a fact, that once you uncheck those boxes, you CAN stop the Services associated with Defender.
But OP doesn't seem to be able to uncheck those boxes in Autoruns.

Maybe you relaxed some security options on your PC because I'm not able to do it that way.

I tried with both SYSTEM and Administrator accounts. tried with local Admin and as local standard user, run autoruns as Admin, got same message:

zebal said:

Maybe you relaxed some security options on your PC because I'm not able to do it that way.

I tried with both SYSTEM and Administrator accounts. tried with local Admin and as local standard user, run autoruns as Admin, got same message:

Attachment 322507

Thx for testing. I don't know then. Like I've mentioned...the only thing I can think of that might make a difference, is that I Have Bitdefender Internet Security 2020 running (which does partly take over Defender), and I don't have a Microsoft account associated with my Win 10 installation.




/edit

I also see you don't have the Defender "driver" ??




c:\windows\system32\drivers\mpsdrv.sys 11/3/1977 9:07 AM

Mpsdrv. sys is a kernel mode driver that is part of the Microsoft Protection Service, a network of users with Windows Defender and Microsoft Security Essentials that helps to determine whether a given program is malicious. This is a critical Windows component and should not be disabled or removed.