New
#300
Hi my post is here
How to Turn On or Off Microsoft Defender Antivirus in Windows 10
Sadly i couldnt attach the exported script for some reason, but I may try to attach it again later.
Using CMD script and VBScript to control Windows Update
They work perfectly on my Windows 10 Home.
Write a tutorial if you find it useful.
If you haven't already, you might see if you can ZIP the script, and upload and attach the ZIP file instead.
How to Upload and Post Screenshots and Files at Ten Forums
I did but I accept the post is somewhat messy.
Ok fingers crossed upload works as zip.
RenewDisableDefenderRT.zip
1 - extract zip.
2 - Copy the "Defender-Realtime-Disable.cmd" to "C:\Program Files"
3 - import task as follows in admin command prompt.
schtasks /create /Ru SYSTEM /TN "RenewDisableDefenderRT" /XML RenewDisableDefenderRT.xml
This task will auto deactivate defender real time whenever its enabled, if its already enabled you will need to manually deactivate it once first. The task is accessible in main task scheduler folder, from there it can be edited, disabled, or deleted.
If you dont want to use "C:\Program Files" as the destination you can put the command file elsewhere but will need to edit the script path in the task to match.
Last edited by Brink; 03 Apr 2021 at 20:42. Reason: attached uploaded file
Doesn't work for me. MsMpEng.exe is still running.
- - - Updated - - -
How do you manually deactivate "it" first and how to undo this operation?
- - - Updated - - -
Thank you. Why aren't others using this? This works great unlike the other suggestions.
Are there any cons to using this where it may cause you issues in not restartng the service when you want to?
You open security dashboard and disable realtime protection, and to undo it you simply disable the task or delete the task.
- - - Updated - - -
Me personally its because its a closed source 3rd party program. Also I still want the application exploit protection, its just the real time file scanning I want disabled.
---
Ok guys, I took the time to use the app to disable defender and do some tests, I have also been testing various group policy settings, the idea is to observe resource utilisation and performance, so people have an idea of the merits of the options available.
So as stated if the app is used it succeeds in disable windows defender completely, if I check in process hacker, all antivirus services/drivers/processes are stopped.
If the realtime is disabled in the settings security centre, the FS driver and main process stay running, however there is no increase in resource usage on filesystem activity, and if I move the eicar test file around nothing is detected. On demand scans remain available as a useful tool. So no observed differences vs fully disabling defender other than the process and driver are running.
I then after reading documentation found out about the following in group policy.
1 "monitor file and program activity on computer"
2 "turn on behaviour monitoring"
3 "scan all downloaded files and attachments"
4 "turn on process scanning whenever real protection is enabled"
As it turns out you can muzzle windows defender even without toggling the main settings in the security centre, this requires no tricks using scheduler, or dealing with 24 hour resets, it will stick.
The first I listed above will stop real time file scanning. eicar wont be detected on copy/move. Performance is same as first two solutions.
Number 3 will still scan files downloaded in edge (didnt test other browsers), and also attachments in outlook. So useful.
Numbers 2 and 4 im not sure of performance impact, but I can confirm in powershell the group policies for both are been honoured.
However what doesnt work in group policy is toggling cloud settings, I believe because this has a toggle in the security centre, it is likely protected by anti tamper. But not a big deal to toggle in there as it doesnt auto change back.
I expect most in this thread do not care for this information as probably just want defender fully off, but I posted it as an extra option for people, just in case they not aware it can be tamed this way as well.
Last edited by Chrysalis; 16 Apr 2021 at 13:19.
Hello @Brink
I have switched from non Windows AV to Windows AV (Windows Security)!
I had disabled it. I have enabled it now, but I am wondering why its (Windows Security) tray icon is a white shield with a green overlay tick (all things good) on it instead of blue shield with a green tick on it! (SS below)
Is it out dated!? There is no offline installer to update it from Store or … !
"Windows version : 20H2 B 19042.685"
"Windows Security version: 1.339.248.0"