1

To disable the Windows Defender, I am using the PowerShell (as an administrator) in Windows 10 to run the following command: Set-MpPreference -DisableRealtimeMonitoring $true

But the real time protection is not getting disabled.

Can anyone have any idea about how to disable the real time protection programmatically?

sam
  • 481
  • 2
  • 8
  • 21
  • Are you running the command as administrator ? This work fine on my end (Windows 10). I do get a popup suggesting I turn it back on and looking a Virus & threat protection, I see it toggling on and off as I run the commands with `$true / $false` setting. – Sage Pourpre Feb 03 '20 at 08:01
  • Yes, I am running the command as administrator – sam Feb 03 '20 at 09:09

3 Answers3

6

Tamper Protection (when enabled) prevents "Set-MpPreference -DisableRealtimeMonitoring $true" from doing anything.

Gary Liddle
  • 81
  • 4
  • Do you know about any way around it? – Maor Dahan Jun 24 '20 at 11:08
  • @MaorDahan You can disable it from the Virus and Threats panel in Windows Security, see https://learn.microsoft.com/en-us/answers/questions/28561/how-to-enable-disable-tamper-protection-in-windows.html – Johan Franzén Sep 25 '20 at 06:32
0

Although on my Windows 10 machine, the Set-MpPreference -DisableRealtimeMonitoring $true works as expected, you could try manipulating it in the registry directly:

# Windows Defender DisableRealtimeMonitoring
$regpath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender"
if (!(Test-Path $regpath -PathType Container)) {
    $null = New-Item -Path $regpath -ItemType Container -Force
}
Set-ItemProperty -Path $regpath -Name "DisableRealtimeMonitoring" -Value 1 -Type DWord -Force
# restart the service
Restart-Service  -Name WinDefend -Confirm:$false -Force

To turn it back on, either remove the "DisableRealtimeMonitoring" entry or set its value to DWORD 0

Theo
  • 57,719
  • 8
  • 24
  • 41
  • I got an error `Restart-Service : Service 'Windows Defender Antivirus Service (WinDefend)' cannot be stopped due to the following error: Cannot open WinDefend service on computer '.'. At line:1 char:1 + Restart-Service -Name WinDefend -Confirm:$false -Force + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Restart-Service ], ServiceCommandException + FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.RestartServiceCommand` – RDR Mar 08 '21 at 03:30
  • Try disablingTamper Protection first – Theo Mar 08 '21 at 08:15
-2

i used key press

ctrl + esc type string "virus protect" enter tab x 4 enter blahblah = the rest of the key presses to turn off defender and firewall and everything erlse like uninstall avast and avg lol

user16096540
  • 1