Privacy and Security Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Windows 11


  • Staff
Windows_Security_banner.png

This tutorial will show you how to enable or disable real-time protection for Microsoft Defender Antivirus in Windows 11.

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.

While real-time protection is off, files you open or download won’t be scanned for threats.



You must be signed in as an administrator to turn on/off or enable/disable real-time protection for Microsoft Defender Antivirus.

Controlled Folder Access requires turning on Real-time Protection.



Contents

  • Option One: Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security
  • Option Two: Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command
  • Option Three: Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor
  • Option Four: Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


EXAMPLE: Real-time protection disabled when third party antivirus program installed

If another antivirus product is installed, registered, and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the Virus & threat protection section to show status about the AV product, and provide a link to the product's configuration options. A setting will appear that will allow you to enable limited periodic scanning for Microsoft Defender Antivirus.

Real-time protection will always remain disabled even with periodic scanning enabled when a third party antivirus program is installed.


Real-time_protection_3rd_party-AV.png





Option One

Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security


If you turn off real-time protection, it will automatically turn back on after a short delay unless you turn off Tamper Protection first.


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Microsoft_Defender_real-time_protection-1.png

3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

Microsoft_Defender_real-time_protection-2.png

4 Turn On (default) or Off Real-time protection for what you want. (see screenshots below)

Microsoft_Defender_real-time_protection-3.png
Microsoft_Defender_real-time_protection-4.png

5 If prompted by UAC, click/tap on Yes to approve.

6 You can now close Windows Security if you like.




Option Two

Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command


This option will not work unless Tamper Protection is turned off first.

If you are turning on real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)

(Turn On Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 0
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $false

OR​

(Turn Off Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 1
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $true

3 You can now close Windows Terminal (Admin) if you like.

Microsoft_Defender_real-time_protection_PowerShell-2.png

Microsoft_Defender_real-time_protection_PowerShell-1.png





Option Three

Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Real-time Protection

Microsoft_Defender_real-time_protection_gpedit-1.png

3 In the right pane of Real-time Protection in the Local Group Policy Editor, double click/tap on the Turn off real-time protection policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.

5 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-2.png

6 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-3.png

7 You can now close the Local Group Policy Editor if you like.




Option Four

Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.


2 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=-

3 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 168
  • Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    746 bytes · Views: 441
  • Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    720 bytes · Views: 298
Last edited:
Something I've always wondered.
Do you know if dis/enabling real-time virus protection makes the change in the middle of a long copy/move process? I've had inconsistent results with Win 7, 10, and now 11.
 

My Computer

System One

  • OS
    Windows 11 Insider Beta Channel
Something I've always wondered.
Do you know if dis/enabling real-time virus protection makes the change in the middle of a long copy/move process? I've had inconsistent results with Win 7, 10, and now 11.
Hello,:-)

It would probably be best to restart the computer after disabling real-time protection to have it more consistent.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
I'm curious with Step 4. Does the registry setting to disable real-time protection just mirror toggling this setting off within Windows Security or does it actually disable MsMpEng.exe from running continuously in the background?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20
I'm curious with Step 4. Does the registry setting to disable real-time protection just mirror toggling this setting off within Windows Security or does it actually disable MsMpEng.exe from running continuously in the background?

Hello, :-)

The registry settings in option 4 are for the same group policy in option 3.

If disabled with the policy, it will disable the setting in Windows Security.

Real-time protection is required if you want Microsoft Defender Antivirus to be able to protect your system. If you disable real-time protection, it will not run unless you manually run it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Thanks Brink.

If I understand correctly then, running this script: Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg will disable MsMpEng.exe ?

The only tweak I found that actually works—most of the time is using Defender Control v2.1 by Sordum. I haven't tried the registry tweak but I was not successful in the past with the other options despite disabling Tamper Protection.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20
Thanks Brink.

If I understand correctly then, running this script: Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg will disable MsMpEng.exe ?

The only tweak I found that actually works (I haven't tried the registry tweak but I was not successful in the past) is using Defender Control v2.1 by Sordum.

Only if you already have Tamper Protection turned off in Windows Security first.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Only if you already have Tamper Protection turned off in Windows Security first.

Only if you already have Tamper Protection turned off in Windows Security first.
Sorry Brink. I disabled Tamper Protection, ran the script. Rebooted. Not working. MsMpEng.exe still boots up and runs in the background. However, the security tray shows real-time protection is off.

As I said before, the only working method (which has it's own issues) is Sordum's Defender Control which completely disables MsMpEng.exe.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20
Sounds like some other process is using it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING (11GB GDDR5X)
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1 14-eu0098nr (2024)
    CPU
    Intel Core Ultra 7 155H 4.8 GHz
    Memory
    16 GB LPDDR5x-7467 MHz
    Graphics card(s)
    Integrated Intel Arc
    Sound Card
    Poly Studio
    Monitor(s) Displays
    14" 2.8K OLED multitouch
    Screen Resolution
    2880 x 1800
    Hard Drives
    2 TB PCIe NVMe M.2 SSD
    Internet Speed
    Intel Wi-Fi 7 BE200 (2x2) and Bluetooth 5.4
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender and Malwarebytes Premium
Sounds like some other process is using it.
Yes, Windows is using it. ;-)

If the process is simple to completely disable Defender like you outline (above), others wouldn't (had) issues with Sordium's utilty earlier this year when Windows 11 was updated. It's now the only way to completely stop Defender. I suggest you download it and dissect the utility to see how it actually works.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20

My Computer

System One

  • OS
    W11
With every Windows update, it becomes harder and harder to disable RTP for good. So I came up with a solution with a friend, everything is explained in the README file: GitHub - duttyend/Microsoft-Defender-RTP-stop: Windows Task to disable Microsoft Defender Real-time protection automatically and survive restart, updates, scans, etc.

It's just a task to import in task manager and it executes a PowerShell command based on triggers.
I dont have this issue due to the fact I use Avast, which disables all of windows Defender and takes over automatically.
 

My Computer

System One

  • OS
    Windows 11 Pro Version 22H2(OS Build 22621.963)
    Computer type
    PC/Desktop
    Manufacturer/Model
    AMD
    CPU
    AMD Ryzen 7 5800X 8 Core
    Motherboard
    Gigabyte X570 Aorus Pro WiFi
    Memory
    32 GB
    Graphics Card(s)
    PCI Express 3.0 x16: PowerColor RX Vega 56 Red Dragon
    Sound Card
    Realtek ALC1220 and AMD Greenland - High Definition Audio Controller
    Monitor(s) Displays
    2 - 27 inch Westinghouse
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 SSD - 2 TB each
    1 HDD - 2 TB
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    1 GB
    Browser
    Microsoft Edge
    Antivirus
    Avast Premium
Of course that's an alternative, but less and less people are interested in third-party AVs.
Yes I hear ya, we are already wrapped up in a blanket from using any/all google products but I dont like microsoft defender as its invasiveness is far reaching like google or apple or any other big Corp. I personally like to use a third party AV. Before I install Avast whether I just reinstalled windows or whatever the sitch, I always go in Windows settings and disable EVERY setting for defender I can, then I install Avast and works great. Over the last 2 years or so or should I say since windows 10 really the amount of settings for defender has grown to a enormous size. there are tons of hidden settings most people wont find leaving parts of defender still working in the background. so I use Avast..lol
 

My Computer

System One

  • OS
    Windows 11 Pro Version 22H2(OS Build 22621.963)
    Computer type
    PC/Desktop
    Manufacturer/Model
    AMD
    CPU
    AMD Ryzen 7 5800X 8 Core
    Motherboard
    Gigabyte X570 Aorus Pro WiFi
    Memory
    32 GB
    Graphics Card(s)
    PCI Express 3.0 x16: PowerColor RX Vega 56 Red Dragon
    Sound Card
    Realtek ALC1220 and AMD Greenland - High Definition Audio Controller
    Monitor(s) Displays
    2 - 27 inch Westinghouse
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 SSD - 2 TB each
    1 HDD - 2 TB
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    1 GB
    Browser
    Microsoft Edge
    Antivirus
    Avast Premium
Yes I hear ya, we are already wrapped up in a blanket from using any/all google products but I dont like microsoft defender as its invasiveness is far reaching like google or apple or any other big Corp. I personally like to use a third party AV. Before I install Avast whether I just reinstalled windows or whatever the sitch, I always go in Windows settings and disable EVERY setting for defender I can, then I install Avast and works great. Over the last 2 years or so or should I say since windows 10 really the amount of settings for defender has grown to a enormous size. there are tons of hidden settings most people wont find leaving parts of defender still working in the background. so I use Avast..lol
I completely feel you, but I have found RTP the most invasive feature, both privacy wise and resources wise. While I don't trust Microsoft, I trust companies like Avast even less. I've used Windows without any AV in the past but most security experts advise against it, therefore, my current approach seems more balanced.

Since I found nobody else sharing a proper solution to disable RTP without breaking Windows Security, I wanted to share my project, that's all (and it's also the topic here :D)
 

My Computer

System One

  • OS
    W11
So I assume youve tried this?
Disable RTP

or theres this...


In newer versions of Windows, Group Policy settings for Microsoft Defender are reverted back.
To prevent this, before changing them:
  1. Open Resource Monitor (type resmon.exe in the search box)
  2. Overview
  3. Find MsMpEng.exe in the list
  4. Right-click > Suspend Process

In Windows 10 1903, Tamper Protection was added.
Tamper Protection must be disabled before changing Group Policy settings, otherwise these are ignored.
  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

To permanently disable real-time protection:
  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  3. Enable Turn off real-time protection
  4. Restart the computer
To permanently disable Microsoft Defender:
  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  3. Enable Turn off Microsoft Defender Antivirus
  4. Restart the computer

https://stackoverflow.com/users/3453226/spongebob

  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  • New > DWORD DisableAntiSpyware
  • Set it to 1
  • Reboot
If it doesn't work then one more step:
  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection (create this key if not existing)
  • New > DWORD DisableBehaviorMonitoring; set it to 1
  • New > DWORD DisableOnAccessProtection; set it to 1
  • New > DWORD DisableScanOnRealtimeEnable; set it to 1
  • Reboot

You can also save the code below to disable_realtime_protection.reg and run
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
 

My Computer

System One

  • OS
    Windows 11 Pro Version 22H2(OS Build 22621.963)
    Computer type
    PC/Desktop
    Manufacturer/Model
    AMD
    CPU
    AMD Ryzen 7 5800X 8 Core
    Motherboard
    Gigabyte X570 Aorus Pro WiFi
    Memory
    32 GB
    Graphics Card(s)
    PCI Express 3.0 x16: PowerColor RX Vega 56 Red Dragon
    Sound Card
    Realtek ALC1220 and AMD Greenland - High Definition Audio Controller
    Monitor(s) Displays
    2 - 27 inch Westinghouse
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 SSD - 2 TB each
    1 HDD - 2 TB
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    1 GB
    Browser
    Microsoft Edge
    Antivirus
    Avast Premium

My Computer

System One

  • OS
    Windows 11 Pro Version 22H2(OS Build 22621.963)
    Computer type
    PC/Desktop
    Manufacturer/Model
    AMD
    CPU
    AMD Ryzen 7 5800X 8 Core
    Motherboard
    Gigabyte X570 Aorus Pro WiFi
    Memory
    32 GB
    Graphics Card(s)
    PCI Express 3.0 x16: PowerColor RX Vega 56 Red Dragon
    Sound Card
    Realtek ALC1220 and AMD Greenland - High Definition Audio Controller
    Monitor(s) Displays
    2 - 27 inch Westinghouse
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 SSD - 2 TB each
    1 HDD - 2 TB
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    1 GB
    Browser
    Microsoft Edge
    Antivirus
    Avast Premium
Also heres a github page dedicated and Updated as of today for disabling RTP
RTP Stop
 

My Computer

System One

  • OS
    Windows 11 Pro Version 22H2(OS Build 22621.963)
    Computer type
    PC/Desktop
    Manufacturer/Model
    AMD
    CPU
    AMD Ryzen 7 5800X 8 Core
    Motherboard
    Gigabyte X570 Aorus Pro WiFi
    Memory
    32 GB
    Graphics Card(s)
    PCI Express 3.0 x16: PowerColor RX Vega 56 Red Dragon
    Sound Card
    Realtek ALC1220 and AMD Greenland - High Definition Audio Controller
    Monitor(s) Displays
    2 - 27 inch Westinghouse
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 SSD - 2 TB each
    1 HDD - 2 TB
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    1 GB
    Browser
    Microsoft Edge
    Antivirus
    Avast Premium

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel Core i9 12900KF
    Motherboard
    ASUS ROG Maximus Z690 Hero
    Memory
    Corsair 64GB DDR5 Vengeance C40 5200Mhz
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix OC 24GB
    Sound Card
    OnBoard
    Monitor(s) Displays
    Acer Predator XB323UGP 32" QHD G-SYNC-C 144Hz 1MS IPS LED
    Screen Resolution
    2560 x 1440
    Hard Drives
    1x Samsung 980 Pro Series Gen4 250GB M.2 NVMe
    1x Samsung 980 Pro Series Gen4 500GB M.2 NVMe
    2x Samsung 980 Pro Series Gen4 2TB M.2 NVMe
    PSU
    Corsair AX1200i 1200W 80PLUS Titanium Modular
    Case
    Corsair 4000D Black Case w/ Tempered Glass Side Panel
    Cooling
    Noctua NH-U12A Chromax Black CPU Cooler, 4x Noctua 120mm Fans
    Keyboard
    Logitech MK545
    Mouse
    Logitech MX Master 3
    Internet Speed
    Fixed Wireless 150mbps/75mbps
    Browser
    Firefox
    Antivirus
    Kaspersky
    Other Info
    Thrustmaster TS-PC RACER
    Fanatec CSL Elite Pedals with the Load Cell Kit
    Yamaha Amp with Bose Speakers
So I assume youve tried this?
Disable RTP

or theres this...


In newer versions of Windows, Group Policy settings for Microsoft Defender are reverted back.
To prevent this, before changing them:
  1. Open Resource Monitor (type resmon.exe in the search box)
  2. Overview
  3. Find MsMpEng.exe in the list
  4. Right-click > Suspend Process

In Windows 10 1903, Tamper Protection was added.
Tamper Protection must be disabled before changing Group Policy settings, otherwise these are ignored.
  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

To permanently disable real-time protection:
  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  3. Enable Turn off real-time protection
  4. Restart the computer
To permanently disable Microsoft Defender:
  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  3. Enable Turn off Microsoft Defender Antivirus
  4. Restart the computer

User spongebob

  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  • New > DWORD DisableAntiSpyware
  • Set it to 1
  • Reboot
If it doesn't work then one more step:
  • Regedit.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection (create this key if not existing)
  • New > DWORD DisableBehaviorMonitoring; set it to 1
  • New > DWORD DisableOnAccessProtection; set it to 1
  • New > DWORD DisableScanOnRealtimeEnable; set it to 1
  • Reboot

You can also save the code below to disable_realtime_protection.reg and run
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
From my experience, I prefer to tinker too much with regedit as it can easily create bugs, and it's hard to track changes (in case you need to revert things). The group policy one seems to work, however, it's not available on W11 Home edition.

Otherwise, I don't want to disable Windows Defender, so it doesn't match my needs.

Found this as well but I dont know anything about it...
Defender Control v2.1
Otherwise, I don't want to disable Windows Defender completely, so it doesn't match my needs.

Also heres a github page dedicated and Updated as of today for disabling RTP
RTP Stop
Haha, it's literally the solution I shared in the first place, that I co-authored.
I use this one and it works great as I have my own personal Antiviral

I don't want to disable Windows Defender completely, so this solution is not satisfying for me. Also, it uses IoBit Unlocker which is fairly dangerous and increases the chance to break things, I would avoid using such hacks.
 

My Computer

System One

  • OS
    W11

Latest Support Threads

Back
Top Bottom