Privacy and Security Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Windows 11


  • Staff
Windows_Security_banner.png

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.

While real-time protection is off, files you open or download won’t be scanned for threats.


This tutorial will show you how to enable or disable real-time protection for Microsoft Defender Antivirus in Windows 11.


You must be signed in as an administrator to turn on/off or enable/disable real-time protection for Microsoft Defender Antivirus.

Controlled Folder Access requires turning on Real-time Protection.



Contents

  • Option One: Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security
  • Option Two: Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command
  • Option Three: Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor
  • Option Four: Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


EXAMPLE: Real-time protection disabled when third party antivirus program installed

If another antivirus product is installed, registered, and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the Virus & threat protection section to show status about the AV product, and provide a link to the product's configuration options. A setting will appear that will allow you to enable limited periodic scanning for Microsoft Defender Antivirus.

Real-time protection will always remain disabled even with periodic scanning enabled when a third party antivirus program is installed.


Real-time_protection_3rd_party-AV.png






OPTION ONE

Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security


If you turn off real-time protection, it will automatically turn back on after a short delay unless you turn off Tamper Protection first.


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Microsoft_Defender_real-time_protection-1.png

3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

Microsoft_Defender_real-time_protection-2.png

4 Turn On (default) or Off Real-time protection for what you want. (see screenshots below)

Microsoft_Defender_real-time_protection-3.png
Microsoft_Defender_real-time_protection-4.png

5 If prompted by UAC, click/tap on Yes to approve.

6 You can now close Windows Security if you like.





OPTION TWO

Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command


This option will not work unless Tamper Protection is turned off first.

If you are turning on real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)

(Turn On Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 0
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $false

OR​

(Turn Off Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 1
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $true

3 You can now close Windows Terminal (Admin) if you like.

Microsoft_Defender_real-time_protection_PowerShell-2.png

Microsoft_Defender_real-time_protection_PowerShell-1.png






OPTION THREE

Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Real-time Protection

Microsoft_Defender_real-time_protection_gpedit-1.png

3 In the right pane of Real-time Protection in the Local Group Policy Editor, double click/tap on the Turn off real-time protection policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.

5 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-2.png

6 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-3.png

7 You can now close the Local Group Policy Editor if you like.





OPTION FOUR

Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.


2 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=-

3 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 46
  • Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    746 bytes · Views: 181
  • Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    720 bytes · Views: 129
Last edited:

kcary

New member
Local time
11:57 PM
Posts
1
OS
Windows 11 Insider Beta Channel
Something I've always wondered.
Do you know if dis/enabling real-time virus protection makes the change in the middle of a long copy/move process? I've had inconsistent results with Win 7, 10, and now 11.
 

My Computer

System One

  • OS
    Windows 11 Insider Beta Channel

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
11:57 PM
Posts
4,873
OS
Windows 11 Pro for Workstations
Something I've always wondered.
Do you know if dis/enabling real-time virus protection makes the change in the middle of a long copy/move process? I've had inconsistent results with Win 7, 10, and now 11.
Hello,:-)

It would probably be best to restart the computer after disabling real-time protection to have it more consistent.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Sammy888

Member
Local time
9:57 PM
Posts
155
OS
Windows 11
I'm curious with Step 4. Does the registry setting to disable real-time protection just mirror toggling this setting off within Windows Security or does it actually disable MsMpEng.exe from running continuously in the background?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
11:57 PM
Posts
4,873
OS
Windows 11 Pro for Workstations
I'm curious with Step 4. Does the registry setting to disable real-time protection just mirror toggling this setting off within Windows Security or does it actually disable MsMpEng.exe from running continuously in the background?

Hello, :-)

The registry settings in option 4 are for the same group policy in option 3.

If disabled with the policy, it will disable the setting in Windows Security.

Real-time protection is required if you want Microsoft Defender Antivirus to be able to protect your system. If you disable real-time protection, it will not run unless you manually run it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Sammy888

Member
Local time
9:57 PM
Posts
155
OS
Windows 11
Thanks Brink.

If I understand correctly then, running this script: Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg will disable MsMpEng.exe ?

The only tweak I found that actually works—most of the time is using Defender Control v2.1 by Sordum. I haven't tried the registry tweak but I was not successful in the past with the other options despite disabling Tamper Protection.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
11:57 PM
Posts
4,873
OS
Windows 11 Pro for Workstations
Thanks Brink.

If I understand correctly then, running this script: Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg will disable MsMpEng.exe ?

The only tweak I found that actually works (I haven't tried the registry tweak but I was not successful in the past) is using Defender Control v2.1 by Sordum.

Only if you already have Tamper Protection turned off in Windows Security first.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Sammy888

Member
Local time
9:57 PM
Posts
155
OS
Windows 11
Only if you already have Tamper Protection turned off in Windows Security first.

Only if you already have Tamper Protection turned off in Windows Security first.
Sorry Brink. I disabled Tamper Protection, ran the script. Rebooted. Not working. MsMpEng.exe still boots up and runs in the background. However, the security tray shows real-time protection is off.

As I said before, the only working method (which has it's own issues) is Sordum's Defender Control which completely disables MsMpEng.exe.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
11:57 PM
Posts
4,873
OS
Windows 11 Pro for Workstations
Sounds like some other process is using it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Sammy888

Member
Local time
9:57 PM
Posts
155
OS
Windows 11
Sounds like some other process is using it.
Yes, Windows is using it. ;-)

If the process is simple to completely disable Defender like you outline (above), others wouldn't (had) issues with Sordium's utilty earlier this year when Windows 11 was updated. It's now the only way to completely stop Defender. I suggest you download it and dissect the utility to see how it actually works.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20
Top Bottom