Privacy and Security Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Windows 11

  • Staff
Windows_Security_banner.png

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.

While real-time protection is off, files you open or download won’t be scanned for threats.


This tutorial will show you how to enable or disable real-time protection for Microsoft Defender Antivirus in Windows 11.


You must be signed in as an administrator to turn on/off or enable/disable real-time protection for Microsoft Defender Antivirus.

Controlled Folder Access requires turning on Real-time Protection.



Contents

  • Option One: Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security
  • Option Two: Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command
  • Option Three: Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor
  • Option Four: Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


EXAMPLE: Real-time protection disabled when third party antivirus program installed

If another antivirus product is installed, registered, and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the Virus & threat protection section to show status about the AV product, and provide a link to the product's configuration options. A setting will appear that will allow you to enable limited periodic scanning for Microsoft Defender Antivirus.

Real-time protection will always remain disabled even with periodic scanning enabled when a third party antivirus program is installed.


Real-time_protection_3rd_party-AV.png






OPTION ONE

Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security


If you turn off real-time protection, it will automatically turn back on after a short delay unless you turn off Tamper Protection first.


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Microsoft_Defender_real-time_protection-1.png

3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

Microsoft_Defender_real-time_protection-2.png

4 Turn On (default) or Off Real-time protection for what you want. (see screenshots below)

Microsoft_Defender_real-time_protection-3.png
Microsoft_Defender_real-time_protection-4.png

5 If prompted by UAC, click/tap on Yes to approve.

6 You can now close Windows Security if you like.





OPTION TWO

Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command


This option will not work unless Tamper Protection is turned off first.

If you are turning on real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)

(Turn On Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 0
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $false

OR​

(Turn Off Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 1
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $true

3 You can now close Windows Terminal (Admin) if you like.

Microsoft_Defender_real-time_protection_PowerShell-2.png

Microsoft_Defender_real-time_protection_PowerShell-1.png






OPTION THREE

Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Real-time Protection

Microsoft_Defender_real-time_protection_gpedit-1.png

3 In the right pane of Real-time Protection in the Local Group Policy Editor, double click/tap on the Turn off real-time protection policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.


5 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-2.png

6 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-3.png

7 You can now close the Local Group Policy Editor if you like.





OPTION FOUR

Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.


2 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=-

3 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 4
  • Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    746 bytes · Views: 9
  • Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    720 bytes · Views: 11
Last edited:
Top Bottom