Privacy and Security Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Windows 11


  • Staff
Windows_Security_banner.png

This tutorial will show you how to enable or disable real-time protection for Microsoft Defender Antivirus in Windows 11.

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Real-time protection consists of always-on scanning with file and process behavior monitoring and heuristics. When real-time protection is on, Microsoft Defender Antivirus detects malware and potentially unwanted software that attempts to install itself or run on your device, and prompts you to take action on malware detections.

While real-time protection is off, files you open or download won’t be scanned for threats.



You must be signed in as an administrator to turn on/off or enable/disable real-time protection for Microsoft Defender Antivirus.

Controlled Folder Access requires turning on Real-time Protection.



Contents

  • Option One: Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security
  • Option Two: Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command
  • Option Three: Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor
  • Option Four: Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


EXAMPLE: Real-time protection disabled when third party antivirus program installed

If another antivirus product is installed, registered, and working correctly, Microsoft Defender Antivirus will disable itself. The Windows Security app will change the Virus & threat protection section to show status about the AV product, and provide a link to the product's configuration options. A setting will appear that will allow you to enable limited periodic scanning for Microsoft Defender Antivirus.

Real-time protection will always remain disabled even with periodic scanning enabled when a third party antivirus program is installed.


Real-time_protection_3rd_party-AV.png





Option One

Turn On or Off Real-time Protection for Microsoft Defender Antivirus in Windows Security


If you turn off real-time protection, it will automatically turn back on after a short delay unless you turn off Tamper Protection first.


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Microsoft_Defender_real-time_protection-1.png

3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

Microsoft_Defender_real-time_protection-2.png

4 Turn On (default) or Off Real-time protection for what you want. (see screenshots below)

Microsoft_Defender_real-time_protection-3.png
Microsoft_Defender_real-time_protection-4.png

5 If prompted by UAC, click/tap on Yes to approve.

6 You can now close Windows Security if you like.




Option Two

Turn On or Off Real-time Protection for Microsoft Defender Antivirus using Command


This option will not work unless Tamper Protection is turned off first.

If you are turning on real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)

(Turn On Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 0
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $false

OR​

(Turn Off Real-time Protection)
PowerShell Set-MpPreference -DisableRealtimeMonitoring 1
OR​
PowerShell Set-MpPreference -DisableRealtimeMonitoring $true

3 You can now close Windows Terminal (Admin) if you like.

Microsoft_Defender_real-time_protection_PowerShell-2.png

Microsoft_Defender_real-time_protection_PowerShell-1.png





Option Three

Enable or Disable Real-time Protection for Microsoft Defender Antivirus in Local Group Policy Editor


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>Real-time Protection

Microsoft_Defender_real-time_protection_gpedit-1.png

3 In the right pane of Real-time Protection in the Local Group Policy Editor, double click/tap on the Turn off real-time protection policy to edit it. (see screenshot above)

4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.

5 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-2.png

6 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below)​

B) Click/tap on OK, and go to step 7 below.​

Microsoft_Defender_real-time_protection_gpedit-3.png

7 You can now close the Local Group Policy Editor if you like.




Option Four

Enable or Disable Real-time Protection for Microsoft Defender Antivirus using REG file


This option will not work unless Tamper Protection is turned off first.

If you are enabling real-time protection using this option, then you can turn on Tamper Protection afterwards if wanted.


1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.


2 Enable Real-time Protection for Microsoft Defender Antivirus

This is the default setting to allow using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=-

3 Disable Real-time Protection for Microsoft Defender Antivirus

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 4 below.​

Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

4 Save the .reg file to your desktop.

5 Double click/tap on the downloaded .reg file to merge it.

6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 169
  • Disable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    746 bytes · Views: 445
  • Enable_Real-time_Protection_for_Microsoft_Defender_Antivirus.reg
    720 bytes · Views: 307
Last edited:
From my experience, I prefer to tinker too much with regedit as it can easily create bugs, and it's hard to track changes (in case you need to revert things). The group policy one seems to work, however, it's not available on W11 Home edition.

Otherwise, I don't want to disable Windows Defender, so it doesn't match my needs.


Otherwise, I don't want to disable Windows Defender completely, so it doesn't match my needs.


Haha, it's literally the solution I shared in the first place, that I co-authored.

I don't want to disable Windows Defender completely, so this solution is not satisfying for me. Also, it uses IoBit Unlocker which is fairly dangerous and increases the chance to break things, I would avoid using such hacks.
so you just want to stop RTP but not the firewall etc is really your goal then yes?
 

My Computer

System One

  • OS
    Windows 11 Pro Version 22H2(OS Build 22621.963)
    Computer type
    PC/Desktop
    Manufacturer/Model
    AMD
    CPU
    AMD Ryzen 7 5800X 8 Core
    Motherboard
    Gigabyte X570 Aorus Pro WiFi
    Memory
    32 GB
    Graphics Card(s)
    PCI Express 3.0 x16: PowerColor RX Vega 56 Red Dragon
    Sound Card
    Realtek ALC1220 and AMD Greenland - High Definition Audio Controller
    Monitor(s) Displays
    2 - 27 inch Westinghouse
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 SSD - 2 TB each
    1 HDD - 2 TB
    Keyboard
    logitech
    Mouse
    logitech
    Internet Speed
    1 GB
    Browser
    Microsoft Edge
    Antivirus
    Avast Premium

Latest Support Threads

Back
Top Bottom