The Difficulty to Remove Windows Defender and the Potentional Risks


There is also relatively new Microsoft Defender Core Service

capture_08102025_113903.webp
 

My Computer

System One

  • OS
    Home26H2Can
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 (07/24) BIOS 4.21 AGESA ComboAM5 1.3.0.1 (04/26)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL36 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (01/26)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge, Brave for YouTube, LibreWolf for FB
    Antivirus
    NextDNS blocking 1/3 Traffic
    Other Info
    Phone: Motorola Moto G86 (02/26)
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    FlexCore USB-C 3.2 Gen 1 (M) to LAN (F) (08/25)
Disabling Defender services like WinDefend, WdBoot, WdFilter, WdNisSvc, WdNisDrv, and MDCoreSvc is NOT a reliable or clean way to prevent Defender from scanning anything, especially temporarily. These services are tightly integrated with Windows security infrastructure and protected by Tamper Protection, service hardening, and kernel-mode drivers.
WinDefendCore Microsoft Defender Antivirus service
WdBootBoot-time protection driver
WdFilterReal-time scanning filter driver
WdNisSvcNetwork Inspection Service
WdNisDrvNetwork Inspection Driver
MDCoreSvcMicrosoft Defender Core Service (used in newer builds)

Why disabling them is problematic​

Tamper Protection blocks service manipulation, even from SYSTEM-level processes unless you unload WdFilter.sys and modify registry keys in Safe Mode.
Disabling services via registry (Start=4) or permissions hacks can break Defender in unpredictable ways, potentially causing:
  • Update failures
  • Broken Windows Security UI
  • Inability to re-enable Defender cleanly
Re-enabling them requires rebooting and restoring multiple registry keys, which is messy and error-prone.

What actually happens when you install ESET (or any third-party AV)​

Microsoft Defender Antivirus (WinDefend) enters passive mode, not disabled.
Core services like WdFilter and WdBoot may remain loaded, especially for compatibility and fallback.
Tamper Protection remains active unless manually disabled.
Windows Security Center still monitors Defender status, and Defender can reassert itself if ESET is uninstalled or fails.

So yes, Defender steps aside, but it's not disabled in the sense that those services are removed or neutered. It's more like a bouncer letting another guard take the shift—but still watching from the corner.​

Why "Just disable services" is a dangerous mentality​

Disabling services manually is like pulling fuses out of your car because you don't like the dashboard lights. Sure, it might stop the blinking, but now your airbags won't deploy.

Here's what people forget:
Windows services are interdependent.
Disabling one can cause cascading failures in:
  • Updates
  • Security features
  • Device drivers
  • Event logging
  • Network stack
And worst of all: Windows doesn't always fail gracefully. It might seem fine until one day, you'll learn it the hard way the fact that Defender is so deeply interwoven with the whole Windows OS that microscopic fps improvements that can be measured in the 0.1% lows of some games titles with "optimizations" are for those who will insist on the benefits of carrying water to the sea. So much so, we even have a name for it. It's called "optimization theater", and I have seen lots of it. The popcorn industry loves it to bits. Literally.
 
Last edited:

My Computers

System One System Two

  • OS
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Asus TUF Gaming F16 (2024)
    CPU
    i7 13650HX
    Memory
    16GB DDR5
    Graphics Card(s)
    GeForce RTX 4060 Mobile
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    512GB SSD internal
    37TB external
    PSU
    Li-ion
    Cooling
    2× Arc Flow Fans, 4× exhaust vents, 5× heatpipes
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    30Mbit/s up, 500Mbit/s down
    Browser
    FF
    Antivirus
    What's an antivirus?
  • Operating System
    11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Medion S15450
    CPU
    i5 1135G7
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Xe
    Sound Card
    Eastern Electric MiniMax DAC Supreme; Emotiva UMC-200; Astell & Kern AK240
    Monitor(s) Displays
    Sony Bravia XR-55X90J
    Screen Resolution
    3840×2160
    Hard Drives
    2TB SSD internal
    37TB external
    PSU
    Li-ion
    Keyboard
    Logitech K800
    Mouse
    Logitech G402
    Internet Speed
    30Mbit/s up, 500Mbit/s down
    Browser
    FF
oldschool said:
Why? If real time scanning is off, you are without protection. Windows Defender has a very good reputation with gamers. Your machine has good specs.

OTOH, if you really despise it for some reason, install Panda Free AV. It's like having no AV at all ;-) : very light resource consumption, and the worst protection possible. ☠️
Click to expand...
I have Kaspersky Plus I am not without any protection, it's shown under "My Computers" at the bottom of this post.
I prioritize advanced security features and comprehensive protection, Windows Defender may not offer the same level of advanced threat detection and specialized features as Kaspersky Plus.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.7627
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigababyte X870E Aorus Pro Rev 1.1
    CPU
    Ryzen 7 9800X3D
    Motherboard
    Gigababyte X870E Aorus Pro Rev 1.1
    Memory
    G.Skill Trident Z5 RGB DDR5-6000 32GB (2×16GB) CL30 2 x 16gb
    Graphics Card(s)
    RTX 5080 Palit Gaming Pro
    Sound Card
    Steel Series Arctis 1 Gaming Head phones
    Monitor(s) Displays
    Asus ROG Strix 27″ QHD OLED XG27AQDMG & Phillips 272V8
    Screen Resolution
    2560 X1440 27 Inch 240 HZ Asus
    PSU
    Corsair RM1000X
    Case
    Corsair CC750D (CC-9011078) Obsidian 750D Airflow Edition Black Full Tower ATX Case
    Cooling
    Corsair iCUE LINK TITAN 360 RX RGB
    Keyboard
    Razer BlackWidow V4 X Razer™ Yellow Mechanical Switches
    Mouse
    Logitech G502X Plus
    Internet Speed
    HFC 2000/100
    Browser
    Opera GX
    Antivirus
    Kaspersky Plus
  • Operating System
    Windows 11 23H2 22631.2715
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS EVO 13.3" RNX9305C01AUSB
    CPU
    Intel i5-1135G7
    Motherboard
    Dell
    Memory
    8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Monitor(s) Displays
    LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    256GB SSD
    Other Info
    https://www.thegoodguys.com.au/dell-xps-evo-133-inches-win-11-laptop-rnx9305c01ausb
PvtJohnTowle said:
I have Kaspersky Plus I am not without any protection, it's shown under "My Computers" at the bottom of this post.
Click to expand...
Are you sure about where you place your trust?
Kaspersky is headquartered in Moscow, Russia.
Kaspersky was previously a programmer for the Russian Military.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 DA16260
    CPU
    Intel Series 3 Core Ultra X9 388H
    Memory
    64GB LPDDR5x 9600 MT/s
    Graphics Card(s)
    Intel Arc graphics B390 Panther Lake
    Monitor(s) Displays
    16" 3.2K Tandem OLED Infinity Edge
    Screen Resolution
    3200 x 2000 16:10 236 PPI
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    NPU delivering 67 TOPS
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Dell Support Assist
    Dell Command | Update
    Macrium Reflect X subscription
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Laptop 7
    CPU
    Snapdragon® X Elite (12 Core) with Hexagon NPU delivering 45 TOPS
    Memory
    32GB LPDDR5x 8448 MT/s
    Graphics card(s)
    Integrated Adreno GPU
    Sound Card
    Omnisonic speakers with Dolby Atmos spatial sound
    Monitor(s) Displays
    13.8″ PixelSense Flow touchscreen 120 Hz 600 NIT
    Screen Resolution
    2304 × 1536 (201 PPI), 3:2 aspect ratio
    Hard Drives
    1 TB PCIe NVMe Gen 4 SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio 2026
    Microsoft Visual Studio Code
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    1Password Password Manager
    Microsoft Sysinternals
    Amazon Kindle for PC
    Microsoft BitLocker
    Microsoft Copilot
TraderGary said:
Are you sure about where you place your trust?
Kaspersky is headquartered in Moscow, Russia.
Kaspersky was previously a programmer for the Russian Military.
Click to expand...
N-o-o-o-o-o-o-o-o. Not again!!! :mad::mad::mad::mad::mad:
 

My Computers

System One System Two

  • OS
    Windows 11 2xH2 (latest update ... forever anal)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Slim S01
    CPU
    Intel i5-12400
    Memory
    8GB
    Graphics Card(s)
    NVIDIA GeForce GT730
    Sound Card
    OOBE
    Monitor(s) Displays
    Acer 32"
    Screen Resolution
    1920x1080
    Hard Drives
    512GB KIOXIA NVMe
    1TB SATA SSD
    PSU
    OOBE
    Case
    OOBE
    Cooling
    OOBE
    Keyboard
    BT
    Mouse
    BT
    Browser
    Brave FFox Chrome Opera
    Antivirus
    KIS
  • Operating System
    Windows 11 Pro 2xH2 (latest update ... 4ever anal)
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavillion 15
    CPU
    i7-1165G7 @ 2.80GHz
    Graphics card(s)
    Intel Iris Xe Graphics
    Hard Drives
    Samsung NVMe 512GB
    + numerous/multiple SSD Type C USB enclosures
    Internet Speed
    NBN FTTN 50
    Browser
    Brave
    Antivirus
    KIS
TraderGary said:
Are you sure about where you place your trust?
Kaspersky is headquartered in Moscow, Russia.
Kaspersky was previously a programmer for the Russian Militar
Click to expand...
Thanks for the heads-up, Gary. I’m aware of the geopolitical concerns around Kaspersky, and I’ve weighed the risks before using it. While no software is 100% ‘trust neutral,’ I’ve found Kaspersky’s detection rates and features (like its VPN and payment protection) work well for my needs. I also take extra precautions—firewall rules, network monitoring, and regular audits—to mitigate any hypothetical supply-chain risks.

That said, I totally get why some users (or orgs) might avoid it. If you’ve got alternative recommendations (e.g., Bitdefender, ESET, or even hardened setups like CrowdStrike for advanced users), I’m all ears! Always good to compare notes on security tools.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.7627
    Computer type
    PC/Desktop
    Manufacturer/Model
    Gigababyte X870E Aorus Pro Rev 1.1
    CPU
    Ryzen 7 9800X3D
    Motherboard
    Gigababyte X870E Aorus Pro Rev 1.1
    Memory
    G.Skill Trident Z5 RGB DDR5-6000 32GB (2×16GB) CL30 2 x 16gb
    Graphics Card(s)
    RTX 5080 Palit Gaming Pro
    Sound Card
    Steel Series Arctis 1 Gaming Head phones
    Monitor(s) Displays
    Asus ROG Strix 27″ QHD OLED XG27AQDMG & Phillips 272V8
    Screen Resolution
    2560 X1440 27 Inch 240 HZ Asus
    PSU
    Corsair RM1000X
    Case
    Corsair CC750D (CC-9011078) Obsidian 750D Airflow Edition Black Full Tower ATX Case
    Cooling
    Corsair iCUE LINK TITAN 360 RX RGB
    Keyboard
    Razer BlackWidow V4 X Razer™ Yellow Mechanical Switches
    Mouse
    Logitech G502X Plus
    Internet Speed
    HFC 2000/100
    Browser
    Opera GX
    Antivirus
    Kaspersky Plus
  • Operating System
    Windows 11 23H2 22631.2715
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS EVO 13.3" RNX9305C01AUSB
    CPU
    Intel i5-1135G7
    Motherboard
    Dell
    Memory
    8 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Monitor(s) Displays
    LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    256GB SSD
    Other Info
    https://www.thegoodguys.com.au/dell-xps-evo-133-inches-win-11-laptop-rnx9305c01ausb
@PvtJohnTowle
I wanted to be sure you were aware that Kaspersky was located in Moscow, Russia and that Kaspersky himself was previously a programmer for the Russian Military. This raises the question of what controls could the Russian government exert over Kaspersky. Personally, I could never, ethically or morally, put any of my money into the Russian economy.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 DA16260
    CPU
    Intel Series 3 Core Ultra X9 388H
    Memory
    64GB LPDDR5x 9600 MT/s
    Graphics Card(s)
    Intel Arc graphics B390 Panther Lake
    Monitor(s) Displays
    16" 3.2K Tandem OLED Infinity Edge
    Screen Resolution
    3200 x 2000 16:10 236 PPI
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    NPU delivering 67 TOPS
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Dell Support Assist
    Dell Command | Update
    Macrium Reflect X subscription
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Laptop 7
    CPU
    Snapdragon® X Elite (12 Core) with Hexagon NPU delivering 45 TOPS
    Memory
    32GB LPDDR5x 8448 MT/s
    Graphics card(s)
    Integrated Adreno GPU
    Sound Card
    Omnisonic speakers with Dolby Atmos spatial sound
    Monitor(s) Displays
    13.8″ PixelSense Flow touchscreen 120 Hz 600 NIT
    Screen Resolution
    2304 × 1536 (201 PPI), 3:2 aspect ratio
    Hard Drives
    1 TB PCIe NVMe Gen 4 SSD
    Case
    Black Anodized Aluminum
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    942 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio 2026
    Microsoft Visual Studio Code
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
    1Password Password Manager
    Microsoft Sysinternals
    Amazon Kindle for PC
    Microsoft BitLocker
    Microsoft Copilot
@PvtJohnTowle Hi John, try excluding everything in Windows defender settings (Go to Exclusions). That would be C Drive or be specific and only exclude folders and files that are needed for what you do with the computer. That should work.

I said it should work for you because Exclusions are working for me. In my case, I don't play games or use another AV. I just don't use AV. Before W11, in W10, Brink's tutorial for turning off WD worked but now you can't totally disable Defender's AV using his tutorial. I found some solutions in the internet that might work but I am not going to use them.

I got this new computer last week, at first I was going to try to let things be with Defender but after 3 or 4 days of using the computer, I began feeling lags when using Firefox. And that I was not going to accept. So, I excluded Firefox folder in Program files, and the ones in AppData (this two are probably not needed but I did it anyway). I also excluded the Sandboxie folder as everything I run in the computer, runs sandboxed (with rare exceptions). And last, I excluded MP4 and JPG and PNG. And that has done it.

Using Firefox now is back to how I am used to, pages opening immediately. Opening folders with a lot of videos or pictures also load quick and nice. No lags or interference from Defender, just like if it wasn't there even though it is still here.

Bo
 

My Computer

System One

  • OS
    Windows11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP
    Memory
    16GB
    Keyboard
    HP 310
    Mouse
    HP
    Browser
    Firefox
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom