Can windows defender be disabled programmatically?


Can windows defender be disabled programmatically?


Yes, you can. However, it must be remembered that you are disabling the security software. On your computer, you are free to do any experiments, on the computer of another user, you must warn him in advance about this .
So shutdown:

sc stop WinDefend

then turn on:

sc start WinDefend


sc query WinDefend

It is possible with a start ban:

sc config WinDefend start= disabled
sc stop WinDefend

Don't forget about admin rights!

On Windows 10, you'll have to use Powershell:

Set-MpPreference -DisableRealtimeMonitoring $true  # запрет
Set-MpPreference -DisableRealtimeMonitoring $false # разрешение

As a commentary, since it has nothing to do with the issue: it was noticed that in Windows 10, even with Defender turned off (and, by the way, it turns off not forever, but for a short time), the logging of changes on the disk continues, and immediately after Defender is turned on "rushes" to check what was changed when it was turned off.

Update 1. Starting from version 1703, kernel control is not disabled.

Scroll to Top