How to Completely Disable Windows Defender (And What That Actually Means)
Windows Defender — officially known as Microsoft Defender Antivirus — is built into Windows 10 and Windows 11 and runs automatically in the background. Most users never touch it. But there are legitimate reasons to want it disabled: installing third-party security software, running certain development tools, testing software in a controlled environment, or troubleshooting a conflict.
The catch? Microsoft doesn't make it straightforward to turn off permanently. Here's what's actually happening under the hood, and what your real options are.
Why Windows Defender Is Hard to Fully Disable
Windows Defender isn't just a toggle — it's deeply integrated into the Windows Security architecture. When you turn it off temporarily through the Settings menu, it re-enables itself automatically after a reboot or after a set period of inactivity. This is intentional. Microsoft treats real-time protection as a core safety net.
There's also Tamper Protection, a feature introduced in Windows 10 version 1903, which actively blocks third-party apps and scripts from modifying Defender's settings. If you've tried using Group Policy or a registry edit and found it didn't stick, Tamper Protection is usually why.
Understanding this layered design matters before you attempt any method — because skipping steps in the wrong order is why most guides fail.
Method 1: Temporary Disable via Windows Security Settings
This is the simplest method and the right choice if you only need Defender off for a short task.
- Open Windows Security (search for it in the Start menu)
- Go to Virus & threat protection
- Under "Virus & threat protection settings," click Manage settings
- Toggle Real-time protection to Off
⚠️ This is not permanent. Windows will re-enable it automatically, typically within 15 minutes or after the next restart. Use this only for quick, temporary tasks like installing software that falsely triggers Defender.
Method 2: Disable Tamper Protection First (Required for Deeper Changes)
Before any registry or Group Policy method will work, you need to disable Tamper Protection manually:
- Open Windows Security → Virus & threat protection → Manage settings
- Scroll to Tamper Protection and toggle it Off
- Confirm the UAC prompt if it appears
Tamper Protection can only be turned off through the UI — not via script or registry — on personal (non-enterprise) machines. This is a deliberate design choice.
Method 3: Registry Edit (More Persistent Disable)
Once Tamper Protection is off, you can use the Registry Editor to disable Defender more persistently.
- Press Win + R, type
regedit, press Enter - Navigate to:
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender - Right-click the Windows Defender key → New → DWORD (32-bit) Value
- Name it
DisableAntiSpyware - Set the value to
1
Restart your PC. On systems without enterprise Group Policy management, results can vary depending on your Windows edition and update state. Windows Home handles this differently than Windows Pro or Enterprise.
Method 4: Group Policy Editor (Windows Pro and Enterprise Only)
If you're on Windows 10/11 Pro or Enterprise, the Local Group Policy Editor gives you a cleaner path.
- Press Win + R, type
gpedit.msc - Navigate to:
Computer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus - Double-click Turn off Microsoft Defender Antivirus
- Set it to Enabled (counterintuitively, "Enabled" here means the policy to turn it off is active)
- Apply and restart
🔒 Windows Home users don't have access to gpedit.msc by default. There are workarounds to install it, but they fall outside standard support and carry their own risks.
What Happens When a Third-Party Antivirus Is Installed
Here's something many users don't realize: installing a third-party antivirus (like Bitdefender, Norton, Malwarebytes Premium, or Kaspersky) automatically disables Windows Defender's real-time protection through a Windows feature called Security Center integration.
When another registered security product takes over, Defender steps back into a passive monitoring role. You don't need to manually disable it — Windows handles the handoff. If you uninstall the third-party tool, Defender re-activates automatically.
This is the most seamless approach for users who simply want to switch security software.
The Variables That Change Your Outcome
| Factor | How It Affects the Process |
|---|---|
| Windows Edition | Home lacks Group Policy; Pro/Enterprise have more control |
| Windows Version | Builds after 1903 include Tamper Protection |
| Managed/Unmanaged | Work-enrolled devices may have Defender locked by IT policy |
| Third-party AV installed | May auto-disable Defender without manual steps |
| Update state | Recent updates can re-enable or override manual changes |
Permanent Disable vs. Passive Mode: Not the Same Thing
There's an important distinction between fully disabling Defender (the service stops running) and putting it in passive mode (it runs but doesn't actively scan or block). When a third-party AV is present, Defender enters passive mode — still consuming some resources, but not acting as the primary protection layer.
True, persistent disabling — where Defender stays off after reboots without any third-party AV present — is genuinely difficult on modern Windows builds without enterprise tools or third-party utilities like Defender Control (a free tool widely used for this purpose, though not officially endorsed by Microsoft).
Whether a completely unprotected state is appropriate, or whether passive mode alongside another tool is the better tradeoff, depends entirely on what you're actually trying to accomplish and what — if anything — you're replacing Defender with. Those answers aren't the same for a home user running one machine as they are for a developer sandboxing software or a business managing a fleet of endpoints.