How to Completely Turn Off Windows Defender (And What You Should Know First)
Windows Defender — officially called Microsoft Defender Antivirus — is built into Windows 10 and Windows 11 and runs automatically in the background. Most users never touch it. But there are legitimate reasons to disable it: installing certain software, running a virtual machine environment, or switching to a third-party antivirus that conflicts with Defender's real-time protection.
The catch? Windows is designed to resist turning Defender off permanently. Understanding why that is — and what your actual options are — matters before you start clicking through menus.
What Windows Defender Actually Does
Defender operates as several overlapping layers of protection:
- Real-time protection — actively scans files as they're opened or downloaded
- Cloud-delivered protection — checks suspicious files against Microsoft's threat database
- Tamper Protection — prevents software (and users) from disabling Defender without going through proper system channels
- Periodic scanning — runs background scans on a schedule
When people say they want to "turn off Windows Defender," they usually mean real-time protection. But fully disabling Defender — so it stays off across reboots — is a different and more involved process.
Method 1: Temporarily Disable Real-Time Protection
This is the simplest approach and the one Windows makes easy on purpose.
- Open Windows Security (search for it in the Start menu)
- Go to Virus & threat protection
- Under Virus & threat protection settings, click Manage settings
- Toggle Real-time protection to Off
⚠️ This is temporary. Windows will automatically re-enable real-time protection after a period of time or on the next reboot. If you just need Defender out of the way for a single install or task, this is usually enough.
Method 2: Disable Defender Permanently via Group Policy
This method works on Windows 10/11 Pro, Enterprise, and Education editions. It does not work on Windows Home without additional workarounds.
- Press Win + R, type
gpedit.msc, and press Enter - Navigate to:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus - Double-click Turn off Microsoft Defender Antivirus
- Set it to Enabled (confusingly, enabling this policy disables Defender)
- Click Apply and restart your computer
Important: Tamper Protection must be turned off before this policy takes effect. Do that first through Windows Security → Virus & threat protection settings → Tamper Protection → Off.
Method 3: Disable Defender via Registry (Windows Home Users)
Windows Home doesn't include the Group Policy Editor, so the registry is the alternative route.
- Disable Tamper Protection first (same as above)
- Press Win + R, type
regedit, and press Enter - Navigate to:
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender - Right-click in the right panel → New → DWORD (32-bit) Value
- Name it
DisableAntiSpyware - Set the value to
1 - Restart your PC
This tells Windows to leave Defender inactive. However, major Windows updates can sometimes reset this value, so it's worth checking after significant OS updates.
Method 4: Use a Third-Party Antivirus
This is how most users end up with Defender effectively disabled without touching any settings manually. When you install a recognized third-party antivirus — such as a product from Bitdefender, Norton, Kaspersky, or similar — Windows automatically detects it and puts Defender into a passive mode.
In passive mode, Defender stops actively scanning but can still run periodic checks. It steps aside because Windows recognizes another security product is handling protection.
| Scenario | Defender State |
|---|---|
| No third-party AV installed | Active (default) |
| Third-party AV installed and active | Passive mode (automatic) |
| Group Policy / Registry edit applied | Disabled |
| Real-time protection toggled off manually | Temporarily disabled |
The Variables That Change Everything 🔍
Whether disabling Defender makes sense — and which method is appropriate — depends heavily on a few factors that differ from user to user:
Windows edition matters immediately. Home users can't use Group Policy and need the registry path instead. Pro and Enterprise users have cleaner options.
Why you're disabling it changes the approach. Temporarily suppressing it for a one-time install is very different from running a system long-term without any antivirus. A developer running isolated virtual machines has different needs than someone using a family PC for everyday browsing and banking.
What replaces it is arguably the most important question. Disabling Defender without a replacement leaves the machine unprotected. That's a meaningful exposure on any internet-connected Windows system. On an air-gapped or sandboxed machine, the calculus is different.
Your Windows update habits affect persistence. Microsoft's updates — especially feature updates — have been known to re-enable Defender components or reset registry values. What works today may require checking again after a major update.
Technical comfort level affects which method is realistic. Registry edits carry real risk if done incorrectly; an error in the wrong key can cause system instability.
The Part That Varies By Setup
Turning off Windows Defender is technically straightforward once you know the right method for your Windows edition. The mechanics are documented and repeatable. But whether to do it, how permanently, and with what replacement in place — that depends entirely on how your system is used, what's connected to it, and what level of security risk is acceptable in your specific context. Those answers don't come from a menu; they come from knowing your own setup.