Devices and HardwareGamingSecurity and PrivacyContact UsAbout Us

How to Disable Windows Defender (And What You Should Know First)

Windows Defender — now officially called Microsoft Defender Antivirus — is Windows 10 and 11's built-in security layer. It runs quietly in the background, scanning files, blocking malware, and monitoring network activity. Most of the time, you won't notice it. But there are legitimate reasons to disable it temporarily or permanently, and the method that works best depends heavily on your Windows version, your system's management settings, and why you're turning it off in the first place.

Why Someone Would Disable Windows Defender

Before getting into the how, it's worth understanding the why — because the reason shapes the approach.

Common scenarios include:

  • Installing a third-party antivirus that conflicts with Defender
  • Running software development or testing environments where Defender flags legitimate tools
  • Reducing background CPU and disk usage on lower-spec hardware
  • IT administrators configuring enterprise machines with different security policies
  • Temporarily bypassing a false positive that's blocking a known-safe file

Each of these calls for a different level of disabling — a temporary pause versus a full permanent shutdown versus a policy-level override.

Method 1: Temporary Disable via Windows Security Settings

This is the most accessible method and reverses itself automatically after a reboot or after a set time period. Windows is designed to turn Defender back on if it detects no other antivirus is active.

Steps:

  1. Open Windows Security (search for it in the Start menu)
  2. Go to Virus & Threat Protection
  3. Under Virus & Threat Protection Settings, click Manage Settings
  4. Toggle Real-time Protection to Off

Windows will warn you that your device is vulnerable. The protection typically re-enables itself after a short period or on next restart. This method is useful for brief tasks — like installing a flagged application — but isn't a reliable long-term disable.

Method 2: Installing a Third-Party Antivirus

🛡️ This is the most common real-world scenario. When you install a recognized third-party antivirus (such as Norton, Bitdefender, Kaspersky, or similar), Windows automatically detects it through the Security Center API and disables Defender's active scanning to avoid conflicts.

Defender doesn't fully uninstall — it shifts into a passive mode where it can still run periodic scans but doesn't act as the primary real-time protection layer. This is generally the cleanest approach for users who want an alternative security product without manually wrestling with system settings.

The key variable here: not all third-party tools trigger this behavior correctly. Lesser-known or improperly coded security software may leave both running simultaneously, which can cause performance issues, scan conflicts, and system slowdowns.

Method 3: Using Group Policy Editor (Windows Pro and Enterprise Only)

For users on Windows 10/11 Pro, Enterprise, or Education, the Local Group Policy Editor offers a more persistent disable.

Steps:

  1. Press Win + R, type gpedit.msc, press Enter
  2. Navigate to: Computer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus
  3. Double-click Turn off Microsoft Defender Antivirus
  4. Set it to Enabled (counterintuitively, "enabling" this policy turns Defender off)
  5. Apply and restart

⚠️ This method is not available on Windows Home. Attempting to open gpedit.msc on a Home edition will return an error.

Method 4: Registry Edit (Advanced Users)

For Windows Home users who need a persistent disable, a registry edit can achieve a similar result — but this carries real risk if done incorrectly.

Path:HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender

You'd create or modify a DWORD value called DisableAntiSpyware and set it to 1. However, Windows 11 and updated versions of Windows 10 have introduced Tamper Protection, which blocks registry-level changes to Defender settings. You must disable Tamper Protection first via Windows Security settings before this edit will take effect.

This method is not recommended for general users. Incorrect registry edits can cause system instability or security gaps that are difficult to trace.

The Tamper Protection Variable

Tamper Protection was introduced specifically to prevent malware — and users — from disabling Defender through automated or background processes. It must be manually turned off in the Windows Security app before Group Policy or registry methods will work on most modern Windows builds.

If you're finding that your disable attempts aren't sticking, Tamper Protection is almost always the reason.

Permanently Removing Defender vs. Disabling It

It's worth being clear: you cannot fully uninstall Microsoft Defender through normal Windows interfaces. It's a core system component. What you can do is:

  • Keep it in passive mode (via third-party AV)
  • Prevent real-time protection from running (via Group Policy or registry)
  • Disable specific components (cloud-delivered protection, automatic sample submission, etc.) individually

Some third-party tools and scripts claim to fully strip Defender from Windows, but these typically modify system files in ways that can break Windows Update, system restore, and other OS-level functions.

How Windows Version and Edition Affect Your Options

Windows VersionGroup Policy EditorTamper ProtectionAuto-Disable with 3rd-Party AV
Windows 10 Home❌ Not available✅ Yes✅ Yes
Windows 10 Pro/Enterprise✅ Available✅ Yes✅ Yes
Windows 11 Home❌ Not available✅ Yes (stricter)✅ Yes
Windows 11 Pro/Enterprise✅ Available✅ Yes (stricter)✅ Yes

Windows 11 has generally tightened Defender's self-protection compared to Windows 10, which means methods that worked reliably on older builds may require additional steps on newer ones.

What Determines the Right Approach for Your Situation

The method that makes sense depends on factors specific to your setup:

  • Your Windows edition — Home users have fewer native tools available
  • Whether you have a replacement security solution — running without any active protection is a meaningful risk decision
  • Your technical comfort level — registry edits and Group Policy changes have system-level consequences
  • Whether the disable needs to be temporary or persistent — a brief real-time protection pause is very different from a policy-level shutdown
  • Your organization's IT policies — on managed or enterprise devices, local changes may be overridden by domain-level Group Policy

Understanding which of these apply to your machine is the piece that turns general instructions into the right steps for your specific case.