How to Turn Off Windows Defender (Permanently or Temporarily)

Blog
By blogjoker

Microsoft Defender Antivirus, often still called Windows Defender, is the built-in security protection included with Windows 10 and Windows 11. For most people, leaving it enabled is the safest choice because it provides real-time malware scanning, cloud-based threat detection, ransomware protection, and integration with Windows Security. However, there are legitimate situations where you may need to turn it off temporarily, such as troubleshooting software conflicts, benchmarking performance, testing in a controlled lab, or installing a trusted third-party antivirus solution.

TLDR: You can temporarily turn off Microsoft Defender from Windows Security > Virus & threat protection > Manage settings by disabling Real-time protection. Windows may automatically turn it back on after a short time, especially if no other antivirus is installed. For a longer-term or permanent change, use Group Policy on supported Windows editions, or install another reputable antivirus so Defender switches into passive mode. Do not disable Defender permanently unless you have another security solution in place.

Before You Turn It Off: Important Safety Considerations

Disabling Defender reduces the protection available to your computer. Without real-time antivirus scanning, malicious downloads, infected email attachments, compromised websites, and suspicious scripts may run with less resistance. If you are turning Defender off for troubleshooting, keep the change as brief as possible and avoid downloading files, opening unknown links, or connecting untrusted removable drives during that time.

You should also understand that some devices are managed by an employer, school, or organization. If your Windows Security settings say “This setting is managed by your administrator”, you may not be allowed to change Defender settings yourself. In that case, do not attempt to bypass the organization’s policy. Contact your IT administrator and explain why you need the change.

Finally, Microsoft has built protections into Windows to prevent malware from disabling Defender silently. One of these protections is called Tamper Protection. If Tamper Protection is turned on, certain registry, PowerShell, and policy-based changes may not work until the setting is changed through legitimate administrative tools.

Method 1: Turn Off Microsoft Defender Temporarily in Windows Security

This is the safest and most common method. It is suitable when you need to disable real-time scanning briefly for testing, troubleshooting, or installing trusted software. Windows may turn real-time protection back on automatically after some time.

  1. Open the Start menu.
  2. Type Windows Security and open the app.
  3. Select Virus & threat protection.
  4. Under Virus & threat protection settings, click Manage settings.
  5. Find Real-time protection.
  6. Switch it to Off.
  7. Approve the User Account Control prompt if Windows asks for permission.

Once disabled, Defender will stop scanning files in real time. This does not necessarily remove all Defender features, and it does not uninstall Microsoft Defender. Scheduled scans, cloud-delivered protection, or other Windows Security components may still be available depending on your configuration.

To turn it back on, return to the same page and switch Real-time protection to On. If Windows has already re-enabled it automatically, no further action is required.

Method 2: Use PowerShell for a Temporary Change

Advanced users and administrators may prefer PowerShell, particularly when managing test machines or repeatable troubleshooting steps. This should be done only in an elevated PowerShell window.

  1. Right-click the Start button.
  2. Select Terminal Admin or Windows PowerShell Admin.
  3. Run the following command:
Set-MpPreference -DisableRealtimeMonitoring $true

To re-enable real-time monitoring, run:

Set-MpPreference -DisableRealtimeMonitoring $false

If the command fails or appears to have no effect, Tamper Protection may be preventing the change. That is expected behavior on many modern Windows systems. You can review Tamper Protection inside Windows Security > Virus & threat protection > Manage settings. If your device is managed by an organization, this setting may be controlled centrally.

Method 3: Turn Off Defender by Installing Another Antivirus

For most home and business users who want Defender off permanently, the recommended approach is to install a trusted third-party antivirus or endpoint protection product. Windows is designed to detect compatible security software. When another antivirus registers correctly with Windows Security, Microsoft Defender Antivirus usually enters passive mode or stops acting as the primary real-time scanner.

This approach is safer than leaving the system unprotected. You still have malware protection, but Defender is no longer the main antivirus engine. After installation, check the status:

  1. Open Windows Security.
  2. Go to Virus & threat protection.
  3. Look for the name of your third-party antivirus provider.
  4. Confirm that it is turned on and reporting correctly.

If Windows Security shows that no antivirus provider is active, do not assume your computer is protected. Repair or reinstall the third-party product, or turn Microsoft Defender back on.

Method 4: Disable Microsoft Defender with Group Policy

On Windows 10 or Windows 11 Pro, Enterprise, and Education editions, administrators can use the Local Group Policy Editor. This option is most appropriate for managed environments, labs, or systems where another security product is already deployed.

Before using this method, make sure you understand two key points. First, Group Policy is not available by default on most Windows Home editions. Second, newer versions of Windows may ignore this policy if Tamper Protection remains enabled or if the device is managed by cloud security policies.

  1. Press Windows + R.
  2. Type gpedit.msc and press Enter.
  3. Navigate to Computer Configuration > Administrative Templates > Microsoft Defender Antivirus.
  4. Open the policy named Turn off Microsoft Defender Antivirus.
  5. Select Enabled.
  6. Click Apply, then OK.
  7. Restart the computer.

The wording can be confusing: setting “Turn off Microsoft Defender Antivirus” to Enabled means the policy to turn it off is enabled. If you later want Defender back, return to the same policy and set it to Not Configured or Disabled, then restart.

In enterprise environments, use central management tools such as Microsoft Intune, Group Policy Management, or endpoint security platforms rather than changing individual machines manually. This improves auditing, consistency, and compliance.

What About the Registry?

You may find older guides recommending registry changes to disable Defender. On modern Windows systems, this is often unreliable because Microsoft has changed how Defender protects itself. The older DisableAntiSpyware registry value is deprecated and may be ignored. Tamper Protection can also prevent registry-based changes from taking effect.

For that reason, registry editing is not the preferred method. It can create confusion, produce inconsistent results, and cause unexpected security warnings. If you need a lasting configuration, use a supported method such as Group Policy, enterprise device management, or a properly installed third-party antivirus product.

How to Turn Off Specific Defender Features Instead

Sometimes you do not need to disable Defender entirely. A more precise change may solve the problem while keeping most protection active. Consider these alternatives:

  • Add an exclusion: If Defender is interfering with a trusted folder, file, file type, or process, add an exclusion under Virus & threat protection settings. Use this sparingly and only for files you trust.
  • Disable controlled folder access: If an application cannot write to protected folders, adjust Ransomware protection settings rather than turning off all antivirus protection.
  • Temporarily pause cloud-delivered protection: This may help with specific false positive testing, although it can reduce protection quality.
  • Submit a false positive to Microsoft: If Defender is incorrectly flagging legitimate software, submitting the file for analysis is better than permanently weakening security.

Exclusions are powerful and should be documented. A broad exclusion, such as an entire downloads folder, can create a serious security gap. Prefer the narrowest possible exclusion and remove it when it is no longer needed.

How to Confirm Whether Defender Is Really Off

After changing settings, verify the result rather than assuming it worked. Open Windows Security and review Virus & threat protection. Windows will usually show whether Microsoft Defender Antivirus is active, inactive, or replaced by another provider.

You can also check with PowerShell:

Get-MpComputerStatus

Look for values related to antivirus status and real-time protection. If RealTimeProtectionEnabled is listed as False, real-time scanning is off. If it is True, Defender is still scanning actively.

Remember that Windows may re-enable protection automatically. This is especially common after a reboot, security update, or if Windows detects that no other antivirus program is protecting the device.

How to Re-Enable Microsoft Defender

If you disabled Defender temporarily, re-enable it as soon as the reason for disabling it is resolved. Go to Windows Security > Virus & threat protection > Manage settings and turn Real-time protection back on.

If you used Group Policy, open gpedit.msc, return to Computer Configuration > Administrative Templates > Microsoft Defender Antivirus, and set Turn off Microsoft Defender Antivirus to Not Configured. Restart the computer afterward.

If a third-party antivirus is installed and you want Defender to become the primary antivirus again, uninstall the third-party product using its official uninstaller or Windows Apps settings. After restarting, check Windows Security to confirm that Defender is active.

Common Problems and Explanations

  • The setting turns itself back on: This is normal. Windows often restores real-time protection automatically to keep the device safe.
  • The toggle is greyed out: Your device may be managed by an organization, or another security product may be controlling antivirus settings.
  • PowerShell commands do not work: Tamper Protection or administrative policy may be blocking the change.
  • Group Policy does not apply: Restart the computer, confirm your Windows edition supports Group Policy, and check whether Tamper Protection or management policies are active.
  • Security warnings appear: Windows is warning that the system may be unprotected. Either re-enable Defender or confirm that another antivirus is active.

Final Recommendation

Turning off Microsoft Defender can be appropriate in specific, controlled circumstances, but it should not be treated as a routine performance tweak. Modern Defender is deeply integrated with Windows and provides a strong baseline of protection with minimal maintenance. If you need to disable it temporarily, use Windows Security and turn it back on promptly. If you need it disabled long term, make sure another reputable security product is installed, monitored, and kept up to date.

The safest rule is simple: do not leave a Windows computer without active antivirus protection. Whether you use Microsoft Defender or another trusted solution, continuous protection is essential for keeping your files, accounts, and system integrity secure.

blogjoker 1698 posts 0 comments

Full Time blogger and youtuber .

You might also like More from author