Some of us prefer to disable Windows Defender.

While in the past there were quite easy ways to disable Windows defender, Microsoft has made it impossible to disable Defender by a registry entry (via regedit) or a group policy (via gpedit.msc).

From the Win 10 2004 function upgrade on Microsoft made both ways inaccesible. Instead it is only possible to disable Defender by an API call e.g. from an installed antivirus software.

For my PCs (prior 2004), if I disabled Defender by GPO the policy will stay enabled meaning Defender disabled after an update to 2004. But if I disabled Defender by registry hack, it will be re-enabled after the upgrade to 2004.
With all new installations registry/GPO ways will be inaccessible (at least it's more difficult).

There is a little but helpful freeware called "defender control" that you can download from https://www.sordum.org/
Dierect download link for v1.9: https://www.sordum.org/9480/defender-control-v1-9/

With the utility you can disable and enable Defender by a click.

 

Last edited: Jun 6, 2021

Microsoft fuckery is unbelievable, glad I went MacOS hackintosh so I don't have to deal with this bullshit anymore

 

No need to thank me
Defender Control v1.9 (sordum.org)

 

Dear folks, I am totally pissed with windows defender. Any suggestions on what free tools are out there to turn it off? Does defender control work on windows 11?

 

Try this :

To fully uninstall and clean up Microsoft Defender Endpoint (MDE) from your devices, you need to follow a comprehensive process that involves stopping services, removing registry keys, and uninstalling associated components. Here’s a detailed guide to help you achieve this.

Step-by-Step Guide to Fully Uninstall/Clean-up Microsoft Defender Endpoint.

Stop Microsoft Defender Services

• Open PowerShell as Administrator
• Copy code Stop-Service -Name "Sense" -Force Stop-Service -Name "windefend" -Force Stop-Service -Name "WdNisSvc" -Force

Disable the Services:

• Open PowerShell as Administrator
• Set-Service -Name "Sense" -StartupType Disabled Set-Service -Name "windefend" -StartupType Disabled Set-Service -Name "WdNisSvc" -StartupType Disabled

Uninstall Microsoft Defender Endpoint Components: Uninstall using PowerShell

• First uninstall Windows Security app
• Open PowerShell as Administrator
• Copy code Get-AppxPackage Microsoft.SecHealthUI | Remove-AppxPackage
• Uninstall Microsoft Defender Antivirus
• Open PowerShell as Administrator
• Copy code Uninstall-WindowsFeature -Name Windows-Defender-Features
• Remove Defender for Endpoint Using Windows Installer:
• Open PowerShell as Administrator
• Copy code msiexec /x {ProductCode} /qn /norestart

Note: Replace {ProductCode} with the actual product code for Microsoft Defender Endpoint. You can find this in the registry under: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Now you will have to remove the registry keys:

• Open PowerShell as Administrator
• Copy code Remove-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\MDCoreSvc" -Recurse -Force Remove-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\MDCoreSvc" -Recurse -Force

Next step is to offboarding script again and this is optional

If you have not already, you can run the offboarding script provided by Microsoft to ensure the device is disconnected from the MDE portal.

• Download and Run the Offboarding Script:
• Follow the instructions provided by Microsoft to download and run the offboarding script from the Microsoft Defender for Endpoint offboarding documentation.

Now next steps is to clean Up Residual Files and Folders

• Delete Microsoft Defender Folders:
• Open PowerShell as Administrator
• Copy code Remove-Item -Path "C:\Program Files\Windows Defender" -Recurse -Force Remove-Item -Path "C:\ProgramData\Microsoft\Windows Defender" -Recurse -Force

Now reboot the device

Reboot the device to ensure all changes take effect and to complete the cleanup process.

Additional Considerations :

Permissions:

• Ensure you have sufficient permissions to perform these operations, especially when manipulating services and registry keys.
  • If the system account or local admins are unable to remove certain keys or services, you might need to boot into Safe Mode to perform these actions.
  Group Policy:

• - Verify that there are no Group Policies that might be re-enabling or protecting Microsoft Defender services or components.

 

You can remove it completely if you want?
https://github.com/ionuttbara/windows-defender-remover/