How to permanently disable Windows Defender Real Time Protection with GPO?

gpowindows-defender

I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO, Real-Time Protection is shown as off. However after a reboot the Protection is magically enabled again.

GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.

In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.

I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.

Best Answer

In newer versions of Windows, Group Policy settings for Microsoft Defender are reverted back.
To prevent this, before changing them:

  1. Open Resource Monitor (type resmon.exe in the search box)
  2. Overview
  3. Find MsMpEng.exe in the list
  4. Right-click > Suspend Process

In newer versions of Windows, Tamper Protection was added.
Tamper Protection must be disabled before changing Group Policy settings, otherwise these are ignored.

  1. Open Windows Security (type Windows Security in the search box)
  2. Virus & threat protection > Virus & threat protection settings > Manage settings
  3. Switch Tamper Protection to Off

To permanently disable real-time protection:

  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
  3. Enable Turn off real-time protection
  4. Restart the computer

To permanently disable Microsoft Defender:

  1. Open Local Group Policy Editor (type gpedit.msc in the search box)
  2. Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
  3. Enable Turn off Microsoft Defender Antivirus
  4. Restart the computer
Related Topic