I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO, Real-Time Protection is shown as off. However after a reboot the Protection is magically enabled again.
GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.
In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.
I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.
Best Answer
In newer versions of Windows, Group Policy settings for Microsoft Defender are reverted back.
To prevent this, before changing them:
resmon.exe
in the search box)MsMpEng.exe
in the listIn newer versions of Windows, Tamper Protection was added.
Tamper Protection must be disabled before changing Group Policy settings, otherwise these are ignored.
Windows Security
in the search box)Tamper Protection
toOff
To permanently disable real-time protection:
gpedit.msc
in the search box)Turn off real-time protection
To permanently disable Microsoft Defender:
gpedit.msc
in the search box)Turn off Microsoft Defender Antivirus