Windows Server – Disable ‘Defender’

KB ID 0001710


I got a call last night to help out a colleague, this involved using a ‘dubious’ piece of software that is very old, (I wont elaborate further). But to run it on a modern Windows Server is nearly impossible. The host detects the software as being infected (It may well be, but I’ve never suffered). So I need to keep the software in a password protected Zip file. And only extract it on a Virtual machine that I don’t mind sacrificing!

That’s great, but Defender was having none of this, so I needed to ‘temporarily‘ stop its real time protection.

Note: Standard warning, disabling Windows defender on a production machine is not a good idea, (without another 3rd party anti virus/anti malware product.)


To get defender stopped open an administrative PowerShell Window, and execute the following command;

Set-MpPreference -DisableRealTimeMonitoring $true

Disable Windows Defender

I could then get up to my ‘black hatted shenanigans‘, to re-enable simply use;

Set-MpPreference -DisableRealTimeMonitoring $false

Other Options To Disable Window Defender

You can disable Defender using the following group Policy;

Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Turn off Windows Defender Antivirus > Set to Enabled

Or by setting the following registry key;

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Create a new DWORD (32 bit) called DisableAntiSpyware and set its value to ‘1’.

How To Remove Windows Defender

If you got here wanting to simply remove Windows Defender, then use the following command instead;

Uninstall-WindowsFeature Windows-Defender

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published.