Get 40% discount for the next four months on all Cloudways hosting plans with code BFCM2021. Read more here

How to Turn Off Windows Defender in Windows 11 Permanently

Microsoft Defender is in Windows 11 the default anti-virus/malware solution just like it was in Windows 10. It protects your computer against malware and virus threats. Even though it’s one of the best antivirus solutions on the market today, you still might want to turn off Windows Defender for testing purposes or on devices that are not connected to the internet.

Keep in mind that Windows Defender is turned off automatically when you install another antivirus application. So you don’t need to worry about that.

In this article, I will explain how you can fully turn off Windows Defender in Windows 11 and how to stop it temporarily.

Turn Off Windows Defender Temporarily

We are first going to take a look at how to stop Windows Defender temporarily. In Windows 11 we will need to open the Windows Security app for this.

turn off windows defender windows 11
  1. Open the Start Menu
  2. Type Windows Security
  3. Open the Windows Security App
  4. In the Windows Security screen open the Virus & Threat protection.
  5. Click on Manage Settings under Virus & Threat protection settings
disable windows defender

We can now disable the Real-time protection which should be enough for most testing purposes. When you turn it off you will get a warning, just click yes to disable the Windows Defender.

disable defender win11

The Real-time protection will automatically turn back on after a short time. If you open the task manager you will see that the Microsoft Defender Antivirus service is still running. Also when you reboot your computer the process is automatically started again.

Disable Windows Defender in Windows 11 Permanently 

Permanently disabling Windows Defender can be challenging. Methods that worked in Windows 10 don’t seem to work in Windows 11 anymore. I have tested pretty much every possible method that was described for Windows 10, but every time Windows Defender was able to automatically start up again.

I have tried disabling Windows Defender with:

  • gpedit – The setting Turn off Microsoft Defender Antivirus is reset after reboot
  • Disabeling the services from the startup – Settings are reverted within 2 minutes after reboot
  • Removing the Wdboot driver – Setting is reverted as well

I have two options that seem to work and last. The first is through taking ownership of the Windows Defender executable and removing all permissions from it. This way the system principal can’t start the Microsoft Defender services.

The second option is by editing a couple of registry items, which disable the startup of services related to Windows Defender.

Step 1 – Boot into Safe Mode

The first step is to boot into Safe Mode. Without Safe Mode, we can’t take ownership of the MsMpEng.exe file.

Boot into safe mode windows 11
  1. Press Windows key + R to open the run dialog
  2. Type msconfig and press enter
  3. Select the boot tab
  4. Under Boot opties enable “Safe boot
  5. Press Ok and restart your computer

Step 2 – Take Ownership of Defender

The next step is to take ownership of the Windows Defender application folder. This way we can hopefully also prevent any updates from Defender.

  1. Open Explorer
  2. Navigate to c:\programdata\Microsoft\Windows Defender\
  3. Open the properties of the folder Platform (right-click > select properties)
  4. Select the Security tab
  5. Click on Advanced
Remove defender permissions
  1. Change the Owner
Take ownership of microsoft defender
  1. Click on Advanced > Find Now and select Administrators
  2. Click Ok (twice) to take ownership
Disable Windows Defender Permanently

Step 3 – Remove All Permissions

We now have ownership of the Windows Defender application. All we now need to do is remove all users/principals from the list.

  1. Select each Permission entry
  2. Click Remove
  3. Do that for all users/entries in the list
  4. Make sure you select Replace owner on subcontainers and objects
  5. Select Replace all child object permi…
  6. Click Apply
turn off defender in WIndows 11

Step 4 – Disable Safe boot and reboot

To reboot back to the normal version of Windows 11 we need to disable the safe boot option. Open MSConfig again and remove the safe boot option:

  1. Windows key + R
  2. Type msconfig <enter>
  3. Open the tab Boot
  4. Unselect safe boot
  5. Restart your computer

If you now open the Windows Security app in Windows 11 you will see that Virus & Threat Protection is completely gone.

Completely remove windows defender

Using RegEdit to disable Windows Defender in Windows 11

An alternative way to disable Windows Defender in Windows 10 or 11 is to use the registry. For this, you will also need to boot into safe mode. Follow step 1 from the previous chapter to boot into safe mode.

Once booted in safe mode:

  1. Press Windows key + R
  2. Type regedit <enter> to open the registry
  3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
  4. Change the following folders the key Start to 4
    • Sense
    • WdBoot
    • WdFilter
    • WdNisDrv
    • WdNisSvc
    • WinDefend

Follow step 4 from the previous chapter to reboot Windows back to normal mode.

Revert the change

If you no longer want to disable Windows Defender you can easily revert the change. You will need to restart into safe mode again and give System and TrustedInstaller full access permission on the Platform folder.

Wrapping Up

Keep in mind that you are vulnerable to virus and malware infection without an antivirus application. I don’t recommend disabling defender purely because it takes too much CPU. If you find that Windows Defender is consuming too many resources then try another antivirus solution.

Get more stuff like this

IT, Office365, Smart Home, PowerShell and Blogging Tips

I hate spam to, so you can unsubscribe at any time.

10 thoughts on “How to Turn Off Windows Defender in Windows 11 Permanently”

  1. nice, thank you, only problem is that you can’t download files from browser that conforms with windows’s scanning-each-downloaded-file policy , which means we’ll need a third-party like browser

  2. Works beautifully, thanks. I appreciate you giving actual useful information instead of all the junk and useless advice that other sites do.

  3. The below info works and is easy to do and undo.
    1. Boot into safe mode
    2 . gogo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
    3 . Find “Sense” and modify the value of “Start” to HEX “4”
    4 . Do the same for WdBoot, WdFilter ,WdNisDrv, WdNisSvc and WinDefend.

    To undo this, just use the value the entries had before you changed them. Write them down if you need to.

    • NICE!

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense]
      “Start”=dword:00000004

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot]
      “Start”=dword:00000004

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter]
      “Start”=dword:00000004

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
      “Start”=dword:00000004

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
      “Start”=dword:00000004

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
      “Start”=dword:00000004

  4. This does not appear to work on the release version (Insider Preview) of Windows 11 (clean install from ISO).

    Anti-malware service is still active after boot and present in Settings after following guide exactly.

    However, as an aside, nuking the permissions for the Windows Defender parent folder seems to do the trick, but breaks Windows Updates.

    Can you confirm? I’m not new to the Windows permissions system, but I could be doing this wrong.

Leave a Comment

0 Shares
Tweet
Pin
Share
Share