How to turn off Windows Defender using Group Policy
In this post, you will learn how to turn off Windows Defender using Group Policy. Windows Defender is malware protection that is included with and built into Windows 10.
Windows Defender software helps identify and remove viruses, spyware, and other malicious software. But why would you think of turning off Windows Defender then ?.
Windows Defender provides the most protection when cloud-based protection is enabled. Windows Defender runs in the background and notifies you when you need to take specific action. There are many ways to disable windows defender. You could choose to disable it on a single machine, you could also disable it using Registry Tweak.
However when you want to disable Windows Defender on multiple computers in a domain, the group policy method is the best. If you are using System Center 2012 R2 Configuration Manager and Microsoft Intune, these can provide centralized management of Windows Defender, including:
- Settings management
- Definition update management
- Alerts and alert management
- Reports and report management
How to turn off Windows Defender using Group Policy
Launch the Group Policy Management console. Right click on the domain and click Create a GPO in this domain and link it here. Provide a name to the GPO. Click OK.
Once the policy is created, right click on the policy and click Edit. This will bring up the Group Policy Management Editor. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender.
Look for the policy setting “Turn Off Windows Defender“. Right click on the policy setting and click Edit.
On the Turn off Windows Defender policy setting, click Enabled. This policy setting turns off Windows Defender. Click OK and close the Group policy management console.
On the client machine, we now see that group policy has been applied. When the user tries to open Windows Defender, it shows a box stating This application is turned off by group policy. In case you want to enable the windows defender, edit the policy and simply change the same policy’s status from Enabled to Not Configured or Disabled.
When checking for the Windows Defender in the GPO, i do not see it. Do I need to manually create it?
I have tried your method on Windows 10 21H2 and it stay enabled, we have thousand computer and we can’t disable it manualy on each computer
thanks, I tried your method but still Windows Firewall snap-in throwing 0x6D9 error and not allow server to pull patches from WSUS. please advise.
Hello Prajwal ,
I used your technique and found it to be quite useful , however i see in certain cases the command : ” Uninstall-WindowsFeature -Name Windows-Defender ” does not work , i cant zero in on the root cause , i am talking of servers mainly Windows server 2012 R2 and server 2016 .So i am providing you with my E-mail id and phone number , just in case there is an alternative please do let me know via mail and phone no .I would also be grateful if you can provide me your E-mail so i can E-mail you in case of any further queries.
can we stop peoples to stop real-time protection by using these methods?
Hello. Is it posible to disable or ununstall windows defender via SCCM for specific collection? Thaks in advance.
I never tried that but what’s wrong in using the GPO ?.
Thank you for the information
Glad that it helped.
Dear Prajwal Joshi,
Please let me know if the AppLocker is an option in SCCM, can we implement AppLocker from SCCM to all the Users or with Group policy ?
I don’t think Applocker is an option within SCCM.
Will take that as a Yes.
Do you often use such customized editions?
Is allowed to discuss third party NT OSes?
Sorry i did not understand what you meant. Can you tell what exactly what is your question.
Esteemed Prajwal D., I made ask difficult because involves other parties and I was not aware of your reception. I have this bug where Windows Defender is “disabled” and imposible to access any of its GUI at all (heck, completely forgot to give a try with CLI over cmd prompt – will do) , very limited indeed. Now, after closing its activities with this very gpo instructions, there is a need to recover some removed threats (false positives), since WD is actually running as background daemon unexpectedly. I will welcome very much a piece of knowledge about that as well, regarding options of WinPE “swiss knife” tools you might had expertised, since it requires a live boot shake, no?
Sorry for previous mislead words.
is there a way to disable the pop up?
Nope, i haven’t tried.
How do you activate the policy once you’ve done the steps above? The workstation’s completely ignore it and still load the Defender service – it’s not working (reboots don’t help).
right click the policy and choose the enforce button, then on the workstations, do a gpupdate /force to see if it now applies. I would assume you are using server 2008 or higher and all workstations are windows 7 or higher?
thanks for providing this information all explained in simple ways !! and yes it works!!
Thank you