How to disable Windows Defender

Disabling Microsoft Defender Antivirus (also known as Windows Defender) is sometimes necessary to troubleshoot blocked installers, isolate false positives during development, or confirm whether real-time scanning is causing performance issues. Temporarily turning off protection can remove the security layer that interferes with file writes, downloads, and code execution.

Defender is managed through the Windows Security app and the Windows Security Center, where Real-time protection scans files as they are accessed or created. In managed environments, policy-backed settings can also be applied through Local Group Policy Editor or registry-based policy keys that mirror those policies.

Disabling antivirus protections increases exposure to malware and unsafe downloads, and some changes may be blocked or reverted by Tamper Protection. Windows 11 Home does not include Local Group Policy Editor, and enterprise-managed devices may enforce Defender settings centrally, preventing local changes from sticking.

This method disables Real-time protection directly from the Windows Security interface and is available on most Windows 10 and Windows 11 systems.

1. Open Windows Security from the Start menu search.
2. Select Virus & threat protection.
3. Click Manage settings under Virus & threat protection settings.
4. Toggle Real-time protection to Off and confirm the prompt if shown.

   Turning off Real-time protection reduces malware protection immediately and may be automatically re-enabled after a restart or a short period of time.

5. Confirm the Real-time protection status shows as disabled in Windows Security.

   Re-enable protection by toggling Real-time protection back to On on the same page.

This method uses Local Group Policy Editor to disable Real-time protection on supported editions such as Windows 11 Pro, Enterprise, or Education.

1. Turn off Tamper Protection under Windows Security → Virus & threat protection → Manage settings.

   Tamper Protection prevents changes to protected security settings and should be re-enabled after troubleshooting to restore protection.

2. Open the Run dialog by pressing Windows + R.
3. Type gpedit.msc and press Enter to launch Local Group Policy Editor.
4. Navigate to Computer Configuration → Administrative Templates → Windows Components → Microsoft Defender Antivirus → Real-time Protection.
5. Open the Turn off real-time protection policy setting.
6. Set the policy to Enabled and click OK.
7. Restart Windows to apply the policy change.
8. Confirm Real-time protection remains disabled and shows as managed in Windows Security.

   Re-enable by setting Turn off real-time protection to Not Configured and restarting Windows.

This method creates policy values in the registry that correspond to Defender settings, and is best suited for advanced users who understand the risks of registry changes.

1. Open the Run dialog by pressing Windows + R.
2. Type regedit and press Enter to open Registry Editor.
3. Back up the registry before modifying policy keys.

   Related: How to back up the Windows registry

4. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender in Registry Editor.
5. Create the Real-Time Protection subkey under the Windows Defender policy key.
6. Create a new DWORD (32-bit) value named DisableRealtimeMonitoring.
7. Set DisableRealtimeMonitoring value data to 1.

   Incorrect edits in the registry can cause system instability, and Defender policy values may be ignored or reverted when Tamper Protection is enabled.

8. Restart Windows to apply the policy value.
9. Confirm Real-time protection is disabled in Windows Security.

   Re-enable by deleting DisableRealtimeMonitoring or setting it to 0, then restarting Windows.