How to Enable or Disable Microsoft Defender in Windows 11

Windows Security

Everything you need to know about enabling or disabling Microsoft Defender temporarily as well as permanently in Windows 11.

Microsoft Defender Antivirus (formerly known as Windows Defender) is a built-in free anti-malware program included with Windows 11 that protects the computer from viruses and malware. In addition to antivirus and anti-malware protection, Microsoft Defender also offers account protection, online security, device performance and health monitoring, parental controls, and firewall and network security.

Microsoft Defender Antivirus is renamed to Windows Security app in the newer releases of Windows 10 and Windows 11. Microsoft Defender works pretty well at keeping your computer safe from viruses and various security threats, though certain situations might call for you to disable it.

Why Turn Off Microsoft Defender?

For instance, if you’re planning to install a better antivirus program with more features and in-depth protection options and you don’t want Microsoft Defender to consume CPU and battery in the background, then you probably need to disable it. Also if you’re using a third-party antivirus program while the Defender is enabled, it may cause issues or conflict with that anti-virus program.

READ: Best Windows 11 Antivirus Apps

Another reason might be that when you’re trying to install some third-party software or app, Microsoft Defender may block the installation. It also uses a significant amount of the device’s resources from CPU to disk space and RAM. If you’re not going to connect your Windows 11 PC to the internet, then there’s no risk in disabling Windows Defender to save system resources.

There are different ways you can disable Microsoft Defender in Windows 11. In this step-by-step guide, we will explain how to enable or disable Microsoft Defender in Windows 11.

Enable/Disable Microsoft Defender Temporarily using Settings App

There are plenty of reasons to turn off Windows Defender temporarily especially when you are installing or opening third-party software from unknown or untrusted sources. Here’s how to enable/disable Microsoft Defender in Windows 11:

First, open Settings by right-clicking the Start icon on the taskbar and selecting the ‘Settings’ option from the Start button context menu OR simply press the Windows+I keyboard to launch Windows Settings app.

On the Settings screen, go to the ‘Privacy & security’ section in the left panel and select ‘Windows Security’ on the right.

On the next setting page, click the ‘Open Windows Security’ button.

Alternatively, you can open the Notification area (upward arrow) in the taskbar corner and click the ‘Windows Security’ icon if it’s there.

Either way, it will open the Windows Security (Microsoft Defender) app where you can view and manage the security and health of your computer.

In the Windows Security app, select the ‘Virus & threat protection’ tab from the left menu items. Then, click the ‘Manage settings’ link under the ‘Virus & threat protection settings’ section.

On the next page, toggle the switch to Off under ‘Real-time protection’ to disable the Microsoft Defender.

If you see the User Access Control prompt, click ‘Yes’. Now, the Microsoft Defender is disabled temporarily. When you restart your PC, it will turn back on automatically. To re-enable the service immediately, toggle the switch to ON.

Here, you can also control various other virus & threat protection settings for Microsoft Defender, such as Cloud-delivered protection, Automatic sample submission, Tamper protection, and more. You can enable or disable them based on your needs.

Turn On or Off Windows Defender Firewall in Windows 11

Windows Defender Firewall protects your computer from outside threats, but sometimes it can get in the way. For example, when you are trying to download files from untrusted sources or when you’re experiencing connectivity issues, you may need to turn off your Windows Firewall. Follow these steps to do that:

In the Windows Security app, select the ‘Firewall & network protection’ tab from the left-hand pane.

Here, you will see three network profiles and their security status. Each network firewall setting helps you protect while on the respective network.

  • Domain network – This firewall setting is applied when the local computer is an active directory domain member.
  • Private network – This firewall setting is applied when a computer is connected to a home or work network where your computer is visible to other trusted computers within the network.
  • Public network – This option protects your computer when it connects to public networks such as Wi-Fi hotspots at coffee shops, airports, and other locations where your device is not discoverable on the network.

You should know that turning off your Microsoft Defender firewall can leave your device vulnerable to unauthorized access, viruses, and cyberattacks. You should only disable the firewall when it’s necessary like when you need to access an app that’s being blocked, sharing files, troubleshooting an issue, or if you are installing another firewall.

If you decided to disable the Microsoft Defender firewall you can go into each network firewall and turn them on or off according to your needs. Click on the network type to go into the setting. 

Then, under the Microsoft Defender Firewall section, click the toggle to turn it ‘Off’.

If UAC prompts for confirmation, click ‘Yes’. To re-enable the firewall, click the toggle to turn it ‘On’

If you want to turn on all the settings together, you can just click the ‘Restore settings’ button which restores the default settings.

Turn On or Turn Off App & Browser Control in Windows 11

App & browser control is another category of settings in Windows Security. It allows you to control Windows Defender SmartScreen which helps protect your device against potentially dangerous apps, files, websites, and downloads.

However, it can also prevent you from accessing unrecognized apps (that are not a threat), web content, and downloading certain files. Windows Defender SmartScreen could also automatically delete potentially unrecognized apps and low-reputation apps and files. Even if you probably kept those files on purpose on your computer, SmartScreen could automatically delete them. To disable smart screen settings follow these steps:

Open the App & browser control tab, then click the ‘Reputation-based protection settings’ link under the Reputation-based protection section.

Under Reputation-based protection, there are many settings like Check apps and files, SmartScreen for Microsoft Edge, Potentially unwanted app blocking, and SmartScreen for Microsoft Store.

You can enable or disable these options based on your needs:

  • Check apps and files – This toggle turns on Microsoft Defender SmartScreen to help protect your computer by checking the reputation of apps and files you may download from the web.
  • SmartScreen for Microsoft Edge – This setting helps evaluate and protect your computer from malicious websites or downloads. If you try to visit phishing websites and malware websites on Edge, it will warn you about the potential threat from those websites. Also if you try to download unrecognized files, suspicious files, or malicious programs, Microsoft Edge will give you a chance to stop the download.
  • Potentially unwanted app blocking This option helps you prevent the installation of potentially unwanted apps (PUAs) that might cause unexpected behaviors on your Windows 11 PC.

Potentially unwanted apps (PUAs), aren’t exactly malware, but they might install multiple applications and extensions, and other programs somewhere during the installation process. As a result, they might show pop-up ads, slow down your system, change the default behavior, and modify your browser, and perform other actions in your system without your knowledge. This setting will also block you from installing or downloading pirated and cracked software.

When this setting is enabled, the Microsoft Defender will detect if a PUA is trying to install and alert you whether you want to allow or block the program. It could also automatically scan your computer and remove the apps that are considered PUAs.

However, if you are testing an app or installing an app that’s not a threat to you but Microsoft Defender may consider it as PUA, you can turn off this setting.

If you only want to install or allow PUAs, uncheck the ‘Block apps’ check box under the Potentially unwanted app blocking section. If you only want to allow PUAs downloads, uncheck the ‘Block downloads’ box. If you want to allow both, turn Off toggle, which can enable or disable both options.

  • SmartScreen for Microsoft Store apps This option checks the web content used by Microsoft Store apps to protect your device.

Enable/Disable Microsoft Defender Temporarily using PowerShell

You can also use Windows PowerShell to temporarily turn off (disable) Microsoft Defender. But before you do, you need to turn off the ‘Tamper protection’ in the Windows Security (Microsoft Defender) app.

Tamper Protection is a security feature in Microsoft Defender that prevents users, programs, and malware from making changes to security settings such as Real-Time Protection, Cloud Protection, and more. When this protection is enabled, even the programs like Registry Editor, command line, PowerShell, and Group Policy Editor are blocked from disabling Microsoft Defender Antivirus components.

Hence, you need to disable this feature before you make any changes. To disable Tamper protection, open the Windows Security app, go to the ‘Virus & threat protection’ tab and click the ‘Manage settings’ settings link.

Then, turn Off the toggle under the Tamper Protection section.

Now, the tamper protection is Off, you can make changes to the Windows Security app settings from outside the app.

After that open Windows PowerShell with administrative privileges. To do that search for ‘Powershell’ in the Windows search and select the ‘Run as administrator’ option for the top result.

To disable real-time monitoring for Windows Defender, type the following command and press Enter:

Set-MpPreference -DisableRealtimeMonitoring $true

After your restart your system, it will turn back on automatically. But if you want to re-enable the feature before that, use the next command.

To re-enable real-time monitoring for Windows Defender, type the following command and press Enter:

Set-MpPreference -DisableRealtimeMonitoring $false

Enable/Disable Microsoft Defender Firewall using PowerShell

Windows PowerShell can also be used to disable or enable Microsoft Defender Firewall.

For all Profile/Network Types

To turn Off the Windows Firewall for all network profiles, run the below command in the Windows PowerShell (Admin).

Set-NetFirewallProfile -Enabled False

To turn On the Windows Firewall for all network profiles, run the below the command

Set-NetFirewallProfile -Enabled True

For Private Network Only

To disable the private network firewall:

Set-NetFirewallProfile -Profile Private -Enabled False

To enable the private network firewall:

Set-NetFirewallProfile -Profile Private -Enabled True

For Public Network Only

To disable the public network firewall:

Set-NetFirewallProfile -Profile Public -Enabled False

To enable the public network firewall:

Set-NetFirewallProfile -Profile Public -Enabled True

For Domain Network Only

To disable the domain network firewall:

Set-NetFirewallProfile -Profile Domain -Enabled False

To enable the domain network firewall:

Set-NetFirewallProfile -Profile Domain -Enabled True

Disable Microsoft Defender Permanently using Group Policy in Windows 11

Local Group Policy Editor is a powerful tool that lets you control and configure Group Policy settings for a local computer or a network of computers. Network administrators prefer to work with Group Policy Editor which lets them modify settings for multiple users and computers throughout a network environment.

You can use Group Policy Editor to permanently disable Microsoft Defender in Windows 11. Follow these steps to do that:

Before you do this, first make sure the ‘Tamper Protection’ is disabled in the Windows Security app, like we showed you before.

This image has an empty alt attribute; its file name is allthings.how-how-to-enable-or-disable-microsft-defender-in-windows-11-image-20-759x791.png

Search for ‘Edit Group policy’ or ‘gpedit.msc’ in the Windows search and click the top result to open the Local Group Policy Editor. Alternatively, open the Run command by pressing Windows+R and type ‘gpedit.msc’, and hit Enter.

In the Local Group Policy Editor window, navigate to the following path in the left panel:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus

Then, from the right-hand pane, double-click the ‘Turn Off Windows Defender Antivirus’ setting.

In the dialog box, select the ‘Enabled’ option, click ‘Apply’, and then ‘OK’ to disable Microsoft Defender Antivirus permanently on Windows 11.

The option ‘Enabled’ will turn off the Microsoft Defender while both ‘Not Configured’ and ‘Disabled’ will turn on the service. To re-enable the service, select either ‘Not Configured’ or ‘Disabled’ and click ‘Apply’.

The above steps will entirely disable the Microsoft Defender Antivirus. But if you only want to disable real-time protection for Microsoft Defender while leaving the account protection, firewall, app protection, and others, then follow these steps:

Open ‘Real-time Protection’ folder under the same ‘Microsoft Defender Antivirus’ or navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-Time Protection

Then, double-click the ‘Turn off real-time protection’ policy setting from the right-pane.

Then, select ‘Enabled’, click ‘Apply’ and give ‘OK’.

This will permanently disable real-time protection only. To re-enable the real-time protection of Microsoft Defender, select either ‘Not Configured’ or ‘Disabled’ and click ‘Apply’.

Whether you enable or disable the Microsoft Defender, restart your PC to save the changes.

You can apply Group Policy changes immediately, without rebooting the system. To do this, type gpupdate.exe in the Run box or at the command prompt and hit Enter.

After you made changes in the Group Policy editor, make sure to turn on the ‘Tamper Protection’ feature again using the same steps outlined before.

Disable Microsoft Defender Permanently using Registry Editor in Windows 11

Another method you can use to permanently disable Microsoft Defender antivirus is through Windows Registry Editor. The Windows Registry Editor is a hierarchical database that allows you to view and edit keys and entries in Windows operating systems. It can also be used to modify the registry keys associated with Microsoft Defender Antivirus to disable it.

Just like in the previous method, first, disable the ‘Tamper Protection’ in the Windows Security app before you start doing the following steps.

This image has an empty alt attribute; its file name is allthings.how-how-to-enable-or-disable-microsft-defender-in-windows-11-image-20-759x791.png

Open Registry Editor by searching for ‘Registry Editor’ or ‘regedit’ in the search box on Windows 11 and open the top result. Alternatively, Open the Run command by pressing Windows+R and type regedit.msc, and hit Enter.

Once the Registry Editor opens, navigate to the following location or copy-paste the below path in the address bar of the Registry Editor and hit Enter:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Then, look for a registry DWORD named ‘DisableAntiSpyware’ in the right pane.

Now, double-click on it and set the value to 1 and click ‘OK’ to disable the Windows defender.

If that DWORD doesn’t exist, right-click on the ‘Windows Defender’ folder on the left navigational panel and select ‘New’ and then ‘DWORD (32-bit) Value’.

Then, rename the new entry to DisableAntiSpyware.

Now, open the newly created registry and change its value to 1.

This will fully disable the Microsoft Defender antivirus. After that restart, your system to make it effective. Once you restart your system, check the Windows security app. This is what it will show in the Virus & threat protection tab.

To re-enable Windows Defender Antivirus, go to the same location in the registry editor, and either delete the ‘DisableAntiSpyware’ registry key or simply change its value to 0.

If you only want to permanently disable the real-time protection of Microsoft Defender, follow these steps:

Open the Real-time protection folder (key) under Windows Defender in the left-panel of the Registry editor or you can just navigate to the following path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection

In case the Real-time protection key (folder) doesn’t exist under the Windows Defender folder, you need to create one. To do that, right-click on the ‘Windows Defender’ (folder) key and select the ‘New’ and then ‘Key’ option. Then, rename this key as ‘Real-Time Protection’ and press Enter.

In the Real-time protection key (folder), double-click the ‘DisableRealtimeMonitoring’ registry if it’s available and change its value to 1.

If the registry is not present in the Real-time protection folder, you need to create one. To do this, right-click on ‘Real-Time Protection’ and select ‘New’ > ‘DWORD (32-bit) Value’, and name the entry as ‘DisableRealtimeMonitoring’.

Then, double-click the ‘DisableRealtimeMonitoring’ registry and change its value to 1.

After that, restart your system to apply the changes. This will only disable the real-time protection permanently.

To re-enable the real-time protection, either delete the ‘DisableRealtimeMonitoring’ registry or change its value back to 0.

Disable Microsoft Defender Permanently using Autorun in Windows 11

Autoruns is a free Sysinternals utility from Microsoft that displays a comprehensive list of all programs that run every time you turn your computer on. It can be used to disable unnecessary startups including Microsoft Defender. With the Autorun tool, you can stop the Microsoft Defender Antivirus services from starting up during Windows bootup. Follows these steps to do that:

First, go the this Microsoft website and download the Autorun tool. Then, extract the download file.

Next, click the Windows search and type – msconfig. Then, click ‘Run as administrator’ for the ‘System Configuration’ result. Alternatively, you can press Windows+R to open the Run command and type ‘msconfig’, and hit Enter.

On the System Configuration dialog window, go to the ‘Boot’ tab. Then, under the ‘Boot options’ section, check ‘Safe boot’, and select ‘Minimal’. Then, click ‘Apply’ and ‘OK’.

On the prompt box, click the ‘Restart’ button.

Your system will restart in Safe mode. Now, open the folder that you extracted earlier and run the ‘Autoruns.exe’ or ‘Autoruns64.exe’(if you are using 64-bit Windows).

If you see the License Agreement window, click ‘Agree’.

When the Autoruns window opens, click the ‘Options’ menu, and uncheck the ‘Hide Windows Entries’ option.

Then, go to the ‘Services’ tab and look for the entry named – ‘WinDefend’ in the list of Autorun entries below. Once, you found it, uncheck that service.

If you can’t find the service, you can always search for it in the search box at the top and uncheck the service.

Next, open the Run command by pressing Windows+R and type ‘msconfig’, and hit Enter.

Then, go back to the ‘Boot’ tab and uncheck – ‘Safe boot’ option. Then, click ‘Apply’ and then ‘Ok’.

After that, click ‘Restart’ in the prompt box to reboot your system in normal mode.

Once the system restarts, all the Microsoft Defender features under Virus & threat protection settings such as Real-time protection, Cloud-delivered protection, Automatic sample, submission, and Tamper protection are disabled permanently.

If you want to re-enable the Microsoft Defender service, boot into Safe mode, and check the ‘WinDefend’ service in the Autoruns tool by following the above steps.

Uninstall/Re-install Microsoft Defender in Windows 11 using PowerShell

If you want to fully uninstall Microsoft Defender from your account in Windows 11, it can be done with PowerShell commands. Here’s how you uninstall Microsoft Defender in Windows 11:

First, open Windows PowerShell as administrator. Then, run the following command to uninstall Microsoft Defender:

Uninstall-WindowsFeature -Name Windows-Defender

It will take a few seconds to complete the process, then reboot the system.

You should know this will only uninstall Windows Defender from the current account. But if you decided that you want Defender back, you can easily reinstall it.

To re-install the Microsoft Defender in Windows 11, run the below command:

Install-WindowsFeature -Name Windows-Defender

That’s it.