Windows has a group of components called “Microsoft Defender” that includes a firewall and an anti-malware service (the full list of services are at the end of this article).
Personally, I find the Microsoft Defender Anti-malware useless and a waste of resources.
However as they always do, Microsoft does not allow us -the users- to choose if we want to use it not. Even with Administrative privilages were are not allowed to stop or disable those services.
Here is a procedure to completely disable Windows Defender.
Requirements
If you are using a PIN or some any other Windows Hello mechanism to logon into your computer, you need to enable the Administrator user account, because once we are in Safe Mode you won’t be able to login with either a PIN or Windows Hello.
Then we will boot into safe mode and disable the Windows Defender components.
Procedure
Open a Command Prompt as Administrator to perform the following steps:
Enable the local Administrator:NET USER Administrator /ACTIVE:YES
Assign it a password (substitute your_new_password for a password of your choice):NET USER Administrator your_new_password
Enable minimal safeboot:bcdedit /set {current} safeboot minimal
Reboot the system:shutdown -r -t 0
The machine will boot in Safe Mode. Login as Administrator instead of your regular account.
Open Command Prompt and type the following commands to disable the services related to Windows Defender and Microsoft Defender (keep the space after the = sign or it won’t work).sc config WdNisSvc start= disabled
sc config WinDefend start= disabled
sc config MDCoreSvc start= disabledsc config Sense start= disabledsc config mpssvc start= disabledsc config WdBoot start= disabledsc config WdFilter start= disabledsc config WdNisDrv start= disabled
If you wonder what are those commands doing, here is the explanation: We are using the sc command to disable the group of services that composes Windows Defender Antivirus and Windows Defender Firewall by changing their “Startup type” to “disabled” [1].
Now disable the safeboot mode:bcdedit /deletevalue {current} safeboot
Reboot the system:shutdown -r -t 0
Login in normally. You’ll see Windows Defender is now disabled:
If you are interested, here is a table showing what each of the disable services are:
| Service | Description |
WdNisSvc | Microsoft Defender Antivirus Network Inspection Service |
WinDefend | Microsft Defender Antivirus Service |
MDCoreSvc | Microsoft Defender Core Service |
Sense | Windows Defender Advanced Threat Protection Service |
MpsSvc | Windows Defender Firewall |
WdBoot | Microsoft Defender Antivirus Boot Driver service |
WdFilter | Microsoft Defender Antivirus Mini-Filter Driver |
WdNisDrv | Microsoft Defender Antivirus Network Inspection System Driver |
References:
[1] https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/sc-config