Share via

Windows Defender overriding GPEdit and Registry

Anonymous
2024-12-19T18:45:50+00:00

Windows 11 IoT for a device that is not connected to the internet once installed except for occasional updates. I have it turned off in both GPEdit and in Registy as it keeps deleting a 3rd party program. How can I stop Windows defender from overriding both the registry and GPEdit? If I turn it off in GPEdit under "Turn off Microsoft Defender Antivirus" it changes the setting back to not configured instead of enabled. In the registry if "DisableAntiSpyware" is set to 1 it deletes the DWORD from HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender.

***moved from Windows / Windows 11 / Security and privacy***

Windows for business | Windows Client for IT Pros | Directory services | Deploy group policy objects

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2024-12-25T12:23:00+00:00

    Hello

    Thank you for posting in Microsoft Community forum.

    As I understand, you want to disable Windows Defender. Disabling Windows Defender can indeed be a bit tricky, especially if it keeps reverting your settings. Here are a few steps to try, ensuring that they are effectively disabling Windows Defender on your device permanently:

    1. Disable Tamper Protection:

    Before making any changes, ensure that Tamper Protection is turned off in Windows Security settings.

    Go to Windows Security -> Virus & threat protection -> Manage settings.

    Scroll down to Tamper Protection and turn it off.

    1. Using the Registry Editor:

    Open the Start Menu, type regedit, and press Enter to open the Registry Editor.

    Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.

    Look for a DWORD named **DisableAntiSpyware**. If it doesn't exist, create it by right-clicking on the right pane, selecting **New** -> **DWORD (32-bit) Value**, and naming it DisableAntiSpyware. Set its value to **1**.

    Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection.

    Create new DWORDs named **DisableBehaviorMonitoring**, **DisableOnAccessProtection**, and **DisableScanOnRealtimeEnable**, and set all their values to **1**.

    1. Using PowerShell:

    As an additional measure, you can use PowerShell to disable Windows Defender Services.

    Open PowerShell as an Administrator and run the following commands:

    Set-MpPreference -DisableRealtimeMonitoring $true

    1. In an enterprise environment or on specific versions such as Windows 11 IoT, you might also need to check organizational policies or configurations that might be enforcing Defender settings.

    Remember to create a system restore point before making these changes for safety. Lastly, note that disabling Defender might leave your system more vulnerable to threats, so ensure that you have another effective security solution in place.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest