How to Disable Microsoft Defender Antivirus in Windows 11

Martin Brinkmann
Jan 16, 2022
Windows 11 Help

Microsoft Defender Antivirus is the default antivirus solution of Microsoft's Windows 11 operating system. It is turned on by default, unless another security solution is installed that is recognized by the operating system as such. Previously, it was known as Windows Defender.

Most third-party antivirus solutions that support Windows 11 are recognized, but there may be the odd solution that is not.

Most Windows 11 users may want to keep Microsoft Defender Antivirus enabled if no other security solution is installed. Some may want to turn off Microsoft Defender Antivirus temporarily or permanently, even if no other solution is installed. Reasons for wanting to do so include high resource use, Windows Defender Antivirus causing other issues on the system, no requirement for an antivirus solution, e.g., while using a virtual machine image of Windows 11, or simply because of wanting to decide what is running on the computer and what is not.

Enable or Disable Real-Time Protection in Windows 11

Windows Security has options to turn off certain security modules, including Real-Time Protection, in the Settings application.

Real-Time Protection can be turned off temporarily there, while all other protective modules can be turned off permanently.

Sometimes, it may be sufficient to turn of the feature for a short period of time to work around issues that are experienced.

Step 1: Open Windows Security in the Settings application

windows security

  1. Select Start and Settings or use the keyboard shortcut Windows -I to open the Settings application.
  2. Select Privacy & Security from the menu on the left.
  3. Select Windows Security on the page that opens.

Step 2: Open Virus & Threat Protection

virus and threat protection

  1. On the page that opens, select Virus & Threat protection from the list of protection areas.

This opens the Windows Security application.

Step 3: Disable Real-Time Protection

real time protection off

  1. Select Manage Settings under Virus & threat protection settings on the page that opened.
  2. Toggle Real-time protection to Off.
  3. Accept the UAC prompt that is displayed when you make the change.

Microsoft reminds you on the page that the turning off is temporary:

Locates and stops malware from installing or running on your device. You can turn off this setting for a short time before it turns back on automatically.

Tip: you may disable other protective modules such as cloud-delivered protection, automatic sample submission or tamper protection here.

Disable Windows Defender Antivirus using the Group Policy Editor

To disable Windows Defender Antivirus permanently, you need to use the Group Policy Editor or the corresponding Registry setting.

Note that it is necessary to disable the Tamper Protection feature of Windows Security before you make the change. If you don't, Windows Security may turn on Windows Defender Antivirus again.

tamper protection off

Here is how you do that:

  1. Select Start and Settings or use the keyboard shortcut Windows -I to open the Settings application.
  2. Select Privacy & Security from the menu on the left.
  3. Select Windows Security on the page that opens.
  4. On the page that opens, select Virus & Threat protection from the list of protection areas.
  5. Select Manage Settings under Virus & threat protection settings on the page that opened.
  6. Toggle Tamper Protection to Off on the page.

Disable Microsoft Defender Antivirus using the Group Policy Editor

turn-off-microsoft defender antivirus

  1. Select Start, type gpedit.msc and select the result from the list.
  2. Use the hierarchical structure on the left to go to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.
  3. Locate "Turn off Microsoft Defender Antivirus" and double-click on the policy. If you have trouble finding it, click on the "setting" header of the column to sort the list of policies in alphabetical order.
  4. Switch the state of the policy to Enabled on the page that opens.
  5. Select apply then ok to save the change.
  6. Restart Windows 11.

Virus & Threat protection should be off after the restart. Note that you will still see a shield icon in the system tray area as the Shield icon is the Windows Security icon, not the Microsoft Defender Antivirus icon.

Note that the feature was called Windows Defender Antivirus on Windows 10.

Other options

  • Use a program such as Defender Control or Configure Defender to manage the state of the program. It is free to use and compatible with Windows 11.
  • Try disabling the Windows Defender task in the Task Scheduler library, as suggested here.

Now You: which antivirus solution do you use, if any?

How to Disable Microsoft Defender Antivirus in Windows 11
Article Name
How to Disable Microsoft Defender Antivirus in Windows 11
Find out how to disable Microsoft Defender Antivirus on Windows 11 devices.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Tomatot said on October 18, 2022 at 2:06 pm

    With every Windows update, it becomes harder and harder to disable RTP for good. So I came up with a solution with a friend, everything is explained in the README file:

    It’s just a task to import in task manager and it executes a PowerShell command based on triggers. I hope it will be useful to you!

  2. Niko said on January 18, 2022 at 10:29 am

    A much more interesting article would be how to TEMPORARILY and effortlessly turn off Windows Defender with as little effort as possible, until I do some work, and then I will turn it on again …

    1. New Tobin Paradigm said on January 18, 2022 at 7:39 pm

      Or use NTLite to remove Windows Defender completely :P

  3. Giorgau said on January 17, 2022 at 11:20 pm

    Relying on an outside program to manage your antivirus is.. not very bright.
    Not when you can do it with an all-source script like ToggleDefender

  4. xxx said on January 17, 2022 at 3:57 pm

    Using latest Linux software & the latest web browser, using uBlock Origin all the time, browsing responsibly (don’t click everything), using limited user account, backup your data to the cloud or offline external storage.

    No need to have expensive bloated security software.

  5. Mike the real CTO said on January 17, 2022 at 2:29 am

    Next up, we will teach noobs how to get rid of that pesky root password on Linux and deprecate to more efficient file transfer methods like ftp and smb v1. Wouldn’t want the evil Red Hat or Ubuntu corporations snooping with their own TLS certs so we will build private ssl 1.0 keys. Seriously, who writes such irresponsible content? How are you going to replace all the security provided by the modern we that doesn’t come with ANY other av? We doesn’t cause issues unless you are infected. AV companies are now bundling crypto mining, vpn with eula agreements to sell your DNA data, you name it. I hate to say crazy John McAfee was right but AV is as dead before he said it. All you should use is MS Av. Or take your super leet skills over to a Linux/bsd based system where you can pretend you don’t get attacked.

    1. suicide_heart_attack_or_clowvid_pick_one said on January 17, 2022 at 11:08 am

      Yeah, let’s all bind on m$hit!! Not that crazy John McAfee was late right and… right next a good dead by… suicide… when starting to talk…

  6. Pete said on January 17, 2022 at 1:47 am

    I haven’t used an antivirus program of any kind since back in the Windows 95 days.

  7. New Tobin Paradigm said on January 17, 2022 at 12:48 am

    How about turning it off because it will scan any network shares and /attempt/ to quarantine “potentially unwanted files”. At which point the files are unrecoverable because quarantine DOESN’T work over network shares. They cannot be restored unless that bug was fixed recently. I lost a number of files thanks to this from a network share with Windows 11 in a VM.

    The files weren’t even executable.. it killed several bash, php, and python scripts I personally wrote.

    So beware.

  8. Hall said on January 17, 2022 at 12:43 am

    You are literally not disabling Windows 11, you are just permanently disabling the Real-Time protection, which anyone can do today without any registry anything or group policy, you only need to disable it everytime you restart Windows.

    I disabled Defender, it doesn’t run at all in my computer, but for that, it requires Advanced Run which can open programs as TrustedInstaller, then use Process Hacker, Autoruns and Registryfinder, with that is pretty easy to first disable the Defender running process DisableAntiSpyware registry entry and then disable the service, I just checked and I even have disabled the the policy (the ones that adds DisableAntiSpyware as policy) and it is still there happy, not doing anything but it wasn’t removed.

    Pretty easy, but I guess it is better to just disable the Real Time protection even if Defender still uses resources.

  9. Mr. Manure said on January 16, 2022 at 11:11 pm

    Last time I checked this was with Win 10 LGBT or smth and there was no way to fully disable this malware from inside. Needs to boot into other windows and change related registry entries (names are quite obfuscated of course) from there. As time as shown, nothing gets easier in this regard.

    This aricle is describing how to disable the GUI, not the “engine”. Dont be fooled.

  10. Anonymous said on January 16, 2022 at 10:50 pm

    I tried this before in Windows 10 and the Antimalware Service Executable is still running, eating up all my RAM and CPU. Microsoft made it impossible to disable Defender in 20H2.

    I had to delete everything associated with Defender in my Windows installation using Linux live boot, then boot back into Windows. Now I’m free of Defender spying on all my files.

  11. Harro Glööckler said on January 16, 2022 at 6:18 pm

    Why would someone do that? Replacing a actually good piece of software that always gets top places in independent reviews with something worthless like “i can’t keep my hands out of your https” Avast or “waste precious electricity and significantly shorten your computer’s lifespan to make us some cents per month richer” Avira/Norton is one of the most stupid things someone could do nowadays. Ok, i won’t argue if the OS is 7, XP or anything else without included Windows Defender, but doing that on 8/10/11 is just, as i said, plainly stupid.

    1. Hall said on January 18, 2022 at 4:43 pm

      Windows Defender uses too much CPU and Disk for doing nothing, like, it is pointless when most of the time you have the same files which probably are already safe from the beginning.

      Using Antivirus and antimalware is kind of not the best thing anyway, only using Firewall and adblocking (which is like a browser firewall) make sense in these times.

      The problem of the article is that it is not showing you how to turn it off, yeah temporary you can do it until next restart, but it still runs in the backgrounds and does scheduled scanning which will slow down your computer checking the same files that were checked before and flagged as “clean”.

    2. PanamaVet said on January 18, 2022 at 2:58 pm

      Windows Defender is the only antivirus that can run in a SandBox. It is inside the operating system looking out. It does not have to create holes into the operating system like third party products.

      Vulnerabilities have been discovered from the installation of major third party A/V products. AVComparatives does not include this consideration in their rankings. What good is detecting everything if the software is the back door?

      Last year an A/V product was bought out. The purchaser also took over several A/V review sites. Who do you think those sites will rate highly?

      A Mozilla developer trying to improve Firefox security observed third party A/V breaking security.

      Clue: Norton is pushing a bitcoin miner with their A/V install if you give them a piece of the pie.

      The path to becoming a malware magnet.

    3. ShintoPlasm said on January 18, 2022 at 10:22 am

      Because some people might prefer actually-good AVs like ESET or Kaspersky.

  12. John G. said on January 16, 2022 at 5:33 pm

    As a former user of McAfee, Panda, Norton and Avast (free versions), I can say proudly enough that WD of W11 is the least bad of them all. Low CPU usage, low SDD usage. By the way I use ConfigureDefender stable version, october 2021 (reviewed time ago in Ghacks), with settings to “high” to enhance security to the best level (setting to “max” gives some troubles). :]

    1. ShintoPlasm said on January 17, 2022 at 12:44 am

      Thanks for the tip!

  13. ULBoom said on January 16, 2022 at 5:32 pm

    eset Nod32. Does its thing, stays in the background, little system hit.

    Defender is super slow for me and why give MS even more of your data?

    Good AV’s are like good VPN’s, invisible.

    1. ShintoPlasm said on January 16, 2022 at 7:06 pm

      ESET is ridiculously expensive, though. Their top-tier product has antimalware functionality (LiveGuard) that neither NOD32 nor IS have; I don’t want to buy a second-rate product that’s missing important capabilities.

      1. Trey said on January 17, 2022 at 12:06 am

        It’s not abnormally expensive and anyway the basic AV is all you need. The rest is just upsell. Basic AV detects virus and malware which these days is basically under the same umbrella just diff names.

  14. Richard Allen said on January 16, 2022 at 5:24 pm

    I’ve been using windows security, whatever it’s called nowadays, since the early days of Win7. Back in my WinXP days it got to where every 3rd party solution was bloated, intrusive and hungry for system resources. It was crazy, and that’s understating the situation!!

    Right now on my win10 laptop I’m seeing a whooping 202MB of memory used and zero cpu usage. The Horror! And best of all, no shenanigans! No popups, no advertisements, it just leaves me the hell alone! :)

  15. Dave said on January 16, 2022 at 5:13 pm

    My Momma said: “Don’t volunteer information.”

    What security software you use is not something you should be sharing.

    1. GonnaGetDave said on January 16, 2022 at 11:52 pm

      Yes, what a terrible threat it would be to mention it here in your completely anonymous Dave persona.

  16. Dumbledalf said on January 16, 2022 at 4:18 pm

    You can also use O&O App Buster to uninstall most apps, including Security and Edge.

  17. Mortov Molotov said on January 16, 2022 at 4:18 pm

    Bitdefender user here….

    … until subscription renewal somewhere in March. Then WD again, in combination with Malwarebytes, as I did in the past couple of years.

    Main reason: nagging advertisements, particulary for Bitdefender VPN.

    1. Michael Hegedus said on October 7, 2022 at 2:17 pm

      Bitdefender user too….

      … I actually dont get spammed by VPN but I dont use it because when I am playing games I have 500 ping still dont get why, but does anybody acually use the vpn?

    2. ULBoom said on January 16, 2022 at 5:28 pm

      Same here. Bitdefender bundled their VPN, it couldn’t be removed, just sat there non-functional, hoping to be activated, I guess. Spammed me to death. I still occasionally get emails.

      They had a dashboard you couldn’t access without account login, the only place you could view blocked sites and the list couldn’t be cleared. That was quite a few years ago.

      Went to eset Nod32, no issues.

  18. TelV said on January 16, 2022 at 3:57 pm

    I use Autoruns to disable WD on Windows 8.1
    It’s simply a matter of removing the checkmark from the appropriate boxes.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.