How to permanently disable Windows Defender Real Time Protection with GPO?

gpo windows-defender

joe-jeff · Jun 3, 2020 · Viewed 26.7k times · Source

I like to disable Windows Defender Real Time Protection via GPO on Windows 10 Pro. When I configure GPO like this:

Real-Time Protection is shown as off:

However after a reboot the Protection is magically enabled again:

GPO settings have not changed. I am trying to disable Real Time Protection to be able to analyze and reverse engineer malware.

In addition even if Windows tells me Real Time Protection is managed by the administrator it is still enabled in the back.

I really wonder if there is a way to completely disable Windows Defender + Real Time Protection or if Microsoft made this impossible.

Answer

In newer versions of Windows, Tamper Protection was added.
Tamper Protection must be disabled, otherwise Group Policy settings are ignored.

Open Windows Security (type Windows Security in the search box)
Virus & threat protection > Virus & threat protection settings > Manage settings
Switch Tamper Protection to Off

Important. Tamper Protection must be disabled before changing Group Policy settings.

To permanently disable real-time protection:

Open Local Group Policy Editor (type gpedit in the search box)
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Real-time Protection
Enable Turn off real-time protection
Reboot

To permanently disable Microsoft Defender:

Open Local Group Policy Editor (type gpedit in the search box)
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus
Enable Turn off Microsoft Defender Antivirus
Reboot