Turning Off Windows Defender

Posted on

Windows defender can’t be disabled the normal way, that is from the Settings app, only temporarily postponed. Now, firstly you would ask why someone would want to make their computer less secure? Well there’s a few reasons.

  • Windows Defender transmits anything that matches its heuristics back to Microsoft, even if you specify that it’s not a threat. As a software developer, you don’t want to risk having new software you’re developing be beamed to the competition over the internet.
  • Windows Defender runs ALL the time. Even when you’re not actually connected to the internet or downloading anything. Anti-virus software is somewhat of a resource drain and there’s no reason to leave it running if there’s no appreciable risk to your machine.
  • It doesn’t really help. Of the possible threats to your computer’s security, Windows Defender is only going to be effective against a fairly small subset. Providing you avoid installing applications from untrusted sources and insure that your browser and firewall are secure then you will be as safe as is reasonable.

The idea behind Windows Defender is the same as behind the automatic updates, if people don’t know enough to disable it, it can stop viruses from spreading between computer systems. To Microsoft it’s not an issue if these computers are way slower, because the people running them don’t know how fast they should be.

On a side note I’ve always detested the idea that buying new hardware is a solution to performance issues. You can solve anything by just throwing money at it. Good design is a solution, better hardware is giving up. Of course you need your software to run on something, but “spend more money” should never be the first solution.

For the issue at hand, we’re going to turn off Windows Defender with something called gpedit. Short for group policy editor. This is normally used by network administrators, generally people in charge of machines belonging to businesses or government offices, to set the company policies that apply to various company owned machines. Things like not allowing any USB storage to be connected or enforcing that no sound can be played from any machine. Generally the group policies are applied network wide onto all machines that are connected to a specific network and answer to a certain type. For smaller networks however, the gpedit tool lets us directly modify the policies that apply to one machine at a time.

Search for it as follows.

gpedit1

You’ll want “Computer Configuration” > “Administrative Templates” > “Windows Components” > “Windows Defender”. In the Windows Defender tab, you want to double click the option marked “Turn off Windows Defender”.

gpedit2

You will get a screen that looks something like this. Remember that “Enabled” is what disables defender. You are activating a policy, not disabling a service.

gpedit3

Insure that when you start up gpedit, it starts as an Administrator.

It is somewhat annoying that Microsoft feels so much ownership over the people who choose to install their software that Microsoft feels it has the right to dictate what settings the users may or may not use. While you could argue that it prevents people who are less skilled with computers from doing accidental damage, an argument that might be somewhat understandable; it still doesn’t explain why there’s no option to change this setting in an actual menu.

Leave a Reply

Your email address will not be published. Required fields are marked *