Cmdline c windows system32 net exe stop windefend

Once again, after a Windows update, Windows Defender activated itself again. It finally bothered me enough to take an actual look at how to disable it permanently and reliably, in a fully automated way (a PowerShell script), on my Windows 10 20H2 (build 19042).

WARNING (please read me):
This script is not intended as a “stop/start” solution. It aims at disabeling permanently windows defender, even removing its files if you chose to. I made it as a malware analyst, for my usage, and decided to share it to help others. The “general public” might find another, easier to use solution that suit their need better.
I would also add that some alternative working solutions have been added in the comments of this article (many thanks to their writers !) : it’s definitly worth checking.

TL;DR : the final script can be found here : https://github.com/jeremybeaume/tools/blob/master/disable-defender.ps1

Registry configuration

First, I took some time to look at the registry configuration, where are the parameters located, and how/when the values were changed. Procmon, from SysInternals, is a very convenient tool for this kind of research.

I looked for registry access with “Defender” in the path, and this is the result:

Картинка с сайта: wirediver.com

We get a first idea of the configuration location, most interesting keys seems to be under HKLM\SOFTWARE\Microsoft\Windows Defender.

Then I proceeded to check the keys for each parameter.

First on the list is the “Real-Time protection”, modifying the key HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring

Картинка с сайта: wirediver.com

Then the “cloud-delivered protection”, with the key HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SpyNetReporting :

Картинка с сайта: wirediver.com

(For reference, the key for “Automatic sample submission” is HKLM\SOFTWARE\Microsoft\Windows Defender\SpyNet\SubmitSampleConsent)

The “Tamper Protection” is next, using 2 keys: HKLM\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection (4 when disabled) and HKLM\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtectionSource (2 when disabled)

Картинка с сайта: wirediver.com

And lastly, exclusions are stored in subkeys of HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions depending on their type:

Картинка с сайта: wirediver.com

Now, one thing to note is that the Administrator (meaning members of the BUILTIN\Administrators group) cannot change those keys (only SYSTEM can):

An even as SYSTEM, with tamper protection off, writing is still not authorized:

Картинка с сайта: wirediver.com

So here we are :

• There is not option to disable “Tamper Protection” in powershel (that’s the point ….).
• We can’t edit the configuration directly in the registry, even as SYSTEM.

What I used to do was using Set-MpPreference to add whole drives as exception, but sometimes I would still get alerts : Defender is still running and analyzing my actions.

Of course, Microsoft provides ways and documentation to disable Defender, so let’s check them out.

Disable Defender: the Microsoft way

DisableAntiSpyware

Searching on the internet (like ), there seems to be a registry key for that, named DisableAntiSpyware. It is indeed read when opening the configuration:

Картинка с сайта: wirediver.com

2 Keys are read, one in the “main configuration” key, and one under HKLM\SOFTWARE\Policies. This second one, we can write, to let’s go for it!
I created it, Defender was still running, without warning or anything, so it doesn’t seem to have any effect. But it gets better, it is actually considered a Severe security alert!

Картинка с сайта: wirediver.com

Maybe we need to be more subtle, and use gpedit to edit this policy, let’s try that!

GPO

Here is what we get when editing the policy with gpedit :

Картинка с сайта: wirediver.com

The previous key is actually written by a service (svchost.exe -k netsvcs -p -s gpsvc) and another one is written in a policy object. This time is doesn’t raise a security alert, so the second key must be necessary. I also noted that a 3rd key is written when the tamper protection is off:

Картинка с сайта: wirediver.com

This 3rd key is written by MsMpEng.exe which happens to be the binary run by the Microsoft Defender service: this is the Defender userland engine. So, we should be good to go then?

Well, nothing is disabled yet, and after reboot …. the policy is removed! So this seems to be completely ignored.

Temporary solution

I finally managed to disable it, by adding a process exclusion (including regedit.exe):

Картинка с сайта: wirediver.com

Then, with “Tamper Protection” off, and as SYSTEM, the key HKLM\SOFTWARE\Microsoft\Windows Defender\DisableAntiSpyware finally becomes writable. Setting its value to 1 immediately stops Windows Defender:

So here we are! But …. no 🙂 This is still overwritten on reboot! This a good enough temporary solution, but as we need to disable the “Tamper Protection”, it cannot be scripted in PowerShell.

Disable Defender: the hacker way

How it works

So I did not found any way to configure Defender itself to stop running. But it actually runs in a Service, so maybe there is something there. The service cannot be modified using services.msc as we would usually do:

Картинка с сайта: wirediver.com

See how everything is greyed out?

We can also find the kernel drivers used by Defender, with msinfo32:

Картинка с сайта: wirediver.com

But, and that’s what we’re going to use : we can edit (at least for now) the registry keys associated to those services and drivers, in HKLM\SYSTEM\CurrentControlSet\Services\. We set they Start value to 4, meaning “Disabled”, and after next reboot, the services and driver will not be loaded / started, and so Defender will not be working anymore ! And indeed, after the reboot :

Картинка с сайта: wirediver.com

We’re good to go, finally! It’s weird that we can edit those registry keys, when services.msc doesn’t let us modify the service, but well … It works! Let’s script the whole thing.

Scripting in PowerShell

I put everything in a convenient script that disables what it can directly in defender (Set-MpPreference), then modify the registry to disable the services, and set itself up to run again after reboot, to complete the removal. I’ll break it down below.

First, I make sure to elevate to Administrator (mandatory, and actually used when the scripted is run after rebooting), and SYSTEM if psexec is available. SYSTEM is optional, but we need it to write in the registry to modify the parameters in case Defender would still re-enable itself one day (because it sure will …).

if(-Not $($(whoami) -eq "nt authority\system")) {
    $IsSystem = $false

    # Elevate to admin (needed when called after reboot)
    if (-Not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) {
        Write-Host "    [i] Elevate to Administrator"
        $CommandLine = "-ExecutionPolicy Bypass `"" + $MyInvocation.MyCommand.Path + "`" " + $MyInvocation.UnboundArguments
        Start-Process -FilePath PowerShell.exe -Verb Runas -ArgumentList $CommandLine
        Exit
    }

    # Elevate to SYSTEM if psexec is available
    $psexec_path = $(Get-Command PsExec -ErrorAction 'ignore').Source 
    if($psexec_path) {
        Write-Host "    [i] Elevate to SYSTEM"
        $CommandLine = " -i -s powershell.exe -ExecutionPolicy Bypass `"" + $MyInvocation.MyCommand.Path + "`" " + $MyInvocation.UnboundArguments 
        Start-Process -WindowStyle Hidden -FilePath $psexec_path -ArgumentList $CommandLine
        exit
    } else {
        Write-Host "    [i] PsExec not found, will continue as Administrator"
    }

} else {
    $IsSystem = $true
}

Then the script use the Set-MpPreference command to disable everything we can, adding exception for all drive leter, and disabling all available engines.

67..90|foreach-object{
    $drive = [char]$_
    Add-MpPreference -ExclusionPath "$($drive):\" -ErrorAction SilentlyContinue
    Add-MpPreference -ExclusionProcess "$($drive):\*" -ErrorAction SilentlyContinue
}

Write-Host "    [+] Disable scanning engines (Set-MpPreference)"

Set-MpPreference -DisableArchiveScanning 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableBehaviorMonitoring 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableIntrusionPreventionSystem 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableIOAVProtection 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableRemovableDriveScanning 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableBlockAtFirstSeen 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableScanningNetworkFiles 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableScriptScanning 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableRealtimeMonitoring 1 -ErrorAction SilentlyContinue

Write-Host "    [+] Set default actions to Allow (Set-MpPreference)"

Set-MpPreference -LowThreatDefaultAction Allow -ErrorAction SilentlyContinue
Set-MpPreference -ModerateThreatDefaultAction Allow -ErrorAction SilentlyContinue
Set-MpPreference -HighThreatDefaultAction Allow -ErrorAction SilentlyContinue

Then the services and drivers are disabled, and the script checks if it need to reboot :

$need_reboot = $false

# WdNisSvc Network Inspection Service 
# WinDefend Antivirus Service
# Sense : Advanced Protection Service

$svc_list = @("WdNisSvc", "WinDefend", "Sense")
foreach($svc in $svc_list) {
    if($(Test-Path "HKLM:\SYSTEM\CurrentControlSet\Services\$svc")) {
        if( $(Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$svc").Start -eq 4) {
            Write-Host "        [i] Service $svc already disabled"
        } else {
            Write-Host "        [i] Disable service $svc (next reboot)"
            Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$svc" -Name Start -Value 4
            $need_reboot = $true
        }
    } else {
        Write-Host "        [i] Service $svc already deleted"
    }
}

Write-Host "    [+] Disable drivers"

# WdnisDrv : Network Inspection System Driver
# wdfilter : Mini-Filter Driver
# wdboot : Boot Driver

$drv_list = @("WdnisDrv", "wdfilter", "wdboot")
foreach($drv in $drv_list) {
    if($(Test-Path "HKLM:\SYSTEM\CurrentControlSet\Services\$drv")) {
        if( $(Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$drv").Start -eq 4) {
            Write-Host "        [i] Driver $drv already disabled"
        } else {
            Write-Host "        [i] Disable driver $drv (next reboot)"
            Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\$drv" -Name Start -Value 4
            $need_reboot = $true
        }
    } else {
        Write-Host "        [i] Driver $drv already deleted"
    }
}

# Check if service running or not
if($(GET-Service -Name WinDefend).Status -eq "Running") {   
    Write-Host "    [+] WinDefend Service still running (reboot required)"
    $need_reboot = $true
} else {
    Write-Host "    [+] WinDefend Service not running"
}

To execute after reboot, a shortcut is added in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\, and deleted after use.

$link_reboot = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\disable-defender.lnk"
Remove-Item -Force "$link_reboot" -ErrorAction 'ignore' # Remove the link (only execute once after reboot)

if($need_reboot) {
    Write-Host "    [+] This script will be started again after reboot." -BackgroundColor DarkRed -ForegroundColor White

    $powershell_path = '"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"'
    $cmdargs = "-ExecutionPolicy Bypass `"" + $MyInvocation.MyCommand.Path + "`" " + $MyInvocation.UnboundArguments

    $res = New-Item $(Split-Path -Path $link_reboot -Parent) -ItemType Directory -Force
    $WshShell = New-Object -comObject WScript.Shell
    $shortcut = $WshShell.CreateShortcut($link_reboot)
    $shortcut.TargetPath = $powershell_path
    $shortcut.Arguments = $cmdargs
    $shortcut.WorkingDirectory = "$(Split-Path -Path $PSScriptRoot -Parent)"
    $shortcut.Save()

Finally, if we don’t need to reboot, we can finish cleaning up : configure the registry, and delete the files if we wish to :

} else {
    if($IsSystem) {

        # Configure the Defender registry to disable it (and the TamperProtection)
        # editing HKLM:\SOFTWARE\Microsoft\Windows Defender\ requires to be SYSTEM

        Write-Host "    [+] Disable all functionnalities with registry keys (SYSTEM privilege)"

        # Cloud-delivered protection:
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" -Name SpyNetReporting -Value 0
        # Automatic Sample submission
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" -Name SubmitSamplesConsent -Value 0
        # Tamper protection
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Features" -Name TamperProtection -Value 4

        # Disable in registry
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1
        Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1

    } else {
        Write-Host "    [W] (Optional) Cannot configure registry (not SYSTEM)"
    }


    if($MyInvocation.UnboundArguments -And $($MyInvocation.UnboundArguments.tolower().Contains("-delete"))) {

        # Delete Defender files

        function Delete-Show-Error {
            $path_exists = Test-Path $args[0]
            if($path_exists) {
                Remove-Item -Recurse -Force -Path $args[0]
            } else {
                Write-Host "    [i] $($args[0]) already deleted"
            }
        }

        Write-Host ""
        Write-Host "[+] Delete Windows Defender (files, services, drivers)"

        # Delete files
        Delete-Show-Error "C:\ProgramData\Windows\Windows Defender\"
        Delete-Show-Error "C:\ProgramData\Windows\Windows Defender Advanced Threat Protection\"

        # Delete drivers
        Delete-Show-Error "C:\Windows\System32\drivers\wd\"

        # Delete service registry entries
        foreach($svc in $svc_list) {
            Delete-Show-Error "HKLM:\SYSTEM\CurrentControlSet\Services\$svc"
        }

        # Delete drivers registry entries
        foreach($drv in $drv_list) {
            Delete-Show-Error "HKLM:\SYSTEM\CurrentControlSet\Services\$drv"
        }
    }
}

Write-Host ""
Read-Host -Prompt "Press any key to continue"

And we are done ! Final result can be downloaded here : https://github.com/jeremybeaume/tools/blob/master/disable-defender.ps1

It can be executed from anywhere in the file system. The parameter -Delete will delete the files linked to Defender after reboot. And it should work fine, until the Tamper Protection also protects the services ergistry key, which is bound to happen someday. I’m actually surprised it doesn’t already …

Windows Defender — встроенная антивирусная программа в операционной системе Windows, которая защищает устройство от вредоносного программного обеспечения и других угроз. Однако бывают ситуации, когда необходимо временно отключить защиту, например, для установки программного обеспечения, которое может быть заблокировано антивирусом, или для выполнения задач, требующих полного контроля над системой. В этом руководстве расскажем, как отключить антивирус Windows, обеспечив при этом максимальную безопасность вашего устройства.

Важные моменты перед отключением

Перед тем как отключить Windows Defender, необходимо учитывать несколько ключевых аспектов:

Риски безопасности

Временное отключение антивируса увеличивает вероятность заражения системы. Отключайте защиту только на короткий срок и убедитесь, что у вас есть альтернативные средства защиты.

Дополнительная защита

Если требуется отключить встроенный антивирус, нужно установить стороннее решение, например, PRO32 Total Security, которое будет обеспечивать защиту вашей системы на время отключения Windows Defender.

Отключение через параметры системы

Самый простой способ временно отключить Windows Defender — использовать встроенные системные настройки:

1. Доступ к настройкам безопасности:

• Откройте меню Пуск и выберите «Параметры».
• Перейдите в раздел «Обновление и безопасность» и выберите «Безопасность Windows».

2. Отключение защиты в реальном времени:

• В разделе «Антивирус и защита от угроз» выберите «Управление настройками».
• Отключите опцию «Защита в реальном времени», передвинув переключатель. Это временно деактивирует антивирус, однако система может автоматически включить его через некоторое время.

Полное отключение через редактор локальной групповой политики

Если вы используете Windows Pro или Enterprise, можно полностью отключить Windows Defender через редактор локальной групповой политики:

1. Запуск редактора групповой политики:

• Нажмите Win + R для открытия окна «Выполнить».
• Введите команду gpedit.msc и нажмите Enter.

2. Настройка отключения антивируса:

• Перейдите в раздел Конфигурация компьютера → Административные шаблоны → Компоненты Windows → Антивирусная программа Windows Defender.
• Найдите параметр «Отключить антивирусную программу Windows Defender» и включите его, чтобы полностью отключить встроенную защиту.

Отключение через редактор реестра

Этот метод требует осторожности, поскольку некорректное изменение реестра может вызвать проблемы в работе системы:

1. Запуск редактора реестра:

Откройте окно «Выполнить» с помощью сочетания клавиш Win + R и введите regedit, затем нажмите Enter.

2. Изменение параметров реестра:

• Перейдите по пути: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
• Если параметр DisableAntiSpyware отсутствует, создайте его:
• Щёлкните правой кнопкой мыши в правой части окна, выберите Создать → Параметр DWORD (32 бита).
• Присвойте параметру имя DisableAntiSpyware и установите значение 1.

Временное отключение через командную строку

Если необходимо временно остановить работу Windows Defender, можно воспользоваться командной строкой:

1. Запуск командной строки с правами администратора:

В меню Пуск введите cmd, затем щёлкните правой кнопкой мыши на «Командная строка» и выберите «Запуск от имени администратора».

2. Остановка антивирусной службы:

Введите команду sc stop WinDefend и нажмите Enter. Это временно остановит работу Windows Defender.

3. Повторное включение защиты:

Чтобы снова включить антивирус, введите команду sc start WinDefend и нажмите Enter.

Отключение антивируса Windows может быть необходимо в ряде случаев, но всегда следует помнить о рисках, связанных с этим действием. Включайте защиту сразу после выполнения нужных задач. Если у вас возникают сомнения, лучше обратиться к профессионалам. Для обеспечения дополнительной безопасности во время отключения Windows Defender рекомендуется использовать проверенные антивирусные решения, такие как PRO32 Антивирус.

There are times when we want to turn off Windows Defender on Windows 10 quickly. For example, if we are installing a software which requires that the antivirus should be disabled during installation (yes there are some software which requires this).

Windows Defender is an all in one security software from Microsoft consisting of antivirus and a firewall. Windows Defender comes pre-installed with Windows 10. It gets all its updates from Windows Update.

Although you can turn Windows Defender on or off from Windows Settings, there are other quick ways to turn it on or turn off Windows Defender Windows 10 or even Windows 8/8.1. You should choose the best method according to the version of Windows you are using.

Why turn off Windows Defender?

A general recommendation in terms of security is that you should always have security enabled for your PC at all times. This could be using Windows Defender, Microsoft’s own security solution built into Windows 10, or using a third-party security tool.

Sometimes you will need to disable antivirus and firewall protection in Windows. For example, when you are playing a game but the antivirus keeps on scanning the files and slows down the system. Another example can be when the antivirus detects a program as a false positive although you know that the program is completely safe to use.

Some people believe that it is safe to turn off Windows Defender and use cracking software. This includes activating Windows using illegal tools like KMSPico or the Microsoft Toolkit. These cracking tools are not safe at all. They may inject malware into the system that may not be detectable by the antivirus after installation. The malware is used for cryptomining and other hacking purposes.

There are two ways to turn off Windows Defender, either temporarily or permanently. We will discuss both ways here.

How to Turn Off Windows Defender Using Windows Settings

If you want to turn Windows Defender on or off using Windows Settings, follow the steps below:

1. Open Windows Settings (Windows key + i)
2. Go to Update & Security –> Windows Security
3. From the right-hand pane, select Manage settings under Virus & threat protection settings.
4. Toggle the switch to Off under Real-time protection.

Картинка с сайта: www.itechtics.com

This will turn off real-time protection while a manual scan is available at your disposal.

How To Disable Windows Defender Using Command Prompt

To turn off Windows Defender using Command Prompt, follow these steps:

1. Open command prompt with administrative privileges

2. Run the following command to disable Windows Defender:

   sc stop WinDefend

3. To make sure that Windows Defender is stopped, run this command:

   sc query WinDefend

To enable Windows defender again, run the following command:

sc start WinDefend

Please note that this is a temporary method to stop Windows Defender. The service will return to its original state once the system is restarted.

To disable Windows Defender permanently using the command prompt, run the following command:

sc config WinDefend start= disabled
sc stop WinDefend

To enable it again on startup, run the following commands:

sc config WinDefend start= auto
sc start WinDefend

If you want to check the current state of the Windows Defender service, run the following command:

sc query WinDefend

Check the STATE variable. It should be in RUNNING state if it is enabled.

Картинка с сайта: www.itechtics.com

How To Permanently Disable Windows Defender Using PowerShell

One advantage of PowerShell is that you can deploy changes to Windows Defender on multiple computers across the network.

If you prefer PowerShell way, follow the steps below:

1. Run PowerShell with administrative privileges (Windows key + X + A)
2. To disable real-time monitoring for Windows Defender, run the following command:
   Set-MpPreference -DisableRealtimeMonitoring $true
3. To enable real-time monitoring, run the following command:
   Set-MpPreference -DisableRealtimeMonitoring $false

The above method will only turn off real-time monitoring of Windows Defender. If you want to completely remove Windows Defender from Windows 10, use the following PowerShell command:

Uninstall-WindowsFeature -Name Windows-Defender

How To Permanently Turn Off Windows Defender Using Group Policy

If you are a network admin and want to disable Windows Defender from your network, it is wise to use Group Policy. Just follow the steps below to turn off Windows Defender using the Group Policy editor:

1. Open Group Policy Editor (Run –> gpedit.msc)
2. Go to Computer Configuration –> Administrative Templates –> Windows Components –> Windows Defender Antivirus
   

   Картинка с сайта: www.itechtics.com

3. From the right-hand pane, open Turn off Windows Defender Antivirus and select Enabled
   

   Картинка с сайта: www.itechtics.com

This setting can be accessed through Local Group Policy as well as Domain Group Policy. The local policy will turn off Windows Defender for all local users while the domain policy will disable it for all systems on which the policy is applied.

How To Permanently Disable Windows Defender Using Windows Registry

You can also disable Windows Defender permanently from Windows Registry just by creating or altering a few registry keys.. Follow the steps below:

1. Go to Run –> regedit. This will open the Windows Registry Editor.
2. Navigate to the following key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
3. In the right pane, right-click the empty area and create a new DWORD (32-bit) value.
4. Rename the new item to DisableAntiSpyware
5. Double-click DisableAntiSpyware and change its value to 1.

Windows Defender will not load after the next computer restart. To enable Windows Defender again, you can either delete the created registry key or simply change its value to 0.

Please note that you can’t completely uninstall the Windows Defender. Even if you manage to delete its service or files, it will most likely be restored on the next major Windows update.

There are a few scenarios where the user wants to disable a specific part of the Windows Defender system. We will discuss the scenarios below.

How to turn off Windows Firewall only

To turn off Windows Firewall only and keep using other Windows Defender functionality, follow the steps below:

1. Open Windows Settings (Windows key + i)
2. Click on Update & Security and then Windows Security
3. In the right-hand pane, click on Open Windows Security
4. From the left-hand pane, select Firewall & network protection
5. In the right-hand pane, you will see three protection types. Domain network, Private network, Public network.
6. Click on each network type and toggle it to disabled.

This will only turn off the firewall. The antivirus and other functionality of Windows Defender will keep on working.

How to turn off Windows Defender real-time antivirus only

If you want to turn off the antivirus real-time functionality only, you can follow the steps below:

1. Open Windows Settings (Windows key + i)
2. Click on Update & Security and then Windows Security
3. From the left-hand pane, click on Virus & threat protection
4. In the right-hand pane, toggle real-time protection to off.

Verdict

If you have not installed any third-party antivirus, then you should keep Windows Defender running as it will protect you from the most common virus/hacking threats while you are connected to the Internet. There should always be an anti-malware solution running on your computer at all times. These methods should be used to disable the security software temporarily.

I hope this has been informative for you. If there are any other easier ways to enable or disable Windows Defender, please let us know in the comments below!