Enable or Disable Windows Defender Using Shortcut or Command-line

Almost every aspect of Windows Defender can be managed or automated using the MpCmdrun.exe command-line tool and PowerShell cmdlets. There are times when you need to temporarily disable your Windows Defender real-time protection on your test (non-production) systems, and switch it back on after a few minutes. It takes several mouse clicks to turn off/on the Windows Defender real-time protection through user interface.

This post explains how to create desktop shortcuts or command-line to enable or disable Windows Defender quickly.


Note: None of the following methods work if the Tamper Protection feature is enabled in Windows Defender Settings. Tamper Protection prevents third-party apps or scripts from modifying Windows Defender settings. The feature was first introduced in Windows 10 v1903 (19H1).


Enable or disable Windows Defender using shortcut, command-line or script

Method 1: Using separate shortcuts to enable and disable Defender

You can disable Windows Defender real-time protection using this PowerShell command:

powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true"

After you run the above command from an elevated Command Prompt or Run dialog (elevated), it disables real-time protection component of Windows Defender. Following that, you’ll immediately see the “Virus & threat protection” action center notification.

windows defender disable notification action center

windows defender enable or disable using shortcut command-line

And to enable the real-time protection back, use this command-line:

powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $false"

windows defender enable or disable using shortcut command-line

The above commands need to be run elevated (run as administrator).



windows defender enable or disable using shortcut command-lineYou can create separate desktop shortcuts to the above commands and run them as required. Make sure you run the shortcut using the Run as administrator option in the right-click menu. Alternately, you can configure the shortcut properties so that they run elevated every time.

Method 2: Using a PowerShell script file (.ps1) to toggle Defender real-time protection setting

This method uses a simple PowerShell script, which when run, toggles the Windows Defender real-time protection setting. If it’s turned off, the script turns it back on, and vice versa. So, you’ll need just one shortcut if using this method.

  1. Copy the following lines to Notepad:
    $preferences = Get-MpPreference
    Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)

    defender real-time toggle powershell script .ps1

  2. Save the file with a .ps1 extension, in a permanent location. Let’s say d:\tools\defender-realtime-toggle.ps1
  3. Create a desktop shortcut with the following command:
    powershell.exe -ExecutionPolicy Bypass -File "D:\Tools\defender-realtime-toggle.ps1"

That’s it! As always, whenever you plan to run the shortcut/script, you need to run it elevated (run as administrator.)

Other PowerShell cmdlets to manage Windows Defender

To know the complete list of PowerShell cmdlets for managing Windows Defender, check out Microsoft docs article on Defender-specific PowerShell cmdlets.

We’ve seen PowerShell’s Defender-specific cmdlets earlier in our earlier articles mentioned below:

  1. What is Controlled Folder Access in Windows 10 and How to Configure it?
  2. Enable or Disable “Controlled Folder Access” Quickly Using Shortcuts
  3. How to Enable PUA, PUP or Adware Protection in Windows Defender?
  4. Windows Defender Offline Scan in Windows 10 Eliminates Complex Malware

Hope you liked the shortcut or command-line method to enable and disable Windows Defender real-time protection on your computer.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support, my reader. It won't take more than 10 seconds of your time. The share buttons are right below. :)

About the author

Ramesh Srinivasan founded Winhelponline.com back in 2005. He is passionate about Microsoft technologies and he has been a Microsoft Most Valuable Professional (MVP) for 10 consecutive years from 2003 to 2012.

Leave a Comment