Windows Defender, the built-in anti-virus program in Windows, has useful features such as cloud-based protection, offline scanning, limited periodic scanning, tamper protection, controlled folder access, etc.
Almost every aspect of Windows Defender can be managed or automated using the MpCmdrun.exe command-line tool and PowerShell cmdlets. There are times when you need to temporarily disable your Windows Defender real-time protection on your test (non-production) systems, and switch it back on after a few minutes.
You may prefer a single-click shortcut or script solution because of the following reasons:
- It takes several mouse clicks to turn off/on the Windows Defender real-time protection through the user interface.
- The Turn off Microsoft Defender Antivirus Group Policy setting or its equivalent registry setting
DisableAntiSpyware = 1would require rebooting the computer.
- Microsoft has discontinued the
DisableAntiSpywarepolicy/registry setting in Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher.
DisableAntiSpywareno longer works!
This post explains how to enable or disable Windows Defender in a single-click using desktop shortcuts or command-line, and without requiring a restart.
Enable or disable Windows Defender using Shortcut or Command-line
This method turns off the Microsoft (Windows) Defender service altogether which means every component of Windows Defender (including the real-time protection, Microsoft Defender Antivirus Network Inspection Service, cloud-based protection, limited periodic scanning, tamper protection, controlled folder access, etc.,)
Note that this method works even if the Tamper Protection setting is enabled in the Windows Defender user interface. The Microsoft Defender Antivirus Service can be turned off only by a process running under the
- Download AdvancedRun from the following page at Nirsoft’s site.
- Extract the executable
AdvancedRun.exeto a permanent folder — let’s say
- Create a Windows Batch file containing the following command-line. To create a Batch file (.bat), use Notepad.
net stop windefend
- Save the Batch file as
- From the Run dialog, run the following command-line to disable Windows Defender completely:
D:\Tools\AdvancedRun.exe /EXEFilename "D:\Tools\disable-defender.bat" /RunAs 8 /Run
(Optionally, you can create a desktop shortcut to the above command.)
That disables Microsoft Defender Antivirus Service & Microsoft Defender Antivirus Network Inspection Service.
Editor’s note: If your PC is used by multiple users, you also need to make sure that the batch file is saved in a secure location so that it can’t be tampered by other users. Use NTFS permissions accordingly to secure the file.
To start the Microsoft Defender Antivirus Service & Microsoft Defender Antivirus Network Inspection Service back, run the following commands from an admin Command Prompt window:
net start WinDefend net start WdNisSvc
You can also create a Batch file containing the above command-line.
Note: Methods 2 and 3 below don’t work if the Tamper Protection feature is enabled in Windows Defender Settings. Tamper Protection prevents third-party apps or scripts from modifying Windows Defender settings. The feature was first introduced in Windows 10 v1903 (19H1).
You can disable Windows Defender real-time protection using this PowerShell command:
powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true"
After you run the above command from an elevated Command Prompt or Run dialog (elevated), it disables the real-time protection component of Windows Defender. Following that, you’ll immediately see the “Virus & threat protection” action center notification.
And to enable the real-time protection back, use this command-line:
powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $false"
The above commands need to be run elevated (run as administrator).
You can create separate desktop shortcuts to the above commands and run them as required. Make sure you run the shortcut using the Run as administrator option in the right-click menu. Alternately, you can configure the shortcut properties so that they run elevated every time.
This method uses a simple PowerShell script, which when run, toggles the Windows Defender real-time protection setting. If it’s turned off, the script turns it back on, and vice versa. So, you’ll need just one shortcut if using this method.
- Copy the following lines to Notepad:
$preferences = Get-MpPreference Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)
- Save the file with a
.ps1extension, in a permanent location. Let’s say
- Create a desktop shortcut with the following command:
powershell.exe -ExecutionPolicy Bypass -File "D:\Tools\defender-realtime-toggle.ps1"
That’s it! As always, whenever you plan to run the shortcut/script, you need to run it elevated (run as administrator.)
Other PowerShell cmdlets to manage Windows Defender
To know the complete list of PowerShell cmdlets for managing Windows Defender, check out Microsoft docs article on Defender-specific PowerShell cmdlets.
We’ve seen PowerShell’s Defender-specific cmdlets earlier in our earlier articles mentioned below:
Hope you liked the shortcut or command-line method to enable and disable Windows Defender real-time protection on your computer.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
About the author
Ramesh Srinivasan founded Winhelponline.com back in 2005. He is passionate about Microsoft technologies and he has been a Microsoft Most Valuable Professional (MVP) for 10 consecutive years from 2003 to 2012.