-->
Applies to:
Jan 9, 2019 - Find out how Windows Security can help keep your PC safe from malicious software and viruses. Reg files to permanently disable and restore Windows Defender on Windows 10 - Calinou/disable-windows-defender.
- Windows 10
- Windows 10 Mobile
Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files.
SmartScreen determines whether a site is potentially malicious by:
- Analyzing visited webpages looking for indications of suspicious behavior. If it finds suspicious pages, SmartScreen shows a warning page, advising caution.
- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
SmartScreen determines whether a downloaded app or app installer is potentially malicious by:
- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen shows a warning to let the user know that the site might be malicious.
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, SmartScreen shows a warning, advising caution.NoteBefore Windows 10, version 1703 this feature was called the SmartScreen Filter when used within the browser and Windows SmartScreen when used outside of the browser.
Benefits of Windows Defender SmartScreen
Windows Defender SmartScreen helps to provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
- Anti-phishing and anti-malware support. SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see Evolving Microsoft SmartScreen to protect you from drive-by attacks
- Reputation-based URL and app protection. SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, your employees won't see any warnings. If however there's no reputation, the item is marked as a higher risk and presents a warning to the employee.
- Operating system integration. SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
- Improved heuristics and diagnostic data. SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
- Management through Group Policy and Microsoft Intune. SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings.
Viewing Windows Defender SmartScreen anti-phishing events
When Windows Defender SmartScreen warns or blocks an employee from a website, it's logged as Event 1035 - Anti-Phishing.
Viewing Windows event logs for SmartScreen
SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
EventID | Description |
---|---|
1000 | Application SmartScreen Event |
1001 | Uri SmartScreen Event |
1002 | User Decision SmartScreen Event |
Related topics
Note
Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see Contributing to TechNet content.
Microsoft has integrated Windows Defender, the anti-malware software, in Windows 10/8/7/Vista, and while it is easy to turn off or disable Windows Defender, it is not possible to uninstall Windows Defender.
If you install any other 3rd-party antivirus software, it will automatically disable itself. If the 3rd-party antivirus stops functioning for some reason, it will automatically activate itself. This is good. Nevertheless, if you feel the need to disable it completely, you may do so via its Settings, Registry, GPEDIT as well as disable its Services.
Disable Windows Defender in Windows 10
You can disable or turn off Windows Defender via:
- Windows Defender UI
- Windows Defender Security Center UI
- Group Policy
- Windows Services Manager
- Registry Editor
- PowerShell
- Command line.
Let us see how to do it.
1] Using Windows Defender Security Center
Windows 10 users have to do this. Open Settings > Update & Security > Windows Defender.
Here make sure Real-time protection and Cloud-based Protection is turned off.
In Windows 10 v1607 and later you will have to open Windows Defender Security Center > Virus & Threat Protection > Virus & Threat Protection settings and toggle the switch against Real-time protection.
2] Using Windows Defender Settings UI
To disable Windows Defender in Windows 8,Windows 7 and Windows Vista, open Windows Defender > Tools > Options.
Now uncheck Use Real Time Protection checkbox and also Use Windows Defender under Administrative Options check box. Click on Save.
There is one more thing all Windows users can do.
3] Disable Windows Defender Service using Service Manager
Type services.msc in taskbar search bar and hit Enter to open Services Manager. Change the startup type of the Windows Defender Service from Automatic to Disabled. Also, disable the WdNisSvc or Windows Defender Network Inspection Service.
4] Using Registry Editor
Run regedit and navigate to the following key:
Set the value of DWORD called DisableAntiSpyware to 1 to disable Windows Defender.
5] Using Group Policy Editor
If your Windows has Group Policy Editor, Run gpedit.msc and navigate to and Enable the following setting:
Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Defender > Turn off Windows Defender.
If you enable this policy setting, Windows Defender does not run, and computers are not scanned for malware or other potentially unwanted software. If you disable or do not configure this policy setting, by default Windows Defender runs and computers are scanned for malware and other potentially unwanted software.
Reboot your computer.
6] Using PowerShell command
Use the following Powershell command to disable Windows Defender:
To re-enable it:
7] Using Command line
To disable it in an elevated CMD use:
To re-enable it use:
TIP: Defender Control is a freeware that lets you disable Windows Defender permanently on Windows 10.
Uninstall Windows Defender
Though I have not tried this personally, there is one way being recommended on the internet. It is said to have worked, for some. This was known to work in Windows XP – but not in Windows 7 and later. Create a system restore point and the Run the following from an elevated command prompt:
I must add that I do not advise trying to uninstall Windows Defender, as uninstalling/deleting Windows Defender in Windows is known to cause other irritants later on since it is well-integrated with the OS.
Ported from WVC
In Windows 10/8, Windows Defender is far improved and now includes complete anti-malware protection.
See this post if you want to know how to start Windows Defender manually and this one if Windows Defender will not turn off even when 3rd party AntiVirus is installed.
TIP: Download this tool to quickly find & fix Windows errors automatically
Related Posts: