Reason why Windows 10 won’t disable Microsoft Defender using DisableAntiSpyware Registry


Windows 10 users will no longer be able to disable Microsoft Defender Antivirus by making changes to the Windows 10 Registry. Windows 10 provides users with a feature called Tamper Protection. This feature prevents changes to Windows Security and Microsoft Defender settings outside of the Windows interface.

Microsoft Defender Antivirus Windows 10

Microsoft Defender Antivirus Windows 10

Defender deprecates DisableAntiSpyware registry key

These restrictions apply to command-line tools, group policies, and Registry changes. Tamper Protection in Windows 10 is available since at least the release of Windows 10 version 1903. Microsoft has already clarified its position on the issue. The company has made it clear that it won’t let users disable its Windows 10 Antivirus tool, courtesy of Registry changes.

Prior to the August 2020 update, Windows 10 users could disable the Microsoft Defender Antivirus by, inter alia, setting the value of DisableAntiSpyware registry to 1 under:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender

Microsoft has disabled the DisableAntiSpyware Registry key in the August 2020 update. According to Microsoft, since this setting is not intended for consumer devices, the company decided to remove the registry key. This change went into effect with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher KB4052623.

“Note that this setting is protected by tamper protection. Tamper protection is available in all Home and Pro editions of Windows 10 version 1903 and higher and is enabled by default,” Microsoft has explained.

“The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus.”

But there’s more to the story

Last week, Microsoft further clarified how it plans to support the Tamper Protection feature through the depreciation of DisableAntiSpwyare. Microsoft Defender antivirus automatically disables itself upon detecting another antivirus program.

For this reason, Microsoft has decided to remove a legacy registry setting DisableAntiSpyware. Tamper protection in Microsoft Defender safeguards Windows 10 devices against cyberattacks that try to disable built-security solutions.

In related news, Microsoft Defender Antivirus can now be used to directly download a file from the web, courtesy of the command-line MpCmdRun.exe tool.

Microsoft Defender Antivirus Windows 10Microsoft Defender Antivirus Windows 10

Original Article