A couple of weeks ago we told you how the latest Microsoft Defender update (previously called Windows Defender) made it difficult to disable it if we prefer to use another antivirus, because it is no longer possible to use the Windows Registry to do so.
The reasons weren’t very clear, but Microsoft has released an update to the Windows 10 message center explaining exactly why they made this decision, and more importantly, why it was necessary and what exactly happens if we want to use another antivirus.
WINDOWS 10: 9 VERY USEFUL and LITTLE KNOWN TRICKS
It is to fix a vulnerability in Microsoft Defender Tamper Protection
One of the most important functions of Microsoft Defender is the protection against tampering or “Tamper Protection“, a feature that protects the antivirus itself from being modified by malware.
This protection is enabled by default on all Windows 10 devices to protect computers from a cyberattack that tries to disable virus protection. The point is that this protection could be ignored if the Windows Registry was used to enable the ‘DisableAntiSpyware’ value.
If you install any other antivirus on your PC, Microsoft Defender will automatically disable itself
Basically, if someone used that registry key and a malware rebooted the computer, Microsoft Defender would be disabled in that session but only until the next reboot, but that short period without tampering protection was enough to infiltrate the system.
Microsoft explains that, as now Microsoft Defender is automatically disabled when it detects that there is another antivirus program installed, have decided to remove the old option to do it through the Registry.
That registry key was used primarily by manufacturers and sysadmins who often install their own antivirus solutions, but after the latest Microsoft Defender and Windows 10 update, this is no longer necessary.
Via | Bleeping Computer