Skip to content

Microsoft explains why we can no longer disable Windows Defender from the Windows 10 registry

23 mayo, 2021

A couple of weeks ago we told you how the latest Microsoft Defender update (previously called Windows Defender) made it difficult to disable it if we prefer to use another antivirus, because it is no longer possible to use the Windows Registry to do so.

The reasons weren’t very clear, but Microsoft has released an update to the Windows 10 message center explaining exactly why they made this decision, and more importantly, why it was necessary and what exactly happens if we want to use another antivirus.


It is to fix a vulnerability in Microsoft Defender Tamper Protection

Windows Defender

One of the most important functions of Microsoft Defender is the protection against tampering or “Tamper Protection“, a feature that protects the antivirus itself from being modified by malware.

This protection is enabled by default on all Windows 10 devices to protect computers from a cyberattack that tries to disable virus protection. The point is that this protection could be ignored if the Windows Registry was used to enable the ‘DisableAntiSpyware’ value.

If you install any other antivirus on your PC, Microsoft Defender will automatically disable itself

How to protect your files from ransomware with the new security center feature in Windows 10

Basically, if someone used that registry key and a malware rebooted the computer, Microsoft Defender would be disabled in that session but only until the next reboot, but that short period without tampering protection was enough to infiltrate the system.

Microsoft explains that, as now Microsoft Defender is automatically disabled when it detects that there is another antivirus program installed, have decided to remove the old option to do it through the Registry.

That registry key was used primarily by manufacturers and sysadmins who often install their own antivirus solutions, but after the latest Microsoft Defender and Windows 10 update, this is no longer necessary.

Via | Bleeping Computer