Windows Defender is an antivirus that is incorporated into Windows 10 and that helps us protect our computer. This tool is responsible for keeping you safe against all types of malware and viruses in real time. While it is true that Microsoft has never offered the ability to disable the program, the truth is that, until now, it could be done. This was made possible by a variation on the Registry editor. However, the Redmond company has confirmed that disabling Windows Defender from the Windows 10 Registry will no longer be allowed .
Windows Defender incorporates an important function such as “Tamper Protection”. This feature is activated by default and is responsible for protecting it in case it is modified by malware or virus. The problem is that this function could be ignored when using the Registry editor, modifying the value “DisableAntiSpyware”.
That is why in the new Windows 10 update , Microsoft has introduced a new security feature called Tamper Protection . This update corresponds to August 2020. With it, the possibility of deactivating Windows Defender either from the registry key, command line or by group policies is eliminated. This new functionality aims from now on to protect our device from attacks that try to disable the different security solutions built into Windows 10.
Windows Defender can no longer be disabled from the Registry
The reasons given by Microsoft for this change is that, from now on Windows Defender will be automatically disabled when it detects that there is another antivirus installed on the computer. The company has confirmed that the change removes a legacy registry setting called DisableAntiSpyware and will be removed starting with Microsoft Defender Antimalware platform versions 4.18.2007.8 and later .
Despite the introduction of these new measures, and with Tamper Protection enabled, the DisableAntiSpyware registry value has been working briefly. When enabled, if malware reboots the PC, Microsoft Defender is disabled for that session . It will be on the next reboot when Tamper Protection activates and re- enables Windows Defender. This short period of time is more than enough for any malware to infiltrate and cause damage to our computer.
If it detects an antivirus, Windows Defender will be disabled
That is why Microsoft has decided to eliminate this policy. For this, the Redmond company wants to avoid all kinds of virus and malware attacks that can take advantage of that hole in the Protection against manipulation. With the DisableAntiSpyware registry value removed, the malware no longer has the ability to take advantage of the “Tamper Protection” weakness and Windows Defender will only be disabled when another antivirus is installed.
Despite the reasons given by Microsoft, it is a rather strange move. There are many users who until now were in charge of disabling Windows Defender using the registry key, to later install their own antivirus. This is something that from now on they will not be able to do again.