Microsoft explains why it won’t let you disable this annoying Windows 10 feature any more
Microsoft Defender for Windows 10 can no longer be disabled via the registry
Microsoft has revealed more details about the motivation behind its decision to prevent users from disabling Microsoft Defender outright.
Previously, users have been able to kill the native Windows 10 antivirus service temporarily by toggling real-time protection (which later switches back on automatically), or permanently via the registry.
However, with the Windows 10 August 2020 update (version 4.18.2007.8), the setting that allowed users to deactivate Microsoft Defender via the registry has been “discontinued and will be ignored on client devices,” Microsoft explained.
- Here's our list of the best malware removal software on the market
- Check out our list of the best ransomware protection software available
- We've built a list of the best firewall out there
The company originally said the setting was removed because it is not intended for use on consumer devices and is now defunct for IT professionals too, because Defender will automatically turn itself off when another antivirus program is active.
However, Microsoft has now confirmed that security concerns also played a part in the decision.
Windows 10 antivirus
With the release of Windows 10 1903, Microsoft introduced a security feature - called Tamper Protection - that blocks any attempts to tweak Microsoft Defender settings from outside the Windows interface.
However, this security filter could be circumvented by certain malware strains coded to abuse the DisableAntiSpyware registry value. Upon restart, Microsoft Defender would be disabled for a single session, providing a brief window in which hackers could conduct an attack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Since the change was first announced, Microsoft has confirmed the decision to discontinue DisableAntiSpyware was motivated in part by the need to ensure Tamper Protection is as watertight as possible.
“Tamper Protection is turned on by default for all consumer Windows 10 devices. This feature protects devices from cyber attacks that try to disable built-in security solutions, such as antivirus protection, in an attempt to gain access to your data [or] to install malware,” reads a post on the Windows 10 Message Center.
“As Microsoft Defender automatically turns itself off when it detects another antivirus program, we are removing a legacy registry called DisableAntiSpyware.”
With the ability to disable Microsoft Defender via the registry revoked, malware can no longer exploit the vulnerability in the Tamper Protection system.
- Here's our list of the best Windows 10 antivirus services around
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.