Windows – How to disable Windows Defender via PowerShell on Windows 10 version 1903+

powershellwindows 10windows-defender

So, I need to automatically disable Windows Defender for certain virtual machines via a PowerShell script. Previous to the May update, one could set the DisableAntiSpyware and DisableRoutinelyTakingAction in the registry and Defender was disabled.

Now with version 1903, this doesn't seem to work anymore. Even with disabling the Anti temper protection via registry and rebooting, I only get a permission denied when trying to set the two registry values.

Does anyone have ideas how I could solve this? I tried using the Invoke-CommandAs to do this as SYSTEM, however this didn't work either sadly.

Best Answer

Okay, I guess I found a way.

Either use Defender Control or elevate a PowerShell session TrustedInstall (SYSTEM is not enough!), stop and disable the service and afterwards create the registry key. For elevation, I used the seperate tool RunAsTi.

This is what I used:

Stop-Service WinDefend
Set-Service WinDefend -StartupType Disabled
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1
Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" -Value 1

Now, this works so far. However, I still need to automate it that it works completely standalone, e.g. I have to develop the elevation part in PowerShell.