Windows Defender re-enables itself by deleting DisableAntiSpyware key on real hardware (but not in VM); any workaround

windows 10windows-defender

From my "testing Windows 10 in VM is almost pointless" saga… the next episode:

On real hardware Windows 10 LTSC 1809 re-enables antivirus on every boot by deleting the DisableAntiSpyware key from registry. This doesn't happen in a VM installation though, where the key stays. Any known workarounds for this (on real hardware)?

Perusing more MS docs

If the Tamper Protection setting is On, you won't be able to turn off the Microsoft Defender Antivirus service by using the DisableAntiSpyware group policy key.

But Tamper Protection doesn't seem to be on on the machine in question! IsTamperProtected : False below (Get-MpComputerStatus output):

AMEngineVersion                 : 1.1.17300.4
AMProductVersion                : 4.18.2007.8
AMServiceEnabled                : True
AMServiceVersion                : 4.18.2007.8
AntispywareEnabled              : True
AntispywareSignatureAge         : 0
AntispywareSignatureLastUpdated : 8/3/2020 10:50:15 PM
AntispywareSignatureVersion     : 1.321.551.0
AntivirusEnabled                : True
AntivirusSignatureAge           : 0
AntivirusSignatureLastUpdated   : 8/3/2020 10:50:15 PM
AntivirusSignatureVersion       : 1.321.551.0
BehaviorMonitorEnabled          : False
ComputerID                      : (delted)
ComputerState                   : 0
FullScanAge                     : 4294967295
FullScanEndTime                 : 
FullScanStartTime               : 
IoavProtectionEnabled           : False
IsTamperProtected               : False
IsVirtualMachine                : False
LastFullScanSource              : 0
LastQuickScanSource             : 2
NISEnabled                      : False
NISEngineVersion                : 0.0.0.0
NISSignatureAge                 : 4294967295
NISSignatureLastUpdated         : 
NISSignatureVersion             : 0.0.0.0
OnAccessProtectionEnabled       : False
QuickScanAge                    : 0
QuickScanEndTime                : 8/4/2020 1:53:50 AM
QuickScanStartTime              : 8/4/2020 1:46:15 AM
RealTimeProtectionEnabled       : False
RealTimeScanDirection           : 0
PSComputerName                  : 

Other than some signature difference in versions since I had tested on the VM, I don't see any difference otherwise…

AMEngineVersion                 : 1.1.17300.4
AMProductVersion                : 4.18.2006.10
AMServiceEnabled                : True
AMServiceVersion                : 4.18.2006.10
AntispywareEnabled              : True
AntispywareSignatureAge         : 0
AntispywareSignatureLastUpdated : 7/31/2020 8:10:06 AM
AntispywareSignatureVersion     : 1.321.262.0
AntivirusEnabled                : True
AntivirusSignatureAge           : 0
AntivirusSignatureLastUpdated   : 7/31/2020 8:10:06 AM
AntivirusSignatureVersion       : 1.321.262.0
BehaviorMonitorEnabled          : True
ComputerID                      : (deleted)
ComputerState                   : 0
FullScanAge                     : 4294967295
FullScanEndTime                 :
FullScanStartTime               :
IoavProtectionEnabled           : True
IsTamperProtected               : False
IsVirtualMachine                : True
LastFullScanSource              : 0
LastQuickScanSource             : 2
NISEnabled                      : True
NISEngineVersion                : 1.1.17300.4
NISSignatureAge                 : 0
NISSignatureLastUpdated         : 7/31/2020 8:10:06 AM
NISSignatureVersion             : 1.321.262.0
OnAccessProtectionEnabled       : True
QuickScanAge                    : 0
QuickScanEndTime                : 7/31/2020 1:53:48 PM
QuickScanStartTime              : 7/31/2020 1:49:59 PM
RealTimeProtectionEnabled       : True
RealTimeScanDirection           : 0
PSComputerName                  :

(That was before disabling the AV on the VM. After you cannot Get-MpPreference at all, it errors.)

So, to repeat the question, how to do I make Defender stick to the DisableAntiSpyware policy and not revert it by itself? The tamper protection doesn't seem to be the answer here.