A powerful batch utility to fully disable or enable Windows Defender on Windows 10/11. Goes beyond the simple UI toggle by disabling Defender at every level — services, registry policies, scheduled tasks, and cloud protection.
- Complete 5-layer disable/enable:
- PowerShell
Set-MpPreferencecommands - Group Policy registry overrides
- Service startup type modification (
WinDefend+SecurityHealthService) - Cloud protection & notification suppression
- Scheduled task management
- PowerShell
- Tamper Protection guide — Walks you through disabling Tamper Protection (required before changes)
- Detailed status report — Shows Defender status, registry values, and service states with color-coded output
- Smart Tamper Protection check — Blocks disable action if Tamper Protection is still active
- Reboot prompt — Option to immediately reboot after changes
- Auto-elevation — Automatically requests Administrator privileges via UAC
╔══════════════════════════════════════════════════════╗
║ WINDOWS DEFENDER TOGGLE v3 ║
╠══════════════════════════════════════════════════════╣
║ ║
║ [1] FULLY DISABLE DEFENDER (Requires reboot) ║
║ [2] FULLY ENABLE DEFENDER (Requires reboot) ║
║ [3] Disable Tamper Protection (Settings page) ║
║ [4] Status Report ║
║ [5] Exit ║
║ ║
╚══════════════════════════════════════════════════════╝
Real-Time Protection : OFF
Tamper Protection : OFF
Antivirus Service : OFF
- Download
DefenderToggle.bat - Double-click to run (will auto-request admin rights)
- First time disabling:
- Press 3 → Disable Tamper Protection manually in the opened settings page
- Press 1 → Fully disable Defender
- Press Y to reboot when prompted
- Re-enabling:
- Press 2 → Fully enable Defender
- Press Y to reboot when prompted
Important: Tamper Protection must be disabled before Defender can be toggled off. The script will block you and redirect to step 3 if Tamper Protection is still active.
| Step | Action | Purpose |
|---|---|---|
| 1 | Set-MpPreference -DisableRealtimeMonitoring $true |
Disable real-time scanning via PowerShell |
| 2 | Group Policy registry keys | Enforce disable via policy (survives updates) |
| 3 | WinDefend service → Disabled |
Prevent the core service from starting |
| 4 | SpynetReporting = 0, HideSystray = 1 |
Disable cloud submissions and tray icon |
| 5 | schtasks /Disable |
Prevent scheduled scans and maintenance |
All steps are reversed: PowerShell re-enables → policy keys removed → service set to Automatic → cloud restored → tasks enabled.
Displays a comprehensive color-coded report including:
- Real-time protection, tamper protection, antivirus, anti-spyware, behavior monitoring, IOAV status
- Registry policy overrides
- Service startup types and running states
- Tamper Protection cannot be disabled programmatically — it must be toggled off manually in Windows Security settings. The script opens the correct page for you.
- A system reboot is required after toggling for all changes to take full effect.
- Disabling Defender leaves your system unprotected. Only disable when you have a specific need and re-enable afterward.
- Windows 10 / 11
- Administrator privileges (auto-requested)
- Tamper Protection must be off before disabling Defender
This tool modifies Windows system services, registry policies, and scheduled tasks. Use at your own risk. All changes are fully reversible using option 2.