Serious Discussion Microsoft Defender can be disabled

tidyloop

Level 1
Thread author
Oct 14, 2023
17
Hi everyone,

I started looking into antivirus options on another forum, just one that came up in Google. It seemed quite a general opinion there that Microsoft Defender is not a suitable option because 'it can easily be disabled'. I'd like to ask how true/accurate that is and whether it is safer to have something else for protection? I won't ask about specific products yet as I'm just trying to check first if the built in option is worthwhile

I should point out I did first snoop on the security configurations forum here. I looked at just the Advanced Security Plus and the most recent 20 or so posts. I did see one using Microsoft Defender but the other 19 all used something else.

Thanks for your help
 

struppigel

Moderator
Verified
Staff Member
Well-known
Apr 9, 2020
661
It is not my experience that it can be easily disabled. That is from setting up a VM for malware analysis, where you actually never want to see Defender again. But what happens:
  • you disable defender, some components are back after reboot
  • or it is not disabled because described method does not work anymore
  • you finally find a tool that works, but defender comes back with new updates
  • or defender remover tools that worked in the past do not work anymore
I had to resort to using an old version of Windows 10 and disabling Windows updates (which also is not straightforward), so that Defender never comes back for the malware lab.

Whether it is good idea for protection to use Defender, is a different question imo. I think it is a decent product, but keep in mind it is also the most widely used one. So if I was a malware developer and wanted to get the most bang for my bug, I would primarily concentrate on evading Defender.
 

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,358
Hello and welcome :) I am a security software tester on this forum.

Microsoft Defender is a very effective protection. It is integrated into Windows and works very well. Unfortunately, it can consume resources during system scans. You can even enhance it using ConfigureDefender or DefenderUI :)

To disable Microsoft Defender, it's possible using tools like DefenderControl, but I advise against it. Microsoft has put so much effort into its antivirus that it doesn't really allow third-party tools to disable it. It's not really for "forcing" it, but there used to be malware that could disable it that way! If you install another security solution, Microsoft Defender will be automatically deactivated.
 

tidyloop

Level 1
Thread author
Oct 14, 2023
17
Whether it is good idea for protection to use Defender, is a different question imo. I think it is a decent product, but keep in mind it is also the most widely used one. So if I was a malware developer and wanted to get the most bang for my bug, I would primarily concentrate on evading Defender.
Thanks for your reply. I think what I more wanted to ask was whether it is a good idea for protection to use Defender. It makes sense that malware developers would focus on trying to evade the most common options
 

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,286
Defender is more than capable for a large majority of people who use it combined with safe computing practises.
I recommend enhancing it with Configure Defender or DefenderUI.
I also recommend using a secondary program as no program is 100% effective 100% of the time. These include CyberLock, OSArmour, Malwarebytes, Hard Configurator and Simple Windows Hardening.
Using Defender with Configure Defender, Simple Windows Hardening and Firewall Hardening is more than enough protection.
 

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113
Easily disabled? Well show them this Harden Windows Security module and then ask them to "easily" disable it.
Also use that repo to get accurate knowledge about Defender and Windows Security. There are lots of misinformation out there and google indexes them all.

I was like you before, under the same impression, but had to finally put a stop on it all and create something that I can trust without misleading or fooling myself or others I care about.

The fact is, Microsoft Defender is better than any other free or paid security product. period

Also it's not just Defender that is in charge of security in Windows. Many layers (Such as Device Guard settings, Attack Surface Reduction rules, a modern hardware that supports security features such as kCFG etc.) are working towards that goal and you need to configure all of them properly if you want an almost bullet proof workstation (nothing is 100% bulletproof of course). Hardware + Software working together, that's the idea.

Using Virtual Machines for malware tests you gotta be careful, it's way too easy to lose focus and arrive at the wrong results because it's not the physical hardware and many features aren't available in a VM.

And by the way, Anything can be disabled with Administrator rights, that's a totally expected phenomenon.
 
Last edited:
F

ForgottenSeer 97327

Whether it is good idea for protection to use Defender, is a different question imo. I think it is a decent product, but keep in mind it is also the most widely used one. So if I was a malware developer and wanted to get the most bang for my bug, I would primarily concentrate on evading Defender.
Which is true, but the golden laws of intrusion also recommend to create bypasses which have the highest predictability of succes, meaning 99% of the intrusions assume a default operating environment (with at best only one check whether the targeted vulnerability exists to become active)

So your argument of a large user base being an attractive target population is valid for 99% of the average users. I dare to claim that it is not valid for 99% of the Microsoft Defender users on Malware Tips, simply because they run Microsoft Defender with UIDefender, Configure Defender + SWH or Hard_Configurator. This by itself creates so much deviation from the standard operating situation, that 99% of the "Whoooo Microsoft Defender is bypassed again" news would not be able to bypass such a non-standard operating environment.

_____
P.S. you probably noticed that I followed a workshop to write content for organic search (in above text the keywords 99%, Microsoft Defender and operating environment were stuffed using natural language sentences :))
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,226
No one can prove that one particular AV is better than all others.
Furthermore, the AVs can be better for some people for different reasons.
It is true that Defender + proper system/software hardening can provide decent protection. But, such security is not for everyone.
At home, it does not really matter which AV is used because the differences in the protection are very small. Probably, a bigger impact on security is when one forgets to drink a cup of coffee before opening the web browser. :)
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,166
No one can prove that one particular AV is better than all others.
One can certainly demonstrate that one particular AV is inferior to others. . An easy example is Malwarebytes, which pretty much ignores malware not in exe form. As for Defender, the issue is not so much it being disabled, but instead the definitions on which it relies from time to time leave something to be desired.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,226
One can certainly demonstrate that one particular AV is inferior to others. .

That is true. However, the demonstration cannot prove that one particular AV is generally inferior to others. Furthermore, one can probably demonstrate that any of the popular AVs is inferior to another one (when specific threats are used).
The term inferior can have different meanings to different people. If the differences between AVs (in protection rate) are small, then other factors can be more important.

An easy example is Malwarebytes, which pretty much ignores malware not in exe form.

As I understand, you made several tests that convinced you about that weakness. But, it would be hardly possible to convince others via the demonstration.
On MalwareTips, the readers can be convinced not by the demonstration, but rather by your authority.:)
 
Last edited:

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,544
It seemed quite a general opinion there that Microsoft Defender is not a suitable option because 'it can easily be disabled'.
To address this question, it was true before MS introduced the tamper protection, but not anymore, now Defender can not be easily disabled, even if you want to, not even by 3rd party AV.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,226
Latest test i have seen on YT was this one, avira , panda and MS defender had poor results

Hi, :)

I would not name it the (protection) test, but rather the demonstration. As a demonstration, it can say nothing interesting about the overall protection of AVs.
It is impossible to test the AV in 5 minutes, so the results are kinda illusionary.
From professional tests, we know that Kaspersky has the best chance of winning in such a demonstration.
On the basis of this demonstration, we cannot say that the protection is good or bad because of many important shortcomings, for example:
  1. The author does not show how many malware samples infected the system. So, the results can follow from some random factors.
  2. We do not know how representative were the samples. For example, the malware that bypassed Avira in the demonstration could never attack the Avira customers, but infect in the wild the customers of Bitdefender (so Bitdefender could detect it in the demonstration).
  3. The author did not do any convincing inspection of the system, except to see if the files in some folders were encrypted (this can show only the ransomware infection). So, we do not know if other AVs (Kaspersky, Avast, Bitdefender) were bypassed or not by non-ransomware samples. We cannot also exclude the events when one of these AVs could be bypassed by malware stopped by Avira, Panda, or Defender.
 
Last edited:
F

ForgottenSeer 103564

In a forum full of security enthusiasts you will surely find your fair share of opinions on the matter. Defender is built into your operating system and compatibility wise will be your best choice.

Something im not seeing mentioned in this thread though, is not relying on your antivirus to begin with. Learning by researching how to keep yourself safe is the best method. Your antivirus finding something on your system means just that, its already there, doing damage. Social engineering is the most common threat now days, and learning to circumvent this, is to your advantage. Learn what to click and when , and what not to mess with. No prince in Nigeria is going to email you and share money with you. Random links in your messages do not magically appear, and you should probably not click those. Learn to find and download applications from legit sources.Those injected ads in your social media accounts are never a good idea to click. If you need to shop, do not follow ads, go to legit store links. Speaking of links, look at the address in the search bar before proceeding, is it legit. There are tons of sites on the internet that can teach you how to spot issues. You can even learn that here in the forum looking around.

My advice though, do not spend all your time concentrating on the AV, learn to protect yourself with better choices.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,166
In a forum full of security enthusiasts you will surely find your fair share of opinions on the matter. Defender is built into your operating system and compatibility wise will be your best choice.

Something im not seeing mentioned in this thread though, is not relying on your antivirus to begin with. Learning by researching how to keep yourself safe is the best method. Your antivirus finding something on your system means just that, its already there, doing damage. Social engineering is the most common threat now days, and learning to circumvent this, is to your advantage. Learn what to click and when , and what not to mess with. No prince in Nigeria is going to email you and share money with you. Random links in your messages do not magically appear, and you should probably not click those. Learn to find and download applications from legit sources.Those injected ads in your social media accounts are never a good idea to click. If you need to shop, do not follow ads, go to legit store links. Speaking of links, look at the address in the search bar before proceeding, is it legit. There are tons of sites on the internet that can teach you how to spot issues. You can even learn that here in the forum looking around.

My advice though, do not spend all your time concentrating on the AV, learn to protect yourself with better choices.
Although a very wise post (especially on not relying on the AV), it isn't very satisfying. The typical advice "you shouldn't have clicked on that" and "you'll never run in to that malware" should never be considered the Bedrock of computer security.

Forums such as this as well as the goal of all AM companies should be keeping safe those that WILL click on that thing or WILL run in to that malware type. In short all should strive to protect those who are either unable or unaware of how to protect themselves. Sadly there s so much drivel being pushed out on the Net by those that should know better leading the typical user to rely on things that are inadequate while dismissing things that are of great value.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top