Originally Posted by ku4eto
I can't turn off Windows Defender after the update. I have set through GP on both user and computer settings to disable Defender, but when i go to services, i still can't disable them. 2 of 3 are greyed out, 3rd gives Access is Denied. This is on Enterprise...
It has been that way forever—at least since the November Update. But Windows Defender is easily disabled. I'm not sure what policies you're setting, but the following registry patch fully disables Windows Defender for me on both TH2 and RS1:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-time Protection]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
With just those policies set, the Windows Defender services will no longer autostart. If for some reason you wish to actually set them to Disabled, you will have to reboot, and then manually change their StartType
values to 4 in the registry (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend and WdNisSvc). If you don't reboot first, the Windows Defender's rootkit will subvert any attempts to reconfigure its services.
To undo, simply delete the registry values written by the above patch, and restore the service start values to 3 (if you changed them).