Microsoft prevents users from disabling Microsoft Defender via the Registry
Earlier, we mentioned that Microsoft has prevented users from blocking the Microsoft telemetry service. If the Microsoft telemetry domain name is blocked through the HOSTS file, Microsoft will warn.
For example, after the modification of the HOSTS file, Microsoft will use Microsoft Defender to alert if it is found in regular scans. If the user does not handle it, Microsoft will reset the HOSTS file.
It seems that Microsoft is now tightening the permissions of Windows 10 built-in services. For example, Microsoft Defender no longer allows users to disable them.
In the past, users could disable Microsoft Defender anti-virus software through the registry key. The modification method is very simple and can indeed achieve the purpose.
The official instructions given by Microsoft are just that it no longer supports disabling anti-virus software through registry keys. This change will be pushed to all users starting this month.
Microsoft said the anti-virus software helps prevent, delete, and isolate malicious software including spyware, thereby improving the overall security of user devices. Microsoft writes:
“DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we’ve decided to remove this registry key. This change is included with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher KB 4052623. Enterprise E3 and E5 editions will be released at a future date. Note that this setting is protected by tamper protection. Tamper protection is available in all Home and Pro editions of Windows 10 version 1903 and higher and is enabled by default. The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected.”
However, Microsoft did not clearly explain why users are prevented from manually disabling the Microsoft Defender software.
Via: bleepingcomputer