Windows Defender Policy keys in the registry. Right-click “Windows Defender” and choose Delete.Start the Registry Editor (regedit.exe) and go to the following branch: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.Once done, restart Windows for the changes to take effect. Unzip and run the enclosed REG file.Īfter running it, you may want to open the Registry Editor to ensure the “Windows Defender” Policies key doesn’t exist. Automate the following registry modifications using defender-policies-remove.reg (zipped). This article is for standalone systems where a virus or malware has completely disabled Windows Defender and locked down the settings. Note: The following procedure doesn’t apply or work if your system is connected to a domain, where central group policies apply. Remove Windows Defender Policies using the Registry Editor After eradicating the malware, remove the registry-based policy settings added by malware. The malware removal procedure is complex and is beyond the scope of this article. You may also try Windows Defender Offline. Malware can add registry entries that disable the real-time monitoring capabilities of Windows Defender, and also hide certain parts of the Windows Defender user interface from users.įirst, make sure you eliminate malware with help from an expert or friend - given the complexity of the malware infestation, professional help may be suggested. Here is how it should look after resetting them. If you had used (or using) anti-spy tools such as O&O ShutUp10, make sure you reset all “Windows Defender and Microsoft SpyNet” settings in O&O ShutUp10. Cause Third-party privacy protection tools This post tells you how to activate Windows Defender real-time protection and other settings by removing the entire Windows Defender registry-based policies previously added by malware, a 3rd party tweaker, or a privacy protection tool.
In that case, you’ll see the message “You’re using other antivirus providers.” instead.
If you’ve installed a 3rd party anti-virus, Windows Defender gets disabled automatically. Windows Defender: “This setting is managed by your administrator.” The controls for real-time protection, cloud-based protection, and Automatic sample submission options may be disabled and locked down or grayed out. Here is how the Windows Defender Settings page might look like.