[FIX] Windows Defender Keeps Re-Enabling on Windows 11

Some Windows 11 users are reporting that Windows Defender keeps re-enabling itself even if they’re actively taking steps to disable it. This weird issue is only reported to occur on the latest OS release from Microsoft (on Windows 11).

We’ve investigated this issue thoroughly and realized that there are actually several different underlying causes that might be at the root of this issue. Here are several culprits that you should be on the lookout for:

Now that we went over every potential cause of this issue, let’s go over a series of verified methods that other users have successfully used to make sure that Windows Defender remains disabled on Windows 11.

1. Disable Tamper protection

Tamper protection is one of Microsoft Defender’s most important features.

The tamper protection function in Windows security effectively safeguards your machine against external infiltration or any cyber threats conducted at your antivirus application.

When Windows Defender detects an attempt to install malware or access data on your computer, it may switch on automatically, even if you have an antivirus product installed.

Most Windows devices running Windows 10 or above have tamper protection enabled by default.

As a result, any attempt to permanently disable or update security settings on Windows 10 devices and above may need disabling tamper protection first.

If you want to go this route, follow the instructions below to disable tamper protection on your Windows Defender:

Important: Keep in mind that purposefully disabling the tamper protection feature means that you will leave your PC exposed to malware threats that would otherwise be avoided. Our recommendation is to only pursue this method if you have a 3rd party AV alternative installed and active on your PC.

1. Press Windows key + R to open up a Run dialog box. 
2. Next, type ‘ms-settings:windowsdefender’ inside the text box, then press Ctrl + Shift + Enter to open up Windows Security with admin access. 

   

3. When you’re prompted by the User Account Control, click Yes to grant admin access. 
4. Once you’re inside the settings menu of Windows Security, click on Virus & threat protection.
5. From the next cluster of menus, click on Virus & threat protection settings.
6. Finally, scroll down through the list of settings and turn the toggle associated with Tamper Protection to Off. 

   

7. After Tamper Protection has been disabled, reboot your PC and see if the Windows Defender remains disabled.

If Windows Defender still re-enables itself without a reason or you want to explore a different way of resolving the issue, move down to the next method below. 

2. Disable Windows Defender via the Group Policy Editor

Perhaps the most effective way of ensuring that Windows Defender remains disabled is to establish a local group policy that will ensure that the built-in security suite remains disabled despite any pressures from Windows Update.

However, keep in mind that you won’t be able to enforce this method on every Windows 11 version.

In order to get this done, you’ll need to use the Local Group Policy Editor (Gpedit) – This is a utility that’s not present by default in the Home and Education versions of Windows 11.

You can, however, install Gpedit manually on Home and Education Windows 11 versions by following a series of steps.

Once you’ve made sure that Gpedit is installed and available on your Windows 11 version, follow the instructions below to establish a custom group policy that will keep Windows Defender disabled at all times:

1. Press Windows key + R to open up a Run dialog box. 
2. Next, type ‘gpedit.msc’ inside the text box, then press Ctrl + Shift + Enter to open up the Local Group Policy Editor with admin access. 

   

3. At the User Account Control, click Yes to grant admin access. 
4. Once you’re finally inside the Local Group Policy Editor, use the menu on the left-hand side to navigate to the following location:

   Computer Configuration/Administrative Templates/Windows Components/Windows Defender Antivirus

5. After you arrive in the correct location, move over to the right-hand pane and look for the Turn off Microsoft  Defender Antivirus policy.

   

6. When you see it, double-click on it to open it.
7. From the Turn off Microsoft Defender Antivirus policy, change the toggle to Enabled and click Apply to save the changes. 

   

8. Once this policy is enabled, Windows Defender should remain disabled at all times.

If the problem is still not fixed or you’re looking for a different way of ensuring that Windows Defender remains disabled, move down to the next method below. 

3. Disable Windows Defender via Registry Editor

If you want to avoid setting up a local policy that will keep Windows Defender at all times or the Local Group Policy Editor is not available on your Windows 11 edition, one alternative way is to use the Registry Editor.

Several affected users have confirmed that they successfully used a modified registry value to ensure that Windows Defender remains disabled despite the pressures from Windows Update.

Note: Our recommendation is to perform a registry backup before following this method. This will allow you to restore your Registry cluster back to a healthy point in situations where you make a mistake during the procedure below. Follow these steps to back up your Registry in advance. 

If you want to disable hard-disable Windows Defender using Registry Editor, follow the instructions below:

1. Press Windows key + R to open up a Run dialog box.
2. Next, type ‘regedit’ inside the text box, then press Ctrl + Shift + Enter to open up the Registry Editor with administrative privileges. 

   

3. At the User Account Control (UAC), click Yes to grant admin access. 
4. Once you’re inside the Registry Editor, use the left-hand menu to navigate to the following location:

   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

   Note: You can either navigate to this location manually or you can paste the location directly into the nav bar at the top and press Enter to get there instantly. 

5. After you arrive at the correct location, right-click on the Windows Defender key, then click on New > Dword (32-bit) Value. 

   

6. Once the new Dword value is created, name it DisableAntiSpyware and press Enter to rename it. 
7. Double-click on the newly created DisableAntiSpyware, set the Base to Hexadecimal, then change the value to 0 before clicking Ok to save the changes. 
8. After you make this change, reboot your PC to enforce this change, then see if Windows Defender remains disabled once the next startup is complete.

If you’re still noticing that Windows Defender enables automatically at random times or you’re looking to solve this problem without using Registry or Gpedit tricks, try the next method below. 

4. Renew the license of your 3rd party antivirus

If you previously installed a third-party antivirus but the license has expired, Windows 11 will detect that your PC is not protected and will turn on the built-in antivirus component (Windows Defender) to avoid a security breach.

In order to prevent Windows Defender from re-enabling itself, you’ll need to renew your 3rd party AV license or install a new 3rd party antivirus package.

Note: This method is only applicable in case you already have a 3rd party antivirus installed, but its license has expired.

If you don’t have an antivirus installed but you are considering this alternative, move down to the next method below. 

5. Install a different 3rd party antivirus

If the default setting is set to “ON,” Windows Defender may turn on automatically when your machine is idle or there is an external malware threat. Installing a third-party antimalware application to replace Windows Defender is one approach to avoid this automatic activity.

Windows Defender, as defined by Microsoft Support, is meant to safeguard your computer from malware and other dangers.

Even if you have turned off real-time protection, Windows Defender will switch on automatically if you do not have an antivirus product installed on your machine.

This can also happen if you uninstall your antivirus application or if your antivirus program expires, in which case your computer will be vulnerable to dangers.

However, after installing third-party software, Microsoft Defender should immediately stop itself.

So if you’re on the market for a 3rd party suite, consult this article for a few viable alternatives. 

6. Disable Windows Updates

The vast majority of security updates installed through Windows Updates will unintentionally re-enable Windows Defender. This activity is necessary, according to Microsoft, in order to update the tamper protection code, which is critical to Windows Defender’s performance.

Disabling automatic Microsoft updates on your Windows 11 machine is one approach to avoid this behavior.

For example, there are updates for Windows 10 and above systems that prevent Windows Defender from shutting off once an antivirus product is installed.

Upgrades linked to tamper prevention are an excellent example of such updates. These upgrades can keep Windows Defender from shutting off if you install another antivirus program.

If you’re looking for specific instructions on disabling Windows Updates, follow the instructions below:

Important: This method is not recommended since it will leave your system exposed to malware threats. Only follow the instructions below as a last resort or if you really know what you’re doing

1. Press Windows key + R to open up a Run dialog box. 
2. Next, type ‘services.msc’ inside the text box, then press Ctrl + Shift + Enter to open up the Services utility. 

   

3. When you’re prompted by the User Account Control, click Yes to grant admin access. 
4. Once you’re inside the Services screen, scroll down through the list of services and locate the Windows Update entry. 
5. Next, right-click on the Windows Update entry and click on Properties. 
6. Inside the Windows Update Properties menu, access the General tab, then change the Startup Type to Disabled before clicking on Apply to save the changes. 

   

7. Save the changes, reboot your PC and wait for the next startup to complete.