Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

How to disable Real Time Protection

Apr 22, 2017 12:32PM PDT

I turn off the real time protection in Windows Defender but it reappears the next time i restart

Discussion is locked

- Collapse -
Answer
Sounds right.
Apr 22, 2017 12:45PM PDT

Microsoft's choice is to favor protection that corrects itself like that.

This is NOT A BUG.

If you want run without, you can google ideas on how to disable.
But why?

- Collapse -
Answer
I Do It Through Group Policy Editor
Apr 22, 2017 7:04PM PDT

Login to the computer using an account with admin rights.

First, open gpedit.msc from the Search line, then navigate to Computer Configuration- Administrative Templates- Windows Components- Windows Defender Antivirus. Once there, open the "Turn Off Real Time Protection" line and "Enable" it.

Next, click on Start-Settings-Update and Security-Windows Defender tab. Once there, select the button to "Turn Off Real Time Protection" in Windows Defender.

Hope this helps.

Grif

- Collapse -
Thanks, this helps
Apr 22, 2017 8:24PM PDT

But another question. i don't want the antivirus protection to take action without my permission, it happened with antivirus programs. does Windows Defender automatically deletes the threat or does it only warn me?

- Collapse -
If It's Disabled, It Does Nothing....?
Apr 23, 2017 10:08AM PDT

Most antivirus programs have settings options which allow you to "approve" the deletions. Although I don't have a computer using WD here, I believe the "Enhanced Notifications" option allows you to say yes or no to malware deletions. But unforrtunately, Windows Defender is a little sparse on options but most have automatic removal of malware unless there's a setting which will change it. But it must be enabled to perform scans and removals. The Windows Defender settings are described in the link below:

http://www.thewindowsclub.com/windows-defender-settings-windows-10

Hope this helps.

Grif

Post was last edited on April 23, 2017 10:08 AM PDT

- Collapse -
Real time protection doesn't mean
Apr 24, 2017 5:39AM PDT

that it deletes viruses. It means it's blocks an attack as it trys to infect your system. That's that difference between alot of the paid versus free virus software. So you you purchase the professional version is block the attack. If you use the free version the attack doesn't get blocked and it is removed by a scan. I use Norton 360 and I get a message if an attack has been blocked. I also schedule a scan to run at night when I'm asleep.

- Collapse -
Well, Sort Of...
Apr 24, 2017 11:26AM PDT

And it's a lot more complicated than this and maybe I'm splitting hairs here... But...

Antivirus programs scan the system constantly and viruses are generally detected when items are "written to" or "run" on the computer's hard drive. (Recognize also that I'm simply referring to viruses, which you mentioned, not all the other types of trojans and malware.) Although detected immediately upon placement in the system, the file is actually found AFTER it's written to the system, usually as a temporary file, and then the user is notified and the file is deleted, ONLY IF the user choose to delete it by enabling the setting to do so. In some programs, the user is notified and given the option to delete or allow. So I guess you could say it was "blocked" but actually the detection occurs when the file is written to the system first. In addition, many free antivirus programs scan real-time and provide a similar service as the "paid" version. Not all, but some.

As a system admin and designated individual for testing antivirus programs for our agency, I watched as malware tests were run for email type infections, removable drive types of infections, network aware infections, and in each case, the file was detected ON the computer's system before it could be removed.. And sometimes, if the antivirus program's blacklist isn't up to date, then file is written to the system and eventually might be detected after the AV is updated and when the file "runs". The "run" process is then stopped/blocked and the virus is removed

But even that isn't the entire story as most newer antivirus/antimalware programs also detect various exploits from scripts on the net, through the network, etc. as they access the machine and in those cases, I'd say "block" is exactly the correct word.

Hope this helps.

Grif

Post was last edited on April 24, 2017 11:26 AM PDT