How to disable Real Time Protection

I turn off the real time protection in Windows Defender but it reappears the next time i restart

Discussion is locked
Reply to: How to disable Real Time Protection
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How to disable Real Time Protection
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Sounds right.

Microsoft's choice is to favor protection that corrects itself like that.

This is NOT A BUG.

If you want run without, you can google ideas on how to disable.
But why?

- Collapse -
I Do It Through Group Policy Editor

Login to the computer using an account with admin rights.

First, open gpedit.msc from the Search line, then navigate to Computer Configuration- Administrative Templates- Windows Components- Windows Defender Antivirus. Once there, open the "Turn Off Real Time Protection" line and "Enable" it.

Next, click on Start-Settings-Update and Security-Windows Defender tab. Once there, select the button to "Turn Off Real Time Protection" in Windows Defender.

Hope this helps.


- Collapse -
Thanks, this helps

But another question. i don't want the antivirus protection to take action without my permission, it happened with antivirus programs. does Windows Defender automatically deletes the threat or does it only warn me?

- Collapse -
If It's Disabled, It Does Nothing....?

Most antivirus programs have settings options which allow you to "approve" the deletions. Although I don't have a computer using WD here, I believe the "Enhanced Notifications" option allows you to say yes or no to malware deletions. But unforrtunately, Windows Defender is a little sparse on options but most have automatic removal of malware unless there's a setting which will change it. But it must be enabled to perform scans and removals. The Windows Defender settings are described in the link below:

Hope this helps.


Post was last edited on April 23, 2017 10:08 AM PDT

- Collapse -
Real time protection doesn't mean

that it deletes viruses. It means it's blocks an attack as it trys to infect your system. That's that difference between alot of the paid versus free virus software. So you you purchase the professional version is block the attack. If you use the free version the attack doesn't get blocked and it is removed by a scan. I use Norton 360 and I get a message if an attack has been blocked. I also schedule a scan to run at night when I'm asleep.

- Collapse -
Well, Sort Of...

And it's a lot more complicated than this and maybe I'm splitting hairs here... But...

Antivirus programs scan the system constantly and viruses are generally detected when items are "written to" or "run" on the computer's hard drive. (Recognize also that I'm simply referring to viruses, which you mentioned, not all the other types of trojans and malware.) Although detected immediately upon placement in the system, the file is actually found AFTER it's written to the system, usually as a temporary file, and then the user is notified and the file is deleted, ONLY IF the user choose to delete it by enabling the setting to do so. In some programs, the user is notified and given the option to delete or allow. So I guess you could say it was "blocked" but actually the detection occurs when the file is written to the system first. In addition, many free antivirus programs scan real-time and provide a similar service as the "paid" version. Not all, but some.

As a system admin and designated individual for testing antivirus programs for our agency, I watched as malware tests were run for email type infections, removable drive types of infections, network aware infections, and in each case, the file was detected ON the computer's system before it could be removed.. And sometimes, if the antivirus program's blacklist isn't up to date, then file is written to the system and eventually might be detected after the AV is updated and when the file "runs". The "run" process is then stopped/blocked and the virus is removed

But even that isn't the entire story as most newer antivirus/antimalware programs also detect various exploits from scripts on the net, through the network, etc. as they access the machine and in those cases, I'd say "block" is exactly the correct word.

Hope this helps.


Post was last edited on April 24, 2017 11:26 AM PDT

CNET Forums