Forum Discussion

siyuan_yin's avatar
siyuan_yin
Copper Contributor
Aug 29, 2025

how to disable Defender on Windows Server with tamper protection enabled

As a third-party security vendor, when our users enabled tampering protection on Windows Server 2022, we were unable to disable Defender through group policy as before, which resulted in conflicts between third-party anti malware and Defender. Of course, Defender for Endpoint is not onboarded in the system because users do not want to pay for two sets of antivirus software.

So in this situation, can only users manually turn off tampering protection? But this is clearly unfriendly for large-scale systems.

In addition, installing third-party antivirus software on Windows Server systems that have onboarded Defender for Endpoint seems to have no way to put Defender into passive mode if tampering protection is enabled.

We urgently hope that someone can provide some suggestions on this issue!

2 Replies

Sort By
  • siyuan_yin's avatar
    siyuan_yin
    Copper Contributor
    Aug 29, 2025

    Hi cyb3rmik3,

    Thank you for your reply!

     

    I can understand the MDE documentation and the method you described, that is, the prerequisite for disabling defender is to manually disable tampering protection first. However, as described in my question, it is unacceptable and unreliable for enterprises to manually disable tampering protection for at least thousands of operating systems.

     

    So I want to know if there is a way similar to Windows 11 where you can turn off Defender by registering a third-party anti malware product with WSC, even if tampering protection is already enabled.

     

    By the way, we have joined Microsoft's MVI organization and consulted with them, but there is no reliable method.

  • cyb3rmik3's avatar
    cyb3rmik3
    MVP
    Aug 29, 2025

    Hello siyuan_yin​,

    I think MDE documentation is super clear with the issue you are facing. It seems you need to disable tamper protection temporarily and then make sure you edit the following registry key as described and then switch tamper protection back on.

    Microsoft Defender Antivirus passive mode registry key

     

     

     

     

     

     

    And yes, what you are facing is depicted here:

    Microsoft Defender Antivirus tamper protection in passive mode conflict

     

     

     

     

     

     

     

     

     

    If I have answered your question, please mark your post as Solved

    If you like my response, please consider giving it a like

     

Resources