Forum Discussion
Turning Off Tamper Protection on Workstations
How do I turn off Tamper Protection on a domain-joined Windows 11 workstation? The problem is a workstation has Windows Defender in Passive Mode instead of being in Not Running mode after installing a 3rd party antivirus. Windows Defender is making running network applications from the servers much slower because it's still real-time scanning. I also suspect Tamper Protection is also preventing network drive exclusions from working on this workstation and on the ones that use Windows Defender without a 3rd party antivirus.
I've tried adding every registry entry, Group Policy, and PowerShell command on the local workstation I could find to disable Windows Defender, but nothing works. I'm assuming this is due to Tamper Protection ignoring everything? This is an on-premises domain and doesn't use Microsoft Intune or Microsoft Endpoint Configuration Manager.
1 Reply
Hi David Owens,
This is expected on Windows 11. Tamper Protection prevents registry, GPO, and PowerShell changes, so the usual methods to disable Defender won’t work. It can only be turned off manually in Windows Security or centrally via Microsoft Defender for Endpoint.
With a 3rd-party AV, Defender goes into Passive Mode, not fully disabled - some scanning (network, AMSI, behavior monitoring) still runs, which can affect performance. Also, client-side UNC/network path exclusions aren’t reliable; Microsoft best practice is to set exclusions on the file servers.
