How to stop Windows Defender in Windows 8.1

Updated: December 21, 2013

Windows Defender is an unnecessary piece of software installed and running by default on recent versions of Windows, 8.1 Beta and production version included, designed to give mediocre people a false sense of security. What most people should be doing is using EMET, another Microsoft security product that is truly stellar. Yup.

Anyhow, in the past, disabling Windows Defender has always been simple. Head into the Services applet and disable the relevant services. For some wicked reason, in Windows 8.1, the needed functionality is grayed out. So how do you go about disabling Windows Defender? Let me show you.

What might not work

There are many methods you could try to purge Defender from your system. Outright uninstall is not possible, because the program is integrated deeply into Windows. Therefore, you can just try to stop the service from running. Step by step.

One option is to open the program itself and stop it from running, under Settings. This will pop an Action Center message about inadequate protection and blah blah. You can naturally minimize the noise as you see fit.

Turn app off

Turned off

And the corresponding Action Center thingie:

Action center

But then, this won't really work all the time, because the program may turn itself back on, especially after an upgrade and alike, because Microsoft folks think they know better than you. In my testing, Windows Defender came back to life a few times after I unticked that checkbox. Moreover, its service could not be stopped, so the fact the application was turned off does not really mean it's not running, it's just sort of not running, and it's a waste of resources.

The proper way of doing is to head into the Services applet, right-click the correct service, enter the Properties window, and try to make the desired change. However, as you can see, for the WinDefend service, there's no way to change the Startup type. It remains configured as Automatic, which means that Windows Defender will start with Windows on each logon. Moreover, the option to stop the service is also grayed out, so the only sort of method of controlling Windows Defender is through its GUI, as shown above, and that does not work as expected.

No service control

Anyhow, the inability to stop the service or change the startup type is the big problem that I have encountered trying to control this service. Then, if you think you're a smart user, you might want to launch the command line prompt as administrator, and use the net commands to get the desired result.

net stop WinDefend

You will get an access denied error most likely.

Command prompt, access denied

Another way is the safe mode, which we have discussed in the past. Open msconfig.exe, then under the Boot tab, mark the Safe boot > Minimal in the Boot options panel. On next reboot, your system will launch in the safe mode, and you can try the steps above. For me, they did not work in Windows 8.1 Beta, and I was unable to stop the Defender service.

Safe mode, msconfig

In the safe mode, you might also want to try to rename the Windows Defender folders, which should prevent it from starting. Unfortunately, I was unable to do rename the folders, because they were in use and whatnot. Even killing the Explorer.exe task and restarting would not help me get the desired results. The service just could not be stopped using these conventional methods, inside Windows. We need to explore another option.

The right way - Linux to the rescue

Renaming the folder is indeed what we want. But we will do it while Windows is completely dormant. To that end, select any bootable Linux live CD and boot your machine into the live session. Navigate to the corresponding device matching your C: drive, and if you have trouble here, do consult this lovely guide.

Anyhow, there should be two folders, depending whether you're using the 32-bit or 64-bit version of Windows. Under C:\Program Files or C:\Program Files (x86), you will find the Windows Defender folders. Just rename them to anything you like. Reboot. This time around, Windows 8.1 will boot without Defender running. Problem solved.

Folder renamed

Service disabled


This is a rather interesting tutorial, because it highlights the innovative ways of handling internal operating systems lockdown mechanisms that prevent you from having the right to choose how to manage your installations. No matter how supposedly rugged the self defense of the would-be security services is, you can easily fix it. Just boot into Linux.

Indeed, today we have learned a whole bunch of things. For example, how to try to start and stop services using GUI as well as the command prompt, how to boot into safe mode, how to disable stubborn programs by renaming their directories, and finally, how to use a Linux live session to make a safe, painless change. Hopefully this article will save some of you a lot of pain. If you feel like you need Windows Defender for some reason, then by all means, keep using it. But if you think it's unnecessary, now you have a foolproof method of disabling it.


You may also like: