Windows Speedup: Disabling Defender’s Real Time Protection

pictureThe Windows Defender application that installs with Windows 10 is an estimable security application, with a rigorously-maintained database of threats. That it costs nothing to use has a lot to be said for it as well. Like most security software, however, it likes to wander into the insanely-paranoid section of the theater from time to time.

Left to its own devices, Windows Defender will avail your computer of a laudable degree of protection from malware and other intrusions by cybercretins. It can also substantially reduce the usefulness of the system it’s running on.

One of the more questionable features of Windows Defender is its real time protection. Real time protection scans every file that arrives on your computer – in real time, as its name implies – to defend you against invading e-mail attachments, venomous downloads and malicious web browser plugins, among many other things.

Real time protection sounds like a redoubtable bulwark against the Internet’s numerous bottom-feeders, script kiddies and brain donors… but it comes with a catch. All that scanning requires a lot of system resources. Unless you sprang for a really fast computer with enough memory to fully occupy a modest suburban livingroom, having Defender’s real-time protection running will slow your system down… probably quite a lot.

Many users of Windows 10 never appreciate how much quicker their computers could run, as real-time protection is enabled by default. It’s also a bit tricky to disable.

Earlier releases of Windows 10 allowed real time protection to be disabled through the Windows Settings panel, but during the summer of 2020 this feature mutated. It would thereafter only allow real-time protection to be switched off for a few minutes, after which it turned itself back on.

With real time protection running, larger applications such as Graphic Workshop Professional, most web browsers, productivity software and just about anything else that needs the attention of your system’s processor will prove to be annoyingly slow.

There are unquestionably circumstances in which the additional body armor of Windows Defender’s real time protection is warranted, for example:

  • If you share a computer with other users or family members that you don’t trust to be careful with its security.
  • If you’re somewhat absent-minded, and periodically click on e-mail attachments without thinking about what they might contain.
  • If you download software or other executable content from insecure web sites.

In the event that your system is genuinely at risk, you should arguably stop reading now and leave real time protection enabled.

Alternately, if you are the sole user of your computer, have a functional brain and don’t download stuff from sites with a lot of spelling errors and graphics you wouldn’t want the rest of your family to know about, you could shut down real time protection and enjoy a substantial performance improvement for Windows 10.

…if only Windows would quit turning it back on.

The Secret Incantation

Note: The following discussion involves making changes to the system settings and security applications for your computer. While the likelihood of all this going sideways and negatively impacting Windows… and your ability to use it… is remote, the possibility exists. We strongly recommend that you create a restore point and back up your hard drive before you proceed. We will be unable to assist you if any of this doesn’t work. By reading beyond this paragraph you agree that Alchemy Mindworks accepts no responsibility for any loss, damage or expense caused by your use of this page and the information therein, however it occurs. You accept these terms and you indemnify and hold blameless Alchemy Mindworks and all its stockholders, employees and suppliers from any and all monetary costs including attorney’s fees and court costs arising out of your use of this page and any information provided by it.

You can disable Windows Defender’s real time protection functionality without affecting any of the other functions of Defender… but the procedure for doing so is less than obvious.

The following requires access to the Windows Group Policy editor, which is only installed in Windows 10 Professional. If you’re using Windows 10 Home, you’ll need to Google for assistance in installing gpedit.msc or sneak around the problem using the Windows Regedit application, to be discussed in a moment.

To permanently shut down real time protection:

  1. Open the Settings panel from the Windows Start menu.
  2. Select Update and Security from Settings.
  3. Select Windows Security.
  4. Select Virus and Threat Protection.
  5. Under Virus And Threat Protection Settings, select Manage Settings.
  6. Scroll down until you locate the Tamper Protection option and turn it off. This will allow the rest of this procedure to work correctly.
  7. Close Settings.
  8. pictureOpen the Windows Start menu and select Run. Enter gpedit.msc in the Run field and click on Ok. The Local Group Policy Editor will open.
  9. Select Computer Configuration.
  10. Select Administrative Templates.
  11. Select Windows Components.
  12. Select Microsoft Defender Antivirus.
  13. Select Real Time Protection.
  14. Enable Turn Off Real Time Protection.

You might want to repeat the first seven steps, above, to return to the Virus and Threat Protection Settings panel. Real time protection should be off, with a note in red text that says “this setting is managed by your administrator.” In this example, your administrator is you.

Reboot your computer and check that real time protection remains history.

In the event that you subsequently change your mind about disabling real time protection, you can reverse the foregoing to disable the Turn Off Real Time Protection option in the Local Group Policy Editor window, and re-enable real time protection.

Using Regedit

The Group Policy Editor discussed earlier in this posting updates the Windows system registry – at least, it does in this case. If you don’t have access to Group Policy Editor – probably because you’re running Windows 10 Home, which doesn’t include it – you can make these registry changes by hand using Windows Regedit.

Before you get started, we recommend that you re-read the warning at the beginning of the previous section. Used carefully, Regedit is a powerful tool to adjust Windows’ innumerable parameters and settings. Used incautiously, it has the capacity to leave your computer a smoldering ruin. A restore point and a hard drive backup are seriously recommended.

To permanently shut down real time protection using Regedit:

  1. Open the Settings panel from the Windows Start menu.
  2. Select Update and Security from Settings.
  3. Select Windows Security.
  4. Select Virus and Threat Protection.
  5. Under Virus And Threat Protection Settings, select Manage Settings.
  6. Scroll down until you locate the Tamper Protection option and turn it off. This will allow the rest of this procedure to work correctly.
  7. Close Settings.
  8. pictureOpen the Windows Start menu and select Run. Enter regedit.exe in the Run field and click on Ok. The Registry Editor will open.
  9. Select HKEY_LOCAL_MACHINE.
  10. Under HKEY_LOCAL_MACHINE select \SOFTWARE\Policies\Microsoft\Windows Defender\.
  11. Unless it already exists, you’ll need to add a new key under Windows Defender called Real-Time Protection. Right-click on Windows Defender and select new from the menu that appears. Select Key. A new key will be created under Windows Defender. Right-click on it and rename it to Real-Time Protection. Check that you’ve named it correctly – spelling counts.
  12. Select Real-Time Protection, right-click in the right-most pane of Regedit and select New. Create a new DWORD value. Right-click on your new value and rename it to DisableRealtimeMonitoring. Right-click on DisableRealtimeMonitoring and modify its value to be 1.
  13. Exit Regedit.

You might want to repeat the first seven steps, above, to return to the Virus and Threat Protection Settings panel. Real time protection should be off, with a note in red text that says “this setting is managed by your administrator.” In this example, your administrator is you.

Reboot your computer and check that real time protection remains history.

In the event that you subsequently change your mind about disabling real time protection, you can reverse the foregoing remove the new value and key you’ve created, and re-enable real time protection.

One Comment

  1. jen allen:

    thanks for that info – thanks for treating windows users as intelligent humans capable of controlling their own system.

Leave a comment

Please note: Support issues can't be addressed here. If you have questions
or if you you need assistance with our software, please visit our support page.

Comments which reference other web pages, or which constitute attempts at
advertising, will be automaticaly flagged as spam and will never see daylight.

Entering a comment at this page will cause one or more cookies to be set in
your web browser.