How to Enable or Disable Real-time Protection in Windows 10

Real-time protection in Windows Defender is a safety feature that continuously scans a computer for malware, viruses, and other threats. It is a key part of Microsoft Defender Advanced Threat Protection’s next-gen features, and safeguards company data with modern cyber protection.

On the other hand, real-time protection also causes events that hamper software installations, modify your startup settings, and disrupt third-party antivirus tools. So this guide explores easy ways to enable or disable real-time protection on Windows Defender Antivirus for Windows 10 build 19041 and onwards.

How to temporarily or permanently enable/disable real-time protection for Windows Defender

Here are the ways to toggle real-time protection on a Windows 10 computer.

⚠️Note: You need administrator privileges to enable/disable real-time protection on MDA for all users.

Method 1: Windows Security app

Real-time protection can flag software installations and programs that are frequently used in an employee’s workflow. Here’s how you toggle it on/off using the Windows Security app:

Temporarily disable real-time protection via Windows Security app

⚠️Note: Real-time protection will automatically re-enable itself after a system restart.

1. Press Win + I to go to Settings.
2. Navigate to Update & Security > Windows Security.
3. Click on Virus & threat protection.
4. Under Virus & threat protection settings, select Manage settings.
5. Turn off Real-time protection.
6. Choose Yes when prompted by User Account Control (UAC).
7. Close the Windows Security app.

Turn on real-time protection via Windows Security app

⚠️Note: Toggling real-time protection using either Group Policy Editor or the Registry Editor will override this setting.

1. Press Win + I to go to Settings.
2. Navigate to Update & Security > Windows Security.
3. Under Virus & threat protection, click the Turn on button.

Method 2: Group Policy Editor

If you need real-time protection to stay deactivated on employee workstations, you can use the Group Policy Editor’s (GPE) centralized management features. Here’s how:

⚠️Note: Only available in Windows 10 Pro, Enterprise, or Education.

Permanently disable real-time protection via Group Policy

1. Press Win + R, type gpedit.msc, and hit Enter.
2. Use the left pane to navigate to the following directory:
   • Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Real-time Protection
3. In the right-hand pane, double-click on the Turn off real-time protection policy to modify it.
4. Click on the dot next to Disabled/Not Configured.
5. Click OK.

Enable real-time protection via Group Policy

1. Press Win + R, type gpedit.msc, and hit Enter.
2. Use the left pane to navigate to the following directory:
   • Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Real-time Protection
3. In the right-hand pane, double-click on the Turn off real-time protection policy to modify it.
4. Click on the dot next to Enabled.
5. Click OK.

Method 3: Registry Editor

⚠️Note: This method involves modifying values in your registry. Before proceeding, create a backup.

Permanently disable real-time protection via Registry Editor

1. Press Win + R, type regedit, and hit Enter.
2. Using the Registry Editor’s address bar, navigate to the following key:
   • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
3. In the right-hand pane, double-click on the DisableRealtimeMonitoring to modify its value.
4. In the value field, type 1 to disable real-time protection.
5. Press Apply, then OK.
6. Restart the PC to apply changes.

Permanently enable real-time protection via Registry Editor

1. Press Win + R, type regedit, and hit Enter.
2. Using the Registry Editor’s address bar, navigate to the following key:
   • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
3. In the right-hand pane, double-click on the DisableRealtimeMonitoring to modify its value.
4. Leave the value field blank to enable real-time protection.
5. Press Apply, then OK.
6. Restart the PC to apply changes.

Best practices for toggling real-time protection on/off

Follow these precautions to configure real-time protection on Windows Defender without a hitch.

Note that real-time protection reactivates on restart (Windows Security)

Remember that disabling real-time protection via Windows Security is only temporary and will reset once the user restarts their system. This is practical when you need to keep essential work apps from being flagged by Microsoft Defender Antivirus but don’t want the PC’s security scan permanently turned off.

Be mindful when disabling real-time protection

Automatically scanning for possible threats to your company’s digital infrastructure is vital for safe operations, so turn real-time protection off only when necessary.

Mark trusted apps or folders as safe

Instead of disabling a security feature, you can manually pick and choose which applications are excluded from Microsoft Defender Antivirus’ scans. Here’s how:

1. Press Win + I to go to Settings.
2. Navigate to Update & Security > Windows Security.
3. Click on Virus & threat protection.
4. Under Virus & threat protection settings, select Manage settings.
5. Under Exclusions, click on Add or remove exclusions.
6. Click on Add an exclusion and select the file type of the app you want to exclude (e.g., File, Folder, File Type, Process).
7. Look for the item you want to exclude and mark it as safe.

Install third-party antivirus software

Microsoft Defender Antivirus typically goes inactive once an external antivirus program is put in place. This is done to avoid potential conflicts between threat detectors and optimize system performance. It’s also a good alternative to disabling real-time protection if the usual methods aren’t effective.

Troubleshooting and common issues

Some methods for toggling real-time protection on/off are complex, so you’ll likely run into some road bumps. Here are the most common ones:

Defender reactivates automatically

Employees may submit tickets about Microsoft Defender reactivating after a restart. This feature is by design and typically happens when real-time protection is temporarily disabled. To prevent this, use the Local Group Policy Editor or the Registry Editor to permanently deactivate real-time protection in Microsoft Defender.

Policy settings not taking effect

If policy settings aren’t being enforced, it’s likely due to incorrect configurations or conflicts with existing policies. Check for any previous settings/policies that are overriding your changes. For instance, a third-party antivirus introducing a registry key that disables Defender could contradict policy changes that try to turn it on.

Afterwards, open an elevated Command Prompt and run the gpupdate /force command to force apply your policy changes.

Cannot find Registry path

If you’re not seeing parts of the Registry path to deactivate real-time protection in Windows Defender, it may be due to incorrect navigation or missing keys. Try to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection and manually create the missing keys and DWORD values.

This process involves Registry modifications, so make sure you have admin privileges and a restore point in case you need to retry the process.

Defender real-time protection won’t turn on

Hidden third-party antivirus software settings may be suppressing a workstation’s Microsoft Defender. Additionally, Defender can be susceptible to corruption overtime due to past Windows updates or malware.

To fix this, screen installed third-party virus scanners for potential conflicts with Windows Defender and disable/uninstall them. Afterwards, run a system file check (sfc /scannow) on an elevated Command Prompt to diagnose and fix any corrupted files that could be preventing real-time protection.

Frequently Asked Questions

Q: Will Defender automatically turn back on?

A: Yes, Microsoft Defender will reactivate after a restart if it was temporarily disabled. But if it went inactive after a third-party antivirus was installed, Defender will only turn on again once the other antivirus has been removed from the system.

Q: Can I script Defender disabling?

A: Yes, you can use PowerShell to send commands to your computer and disable Microsoft Defender. To do this, open PowerShell (administrator privileges are required here), type the following command, and hit Enter:

Set-MpPreference -DisableRealtimeMonitoring $true

Don’t forget to turn it back on once you’ve completed your task. Use the following command to re-enable Microsoft Defender:

Set-MpPreference -DisableRealtimeMonitoring $false

Q: Is it safe to leave Defender off permanently?

A: No, it is not safe to have Microsoft Defender disabled permanently, as this would leave company data vulnerable to hackers, viruses, and other cybersecurity threats.

Q: How do I check if Microsoft Defender is running?

A: Open your Settings, search for the Windows Security app, and click Virus & threat protection. The status of Microsoft Defender should be displayed as well as the date for the last threat scan.

Expertly manage real-time protection in Windows Defender

Windows Defender is the first line of defense for Windows computers against ever-evolving threats, and real-time protection acts as a sentry for its cybersecurity fortress. As such, knowing how and when to disable it lets you balance defense and operational flexibility, improving operations in the long run.