How to properly install an Antivirus / Security Suite in Windows 10

Windows 10 ships by default with Windows Defender which according to AV-Comparatives and my own experience is one of the heaviest Antivirus solutions out there. I know that it's free and convenient to use because it comes bundles with Windows out of the box but when there are better Free solutions out there like Bitdefender Free Antivirus or Avast! Free Antivirus, there is no logical reason to use this heavy AV.

The problem is, simply disabling it is not all you need to do before you install a new AV/Security Suite. To ensure 0 conflicts with your new Antivirus that you are about to install, it is strongly advisable to also disable the Windows Defender services from starting up automatically as they will still be running in the background even if you have disabled Windows Defender!


To Disable Windows Defender:

Unless you really want to use a useless anti-virus that is almost as good as nothing (see: AV-TEST ), has annoying definition updates that are delivered through Windows Updates rather than automatically through the app itself like it should, then here is how to disable it.

Firstly, please note that we need to disable its 3 components one by one exiting the settings after each setting change and going back. If you disable all the 3 settings together, Windows may freeze forcing you to do a forced restart or Windows Defender will simply ignore the fact that you just disable it and re-enable itself automatically.

1) Click on the start menu button then click on SETTINGS

2) Click on the Update & Security button

3) Click on Windows Defender from the left pane

4) Disable the components one by one, starting from the bottom (3rd option):



5) Now exit the Update and Security Window and re-enter again then repeat the same steps to disable the 2nd component:



6) Now exit the Update and Security Window and re-enter again then repeat the same steps to disable the 3rd component, after this step, you will notice the Windows Defender app turns the PC Status to RED = ie. Not Protected :





After you do that, do this (you cannot do Step 1-3 though if you have Windows 10 home or single Language as it doesn't have the Group Policy Editor):

1) Press WIN Key + R to launch the Run Dialogue Box then type gpedit.msc
2) Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender > then double click on Turn off Windows Defender and enable that rule then press Apply then OK to exit
3) Reboot your system
4) Download Autoruns
5) Extract it to a folder
6) Right click on Autoruns64.exe then launch it as Administrator
7) in the filter on the top left, type defender, then disable these three entries by unchecking them (should you need to enable Windows Defender in the future, you need to reselect them and reboot before trying to re-enable Windows Defender)



If you happen to see other Windows Defender entries as shown in the screenshot below, uncheck everything related to Windows Defender that includes EPP which is the right click menu shell extension and scheduled tasks:



How to disable the Windows Defender Security Health Service:

While you can easily disable Windows Defender and all its startup entries/tasks in task scheduler, there is one service that is protected if you check in services.msc and won't allow you to change its status to disabled.

Here is how you can disable it:

1) Download NSudo
2) Extract the content of the ZIP file to a location of your choice.
3) Go to the following folder: NSudo\x64
4) Right click on NSudo.exe and choose Run as Administrator
5) Check the box which says Enable All Privileges
6) Click the Browse Button and navigate to C:\Windows\System32
7) type cmd.exe in the file name box at the bottom then click on the Open button
8) your NSudo window should now look like this:



9) Click the Run Button, the command prompt window should now launch
10) Copy/paste the following command in the Command Prompt Window then hit Enter to run it, this will stop the Windows Defender Security Center Service: sc stop SecurityHealthService
11) Copy/paste the following command in the Command Prompt Window then hit Enter to run it, this will disable the Windows Defender Security Center Service: sc config SecurityHealthService start= disabled


12) Done

Spoiler: How to re-enable the Windows Defender Security Center Service

Copy/paste the following commands in NSudo/Command Prompt in this order:

1)

Code:

sc config SecurityHealthService start= auto

2)

Code:

sc start SecurityHealthService

 

Thanks for this. I am not installing anything else in its place, but making sure this digital demon is exorcised and its skull split open (rather than quietly lurking in a dark crevice) is invaluable.

 

Did you mean Win+R for the Run dialog box? Ctrl+R does nothing on my system except refresh the browser.

@Phoenix - is there a reason we shouldn't just go ahead and disable every trace of Defen dirt with Autoruns?

 

I had no problems with Defender in Win10 I just disable all the reporting and leave the Real Time turned on to protect my system and have no problem running my multitude of software.

 

thanks for the correction

 

I don't see those task scheduler things after I've disabled Windows Defender from the app itself then GPEDIT but yet, if you see them, uncheck everything obviously!

I will steal you screenshot if you don't mind

 

You may have noticed it as you hadn't disabled Windows Defender to experience how snappy your machine can be without it.

Heck, for me, a simple thing, I have a software folder which has a lot of portable apps, each folder within that main folder has its own custom icon like for CCleaner, AIDA64, etc. if I have Windows Defender, everytime I open that folder, the icons load in slow motion as if I was running a Pentium II CPU! Disable Windows Defender and even install any other AV and the icons all load instantly! Heck I've even added the entire Software folder I talked about to the exclusions list of Windows Defender.

But at the end of the day, if you are happy with Windows Defender, then by all means use it. This thread is not meant for discussion of Windows Defender whether or not it's light or good, it's for those people like me and Mr. Fox who want nothing to do with Microsoft's Windows Defender. We have enough spying from the OS and I sure as heck don't trust anything from Microsoft to protect my machine.

 

@Mr. Fox

Slightly OT but...

Batch file for..... Disable Task Scheduler Privacy Related tasks-W10

Code:

schtasks /change /tn "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /disable >nul
schtasks /change /tn "Microsoft\Windows\Application Experience\ProgramDataUpdater" /disable >nul
schtasks /change /tn "Microsoft\Windows\Application Experience\StartupAppTask" /disable >nul
schtasks /change /tn "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /disable >nul
schtasks /change /tn "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /disable >nul
schtasks /change /tn "Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /disable >nul
schtasks /change /tn "Microsoft\Windows\Feedback\Siuf\DmClient" /disable >nul
schtasks /change /tn "Microsoft\Windows\Location\Notifications" /disable >nul
schtasks /change /tn "Microsoft\Windows\Location\WindowsActionDialog" /disable >nul
schtasks /change /tn "Microsoft\Windows\Shell\FamilySafetyMonitor" /disable >nul
schtasks /change /tn "Microsoft\Windows\Shell\FamilySafetyRefresh" /disable >nul

 

@Mr. Fox

A new Windows Defender Driver entry appeared after the latest Windows updates called Wdboot, check using Autoruns and disable it:

 

New instructions have been added to the OP on how to disable the Windows Defender Security Center Service!

@Mr. Fox

 

I thought Windows Defender was set to automatically turn off when a new AV was loaded...?

 

Yes it does turn off upon the installation of third party security software.

 

it does, but the services still load in the background, hence why this guide exists

 

Oh'well bruh

Spoiler: Good bye, Windoze Defender!!

 

I get this:


Does this mean it no longer resides somewhere in my SSD?

 

Try SecHealthService instead.

 

Same error.

I disabled Windows Defender in Aerotweaker...could it be that causing this error?

 

is this a standard Windows 10 install or did you use my Windows 10 Bloatware Free Edition? If it's the latter, maybe because I actually removed Defender from it completely.

 

Pre-installed Windows 10...

 

https://partnersupport.microsoft.co...s/5829f484-939c-4365-8545-770ba0efc66d?auth=1

 

I wasn't able to find it in the registry either.

 

ok go to services.msc and tell me, do you have the Windows Defender Security Center Service and if you do, what is the status? disabled? auto? manual? or is it not there to start with? if that's the case, probably you have not updated to the latest Windows 10 Creators Update.

type winver in an elevated command prompt and tell me your Windows Build Number

 

It seems fkedup atm...it says disabled but running...

 

That's not it! You're on the Redstone 1 Update, the new Defender Security Center Service was introduced in the Creators update AKA Redstone 2.




The reason you would want to run NSUDO to disable it is its a protected service, meaning, you cannot change its state or disable it without NSUDO

 

There is nothing in there bruh...

 

I did use NSUDO...

 

Like I said dawg, you're not on the Windows 10 Creators update, so j00 are looking for something that doesn't exist, just ignore it for now. That service was introduced with the Creators Update Build 15063 as part of an improvement to the crappy Windows Defender. so until you update to the latest edition of Windows 10, there's nothing you can do.

Just run Autoruns, and type Defender in the filter box on the top left, then ensure all Windows Defender entries are unchecked.

 

Done bruh...is there more Windows 10 optimization guides out there like this one? Because I want to unlock the full potential of my laptop e.g getting more FPS in-game by disabling unnecessary Windows services.

BTW, I already disabled unnecessary start up programs, telemetry services...so is there more secret optimization out there?

 

you caught me in the right time as I'm in a g00d m00d and I have a few minutes. PM Sent to connect to you

 

BUT you're ALWAYS in the GOOD MOOD bruh! XDDDD

 

@Midas Touch: Do us a favour, don't upgrade to creators update, its broken. Wait for couple of years. I don't think Creators Fall update will be best, but will be good enough to fix RS2 problems. Download WHDownloader and download a big file of 1.1GB to get you updated to latest version w/ security fixes.

 

@Vasudev

Will do bruh! I've never been a fan of Windoze 10...if I can go back to 7 I would.

 

Yes I have your System Pre-requisites Suite that is a must have.

 

Use Scarface's Win 7 slimmed version with ISO size of 2.5GB x64. Now, where did I put it? I'll PM you when I find. Now is the best time to use @Papusan brain power to find where I posted it.
EDIT: @Midas Touch: I found it! Windows 7 installation help for Intel Skylake and Kaby Lake laptops

 

Have you tested the Pre Alpha RS3 ?
Edit. And you are sure they will fix what's broken and not introduce more ****y? Fix some problems, but create new. It's a Service @hmscott

 

Nope, even though I'm a windows Insider they are alpha builds and can bork up perfectly working PCs sometimes. Currently my phone is in Insider's Release Preview, so far no issues after upgrading from RS1.
Even MSFT themselves warned don't install on your primary device instead use secondary pc which is very wise

 

Of course they warned don't install on your primary device You can risk all types ****y pushed right in your face!! Don't trust those MORONS!!

"Compatibility issues like this are likely why Microsoft warns against installing the Creators Update on your own, and instead advises users to wait for Windows Update to offer the upgrade. If Microsoft and Intel fix the issue with Clover Trail processors, the Creators Update should be automatically pushed to your system."

"Clover Trail processors powered the earliest Windows 8 2-in-1 hybrid devices, such as the HP Envy X2 and the Asus VivoTab. If you embraced Microsoft's vision for a versatile future for Windows in the early days, you’re now left stranded if you accepted—or were forced into—the free Windows 10 upgrade for your Windows 8 PC."

 

What is exactly broken in RS2?

 

uhhhh nothing!?!? Been using it since it was released!

 

Mostly UI scaling issues and smaller title bars. After restarting Windows Explorer in Task Manager Windows Defender Tray icon just disappears. A workaround is to run MSASCuiL.exe every time.
Excessive battery usage, Game mode degrades game performance on lower end PCs, Dism WinSxS Cleanup recommendation isn't correct always and lot more....
https://www.digitaltrends.com/computing/windows-creators-update-problems-fixes/

 

NSudo updated to v5.1 (link is in the OP)

 

Have you the command(guide) for reversing aka <enable> Windows Defender Security Health Services back again with Nsudo? Thanks

 

Create a system restore or image the system before hand using MR.

 

To re-enable the Windows Defender Security Center Service, copy/paste the following command in NSudo in this order:

1)

Code:

sc config SecurityHealthService start= auto

2)

Code:

sc start SecurityHealthService

 

bump

 

How can I do the above if when I type WIN KEY + R and try to run gpedit.msc it fails because its not found, because you said obviouisly right before the 3 steps that Home version wouldn't be able to do those steps, and in the other thread you directed me here again, some help please.

 

Just spend a little bit of lunch money and ditch the Windows Home version crap. Then you can have an OS with proper basic functionality. You can get Pro dirt cheap from Kinguin.

https://www.kinguin.net/software-games/

 

You can skip the Group Policy Editor if you follow the guide as well minus the group policy editor check. that's just an extra safety measure. Basically, you disabled Windows Defender from the program itself, then uncheck all the startup entries from Autoruns. What you can do also is when you run O&O ShutUp10, it has an option to disable Windows Defender as well so that's your extra measure for Home Editions but as Mr. Fox said, you can get a Pro key for very cheap. Pro gives you so much more benefits over Home, I wouldn't even consider using Windows 10 if it was gonna be the Home Edition.

Why choose Windows Pro over Home?

So you have access to the Group Policy Editor

As you may be well aware, Windows 10 although boasts great support for new hardware and is required to make the most out of your new hardware especially newer CPUs which are not supported on previous OSes like Windows 7 anymore, it has its quirks and privacy invasion like automatically sending your keystrokes, displaying ads, telemetry, and much more.

While there are many utilities out there such as O&O ShutUp10 that help you eliminate most if not all of the nasty stuff, the Home Edition lacks one very important feature which is the Group Policy Editor. Think of it as flying on an airplane, do you want to be the passenger or the pilot in control? That's exactly what the Group Policy Editor enables you to do, be in control of how your OS behaves.

Examples of things you can disable / enable easily with the Group Policy Editor:

1) Turn off file history completely (this is a useless feature which Microsoft is phasing out in its next build but you can still disable it now)

2) Disable / Prevent your computer from joining a Home Group (Home Group is a crippled way of sharing files that rarely works if ever, one is better off manually selecting the folders that he wants to share and giving them appropriate permissions by right clicking on that folder and navigating to the Sharing tab)

3) Disable Windows DVR (Gameplay Recording Mode). If you have that enabled which is the default state, then Steam warns you that it may hamper your game play/performance so its best to turn it off completely using the Group PolicyEditor). You can do this in the Home Edition but it requires a lot of complex registry edits which are time consuming. There are better tools to record game play such as nVIDIA's Shadow Play or better yet, a program by Mirillis called "Action!"

4) Turn off Microsoft Consumer Services

5) Turn off Microsoft Customer Experience Improvement Program

6) Completely disable Windows Defender and not have it re-enable itself if you are wanting to install your own AntiVirus since Windows Defender bogs down the system's performance by as much as 36% according to the latest AV Comparatives Performance Test: http://chart.av-comparatives.org/chart1.php?chart=chart4&year=2017&month=10&sort=1&zoom=2

7) Disable Windows Driver Updates through Windows Updates

8) Turn off the Windows Explorer Notification about new apps that can handle new extensions. By default, every time you install a new application that can handle an extension, let's say, a new video player or an internet browser, etc. you get an annoying popup telling you that you have installed a new application that can handle these extensions

9) Disable Windows Error Reporting, that never does any good and only eats a lot of space writing the details of background errors. Microsoft has never in its history fixed any of these reported errors so why keep this useless service enabled on your system and creating unnecessary writes to your SSD?

10) Disable unwanted features such as Windows Ink, biometrical features, etc.

11) Disable automatic downloading of map updates (who needs map updates on a laptop? this is not a GPS device /phone)

12) Turn off Work Folders (this is used in corporate environments and not needed for home or power users)

and much more, these are just some of the things you can control with the Group Policy Editor.