Why Windows didn’t enable this feature in the built in GPOs is beyond me. Regardless, I needed a way to disable Windows Defender automatic scans to keep my hundreds of XenApp servers from running a scan at 2am and most likely crushing my storage infrastructure. So, what am I talking about here? How to disable this:
As you can see, the default GPOs do nothing for us.
So, how does this actually work? Well, when you configure this automatic scan, it creates a scheduled task, and writes a file in C:\Windows\System32\Tasks\Microsoft\Windows Defender\
Now, you can just delete the MP Scheduled Scan file, but this doesn’t remove the configuration from Windows Defender, so that won’t work. After a small bit of digging I found these registry keys in HKLM\Software\Microsoft\Windows Defender\Scan
The key in question here is “ScheduleDay” 0 = daily, and 1=Sunday, 2=Monday, etc. 8=off. So. Simple GPP configuration here to set the key to 8.
Do a GPUpdate /force and Viola! It has been removed from Scheduled Tasks, the file is gone, and its configuration removed from the Windows Defender GUI.