Apr 162013


Why Windows didn’t enable this feature in the built in GPOs is beyond me. Regardless, I needed a way to disable Windows Defender automatic scans to keep my hundreds of XenApp servers from running a scan at 2am and most likely crushing my storage infrastructure. So, what am I talking about here? How to disable this:

As you can see, the default GPOs do nothing for us.

So, how does this actually work? Well, when you configure this automatic scan, it creates a scheduled task, and writes a file in C:\Windows\System32\Tasks\Microsoft\Windows Defender\

Now, you can just delete the MP Scheduled Scan file, but this doesn’t remove the configuration from Windows Defender, so that won’t work. After a small bit of digging I found these registry keys in HKLM\Software\Microsoft\Windows Defender\Scan

The key in question here is “ScheduleDay” 0 = daily, and 1=Sunday, 2=Monday, etc. 8=off. So. Simple GPP configuration here to set the key to 8.

Do a GPUpdate /force and Viola! It has been removed from Scheduled Tasks, the file is gone, and its configuration removed from the Windows Defender GUI.


  4 Responses to “Disable Windows Defender Automatic Scanning Through GPO”

  1. Why doesn’t the ‘Turn Off Windows Defender’ GPO work in this instance? Wouldn’t enabling that option serve the same purpose?

    • That specific GPO disables all of Windows Defender, including the real-time scan. My method keeps the real-time scan enabled, but disables the scheduled scan.

  2. does this still work for windows 10 or server 2016?

  3. First you need to disable your windows defender after that you can install other antivirus. You can disable it by using registry. A brief explanation given at https://windowsclassroom.com/how-to-disable-windows-defender/ . Go and get it.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>