Enable/Disable Windows Defender, Tested on Windows 11 22H2 !!

1-tamper-protection.bat

@echo off
title Open Tamper Protection Settings

echo Opening Tamper Protection settings...
echo.
echo Steps to disable:
echo 1. Toggle OFF "Tamper Protection"
echo 2. Close the window
echo.

REM Open directly to Virus & threat protection settings (where Tamper Protection is)
start windowsdefender://threatsettings/

pause

2-disable.bat

@echo off
title Disable Windows Defender Completely
NET SESSION >nul 2>&1
IF %ERRORLEVEL% NEQ 0 (echo Run as Admin! && pause && exit /b 1)

echo Disabling Windows Defender...

REM === CRITICAL: This fully disables Defender ===
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d 0 /f

REM === Disable Real-Time Protection ===
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f

REM === Stop services permanently ===
sc config WinDefend start= disabled
sc config WdNisSvc start= disabled
sc config WdFilter start= disabled
sc config WdNisDrv start= disabled
sc stop WinDefend
sc stop WdNisSvc

REM === Kill processes ===
taskkill /f /im MsMpEng.exe 2>nul
taskkill /f /im NisSrv.exe 2>nul
taskkill /f /im SecurityHealthService.exe 2>nul

REM === Apply via PowerShell ===
PowerShell -Command "Set-MpPreference -DisableRealtimeMonitoring $true -Force" 2>nul

echo.
echo REBOOT NOW for changes to take effect!
echo.
PowerShell -Command "Get-MpComputerStatus | Select RealTimeProtectionEnabled, AntivirusEnabled"
pause

3-cleanup.bat

@echo off
title Complete Windows Defender Restore
NET SESSION >nul 2>&1
IF %ERRORLEVEL% NEQ 0 (echo Run as Admin! && pause && exit /b 1)

echo Restoring Windows Defender to default state...

REM === Remove ALL Group Policy keys we added ===
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /f 2>nul
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /f 2>nul
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /f 2>nul

REM === Remove direct registry modifications ===
reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /f 2>nul
reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /f 2>nul
reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /f 2>nul

REM === Remove notification disables ===
reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /f 2>nul

REM === Re-enable all protections via PowerShell ===
echo Re-enabling all protections...

PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableRealtimeMonitoring $false" 2>nul
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableBehaviorMonitoring $false" 2>nul
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableIOAVProtection $false" 2>nul
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableScriptScanning $false" 2>nul
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableBlockAtFirstSeen $false" 2>nul
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableIntrusionPreventionSystem $false" 2>nul
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -DisableArchiveScanning $false" 2>nul

REM === Re-enable Cloud Protection (MAPSReporting) ===
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -MAPSReporting 2" 2>nul

REM === Re-enable Automatic Sample Submission ===
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -SubmitSamplesConsent 1" 2>nul

REM === Re-enable PUA Protection ===
PowerShell -ExecutionPolicy Bypass -Command "Set-MpPreference -PUAProtection 1" 2>nul

REM === Re-enable services ===
sc config WinDefend start=auto 2>nul
sc config WdNisSvc start=auto 2>nul
sc config SecurityHealthService start=auto 2>nul

sc start WinDefend 2>nul
sc start WdNisSvc 2>nul
sc start SecurityHealthService 2>nul

REM === Update Group Policy ===
gpupdate /force >nul 2>&1

echo.
echo ===== FINAL STATUS =====
PowerShell -Command "Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled, AntivirusEnabled, AntispywareEnabled, BehaviorMonitorEnabled, IoavProtectionEnabled, OnAccessProtectionEnabled, IsTamperProtected, @{Name='CloudProtection';Expression={$_.MAPSReporting}}, @{Name='SampleSubmission';Expression={$_.SubmitSamplesConsent}}"

echo.
echo All registry modifications removed and protections restored!
echo.
echo Cloud-Delivered Protection: Should show 2 (Advanced)
echo Automatic Sample Submission: Should show 1 (Send safe samples)
echo.
echo REBOOT if anything shows False/0
pause

readme_win.md

Windows Defender Manager

Enable/Disable Windows Defender, Tested on Windows 11 22H2 !!

Steps :

1. Disable "Tamper Protection manualy" : Run as adin (1-tamper-protection.bat)
2. Disable Realtime and other protections : Run as admin (2-disable.bat)
3. Enable once what you have to do is done : Run as admin (3-cleanup.bat)

Enjoy :)