The "Turn off real-time protection" Group Policy setting, located under Computer Configuration\Administrative Templates\Windows Components\Windows Defender should do what you want.
In my system, however, the Antimalware Service Executable keeps spawning (and instantly closes) every 10 seconds or so when this policy is enabled. Very annoying, but still nothing compared to the more general system slow-down caused by scanning every file on your drive over and over again.
Keep an eye out for this related question of mine: How to disable signature-based detection without turning off other protections in Windows Defender. Something of interest might come out.
[Update] Using the above method will result in a log file growing constantly, located in C:\ProgramData\Microsoft\Windows Defender\Support
, called MPLog-<datetime>.log
.
There's a way to prevent this from happening. Just set the following policies to Disabled, instead of the one I first mentioned i.e. leave that untouched:
- Monitor file and program activity on your computer
- Scan all downloaded files and attachments
- Turn on behavior monitoring
- Turn on network protection against exploits of known vulnerabilities *
- Turn on raw volume write notifications *
- Turn on Information Protection Control *
I'd advise against disabling the last 3 items (marked with an *), however. Their impact on performance is also minimum.
These policy settings can be found in the same location as the first one: Computer Configuration\Administrative Templates\Windows Components\Windows Defender
.
Note: Some versions of Windows use the term "Endpoint Protection" instead of "Windows Defender".
If your edition of Windows does not come with the Group Policy Editor, setting some registry entries will do the trick. They are all located under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Real-Time Protection
(create this key if it does not exist). Create the following DWORD (32-bit) entries and set them to 1:
- DisableOnAccessProtection
- DisableIOAVProtection
- DisableBehaviorMonitoring
- DisableIntrusionPreventionSystem *
- DisableRawWriteNotification *
- DisableInformationProtectionControl *
Again I recommend against disabling the last 3 items. Leave them as 0, or better yet, do not create entries for them.
A system restart is required after making these changes.
Just for completeness, the Registry entry for the "Turn off real-time protection" policy is called DisableRealtimeMonitoring
.
[Update 2] An addendum: Malwarebytes Anti-Exploit (MBAE) is generally incompatible with the Microsoft Enhanced Mitigation Experience Toolkit (EMET). It even says so when installing it on an EMET-protected system. To see for yourself, download mbae-test.exe from here, add it to the list of EMET-protected apps, and try loading it with MBAE enabled.
(However, if you only use EMET to enforce system-wide rules - i.e. DEP and SEHOP - that's fine. It's only when launching an application protected by both solutions that you should expect trouble.)
Best Answer
1. Opening the Windows Defender GUI
I won't bother repeating all the other answers here about how to access Defender's interface, but will just add that since the main executable is
%ProgramFiles%\Windows Defender\MSASCui.exe
, you can create shortcuts to the same for easy access (with keyboard shortcuts as well), pin it to the Start screen or Taskbar etc.2. Tray (Notification Area) icon
Defender-related messages are now displayed by the Action Center tray icon:
If malware is detected, toast notifications similar to the following are displayed:
For a dedicated tray icon, you can try and see whether the Monitor Tool for Windows Defender, created for Windows 7's Defender, works with the Windows 8 version as well:
3. Automation
As already mentioned above, the Defender GUI can be accessed via
%ProgramFiles%\Windows Defender\MSASCui.exe
. The command-line version of the same can be accessed via%ProgramFiles%\Windows Defender\MpCmdRun.exe
.Command-line options for
MSASCui.exe
include:Command-line options for
MpCmdRun.exe
include:-Scan [-ScanType value [-File filename]]
So where can these be used? You could, for example, add the options you prefer to the Windows Explorer context menu:
Detailed registry editing instructions as well as ready-to-use add/remove .REG files can be found here, here and here. As always with anything to do with the registry, be careful and use at your own risk.
You can also cook up custom batch files to run on-demand updates, scans etc. For example, save the following as
Scan.bat
:Now go to
%Appdata%\Microsoft\Windows\SendTo
orshell:SendTo
and create a shortcut to the aforementioned batch file. This will enable you to simply right-click files in Windows Explorer and use the Send to menu to scan them.Yet another nifty thing you can do is use Task Scheduler to add hourly/daily/weekly etc. scheduled tasks for updates, scans and the like. Defender of course gets updated whenever Windows Update does its thing, but if you're paranoid you can add a separate task for hourly updates.
A basic scheduled task for a full system scan should look like the following (note the arguments):
Important: After creating a scheduled scan task, open its
Properties
dialog and on theGeneral
tab, make sure theRun with highest privileges
check box is checked. This will allow Defender to run with elevated rights and ensure maximum malware removal efficacy.You might also want to select the
Run task as soon as possible after a scheduled start is missed
option on theSettings
tab. This will ensure the least possible delay in scanning after logging in, in case the system is turned off or you are not signed in at the scheduled time.Hope these help improve the experience a bit! I'll add to the list if I think of/come across anything new. Shame they couldn't simply have added the complete MSE UI though to Defender, since that's what it has replaced in Windows 8. Maybe in a future update...