On Windows 10 1909 enterprise, I have a process "Antimalware Service executable", within which the service: "Windows defender antivirus service"; which takes 115BM of memory.
However, in group policy, "Windows defender antivirus" I have "Turn off Windows defender antivirus" enabled, which help says:
This policy setting turns off Windows Defender Antivirus.
If you enable this policy setting, Windows Defender Antivirus does not run, and will not scan computers for malware or other potentially
unwanted software.
As well as "Turn off real-time protection" enabled (but this should not change a thing since the sus-mentionned parameter was turned off).
If I remember well the process was not running in 1809 with this policy. How can I in the end disable the process ? Is this a bug ?
Best Answer
The correct action is to disable the
Tamper protectioninWindows security/virus&threat protection settings. Even without the keyHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = 1the group policyTurn off Windows defender antivirustoenabledwill have effect.Registry keys should be used as last option.