The option was available in Windows since the arrival of Vista and was based on the group policy ” Disable Windows Defender “: when the policy was activated, the system created an entry in the registry called “DisableAntiSpyware” with value ” 1 ” at “HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows Defender “. Once activated, this key deactivated Microsoft Defender Antivirus, as well as third-party antivirus software and applications.
As reported by BleepingComputer , Microsoft has stated that the value of DisableAntiSpyware will now be ignored and will no longer be used to disable antivirus software.
“ DisableAntiSpyware is intended for use by OEMs and IT professionals to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is an inherited setting that is no longer needed as Microsoft Defender’s antivirus automatically turns off when it detects another antivirus program. This setting is not intended for consumer devices, and we have decided to remove this registry key.
This change is included in Microsoft Defender Antimalware platform version 4.18.2007.8 and later KB 4052623. Enterprise E3 and E5 editions will be released at a future date. Note that this setting is protected by tamper protection.
Tamper Protection is available in all Home and Pro editions of Windows 10 version 1903 and later and is enabled by default. The impact of DisableAntiSpyware removal is limited to pre-1903 versions of Windows 10 that use Microsoft Defender Antivirus. This change has no impact on third-party antivirus connections to the Windows Security application. These will still work as expected ”.
In case the third-party antivirus solution is uninstalled from the user’s PC, Windows Defender will be reactivated automatically , Microsoft pointed out. In this way, a continuity solution for the safety of users is ensured, leaving no time window available to malware for possible targeted attacks.