Microsoft introduced a built-in pre-installed Antivirus called Windows Defender since Windows Vista and 7. In the beginning days, Windows Defender worked as Adware and Spyware detection. By passing the time it becomes more advanced and joined the Microsoft Security Essential application since Windows 8.0 onward to provide a higher detection rate within malware detection and better protection.
Why we should disable
So far everything seems to be good, until you find your daily tasks as Penetration Tester and Digital Forensics Investigation. Running several hacking tools on your host machine such as Nexpose, Exploit Pack, Nessus, Acunetix and any other Windows based tools. I rather to use such as scanners on the host machine to take advantage more CPU and RAM resources rather than on VMs.
The problem raises up when you find out that, Windows Defender detects the scanners payloads and exploits during the Windows Defender scanning process as well as while my hacking tools are running and it deletes them one by one. I tried several times to turn it off from but still Windows Defender is working behind the scene and you can find it out on running services and process and detecting my exploits and deleting them. This is not pleasant at all when it deletes the files without asking me. Hey AV, make some respect to the user.
How to Disable the Windows Defender in Windows 10:
First of all, if you are running Windows 10 Home Edition, you cannot make significant changes in Windows Group Policy. Else, you need to upgrade from Home version to Enterprise or Professional version.
In case you use a different Machine for Penetration Testing (as I do), feel free to disable all the security mechanism, such as Firewall, IDS, AVs…etc. The best way is to disable the Windows Defender from Group Policy. So far it works good for me with our any detection and deleting problem. You can open the group policy using the Run. Type gpedit.msc and press Enter.
Then explore Computer Configuration Administrator Templates Windows Components Windows Defender and then select the Turn Off Windows Defender.
Set it on Enable mode, and press OK. You can do the same configuration using the Registry Editor (regedit). I think this is simpler. Now you are good to go.