Disable/Remove Windows Defender Firewall

[NotHereToPlayGames]

I actually use NTLite (but the free version).

My media goes through three iterations to get my slimmed-down 10 to work to my liking.  WinReducerEX100 free -> NTLite free -> WinReducerEX100 free.

Since XP remains my true workhorse, not sure if I'll pay for a tool to improve upon my slimmed-down 10.  Guess it will depend on just how much more I'll "need" 10 over XP in the coming years.

[tekkaman]

Ok here's something you can try. You want to delete the firewall service and Defender service right?  The service in charge for firewall is called MPSSVC.dll.  It's located in system32 folder. The service of Defender is called  MsMpEng.exe and is located in C:\Program Files\Windows Defender. Since the services are running you can't fully delete the service from Windows. Here's what you can do for a full delete. Boot any Linux distro . Delete the files mentioned. Linux doesn't care about file protections from other OS and will delete the files. Next download Autoruns, run as administrator and Delete those services from the list of services. If it doesn't let you delete them because of permissions Click Jump to entry and delete the folder associated with the service. That is a more or less cleanup way to delete a Service.

You can do a partial Cleanup. With just Autoruns you can delete the service from the list of services by using the jump to entry option. This will keep the files but technically if the service is NOT listed it will not run even if the files are still there.

Keep in mind that Windows updates might restore deleted services. I can't say for sure because I don't update.

 

I forgot to say that when using Autoruns you have to Uncheck Hide Microsoft and Windows Entries in the options menu.

 

Edited August 25, 2023 by tekkaman

[NotHereToPlayGames]

38 minutes ago, tekkaman said:

I can't say for sure because I don't update.

Neither do !.

I've used Autoruns in the past, forgot all about it, thanks.

[NotHereToPlayGames]

Autoruns doesn't list it in the Services tab.  

[D.Draker]

12 hours ago, NotHereToPlayGames said:

I actually use NTLite (but the free version).

Yes, the limitations there are not pleasant, I remember! But what about trial versions? Maybe they have some promotions? You only need to make one ISO.

[NotHereToPlayGames]

I'd have to review my history.

But if memory serves, the only reason my three-iteration process includes NTLite is because WinReducerEX100 doesn't remove MS Print to PDF and XPS Document Writer (something I never use and if I did I would resort to third-party, not bundled with OS).

I print PDFs via doPDF, I don't want the feature "bundled" into my OS.

[NotHereToPlayGames]

I do have a "default" install of Win10 22H2.  It's a VM and an unregistered Windows installation.  Unmodified, default install.  The only thing it gets used for is various software "dark mode" visual inspection.

I am not a "dark mode" fan, but I am still curious at times and "dark mode" software just seems to 'coordinate itself' with Win10 better than any other OS - I say that based on only VM quick in-and-out "dark mode" testing.

 

That 22H2 "default install" has become a very good comparison.

I run the 22H2 VM with 4 GB RAM and things get sluggish even with 4 cores allocated.

My tweaked 21H2 LTSB 2016 is quick and snappy with only 2 GB RAM and only 1 core allocated (it's also the version I use on real hardware, but it all starts in a VM until I get it to where I am happy with it).

Processes / Threads / Handles side-by-side basically tells it all, Windows only, no background apps -

Edited August 25, 2023 by NotHereToPlayGames

[tekkaman]

On 8/25/2023 at 1:49 PM, NotHereToPlayGames said:

Autoruns doesn't list it in the Services tab.  

Autoruns list everything. I've used it so many times. You have to run as administrator make sure these are unchecked:

If it doesn't let you remove them directly from the app you have to right click the entry and select Jump to Entry. It will take you to registry and you can delete the whole folder. That will make the service disappear from the list. If it's not on the list it won't run.

After that do a restart and it should be gone.

Edit:

I forgot to say that the services are listed differently in Autoruns. What you see is the name of the dll or executable. Not the name as it is presented when you use services.msc command.

Edited August 28, 2023 by tekkaman

[jaclaz]

One can use Nirsoft's Serviwin to see which file corresponds to which service, though that won't work for svchost.exe "hosted" services.

jaclaz

[tekkaman]

1 hour ago, jaclaz said:

One can use Nirsoft's Serviwin to see which file corresponds to which service, though that won't work for svchost.exe "hosted" services.

jaclaz

The service in charge for firewall is called MPSSVC.dll.  It's located in system32 folder. The service of Defender is called  MsMpEng.exe and is located in C:\Program Files\Windows Defender. Both appear in Autoruns with those names.

[NotHereToPlayGames]

I was able to disable Defender and Base Filtering Engine via @tekkaman's suggested app to disable Window Updates.

https://www.sordum.org/9470/windows-update-blocker-v1-8/

Edit the .ini file and add Defender and BFE to the list of services to disable.

Though also in returning to this thread, I did forget to try Autoruns in Admin Mode (I generally never have to because my user account *IS* an "admin" account with full admin privileges).

[Dixel]

4 hours ago, NotHereToPlayGames said:

disable Defender

Enjoy.

https://www.windowscentral.com/how-permanently-disable-windows-defender-windows-10

[tekkaman]

14 hours ago, NotHereToPlayGames said:

I was able to disable Defender and Base Filtering Engine via @tekkaman's suggested app to disable Window Updates.

https://www.sordum.org/9470/windows-update-blocker-v1-8/

Edit the .ini file and add Defender and BFE to the list of services to disable.

Though also in returning to this thread, I did forget to try Autoruns in Admin Mode (I generally never have to because my user account *IS* an "admin" account with full admin privileges).

 

Now I wanted to clear something about Autoruns since I use it often to deal with MS services . When you're going to Disable, delete or do whatever with MS services you have to run do a right click and run as Administrator. Even if you're using an administrator account. Why is that I don't know. But it has been that way since the first time I tried the tool years ago back in 2015 when Windows 10 nightmare began. I think that when you click run as Administrator what it does is run the tool in the secret Administrator account that Windows has since XP days. Even if you do that there are still some services that you can't delete directly from Autoruns. Then you click Jump to entry and it will take you to the registry with admin privileges. There you can delete the whole folder of the service. Then when you reboot, the service is gone from the list of services.

Windows Update Blocker what is does, is give you a choice of easily turning the services on and off again if you want. I'm interested to know if the services you disabled stay disabled after updating windows.

Now talking about Windows Defender. You said it flags files you need. But I never had any problem turning off realtime protection of Windows Defender directly in  its own window. Even before installing another antivirus. I don't know why you couldn't turn off realtime protection before.

Edited September 8, 2023 by tekkaman

[NotHereToPlayGames]

1 hour ago, tekkaman said:

When you're going to Disable, delete or do whatever with MS services you have to run do a right click and run as Administrator. Even if you're using an administrator account.

Ah, thanks.  Will try that over the next couple of days or so.

 

1 hour ago, tekkaman said:

I'm interested to know if the services you disabled stay disabled after updating windows.

I do not update windows.  Never have!

 

1 hour ago, tekkaman said:

I don't know why you couldn't turn off realtime protection before.

Because it turns itself back on after a reboot.

[tekkaman]

23 minutes ago, NotHereToPlayGames said:

Ah, thanks.  Will try that over the next couple of days or so.

 

I do not update windows.  Never have!

 

Because it turns itself back on after a reboot.

That's weird because on Windows 10 home and 11 home when I turn it off it stays off. Maybe it's different on corporate versions.