1. Home
  2. Windows

How to fix Windows Defender is deactivated by Group Policy

Windows Defender is a stock Windows 10 feature and it is active out of the box. This ensures that when a user boots to a brand new system or Windows 10 installation, they have basic protection. Over time, Windows Defender will update its virus definitions and they will continue to update regularly so that your system remains protected as long as you use the anti-virus.

Windows Defender is deactivated by Group Policy

Fix Windows Defender is deactivated by Group Policy

Microsoft does not force users to use Windows Defender. They’re free to install a third-party anti-virus tool and use it instead. Organizations that provide their employees with systems can likewise install enterprise security tools to keep their systems safe. 

When a third-party anti-virus is installed, Windows Defender is automatically disabled. It makes no sense to have two different anti-virus apps running. If you’re trying to enable Windows Defender and you see the message that it’s deactivated by Group Policy, try the fixes below.

1. Remove third-party anti-virus tools

As stated, you cannot run two anti-virus apps at the same time on Windows 10. Some third-party anti-virus apps may run alongside others but Windows Defender does not. 

If you’ve installed a third-party anti-virus app, uninstall it. Disabling it may not be enough to enable Windows Defender. Additionally, make sure you remove all tools that the anti-virus installed.

Once removed, enable Windows Defender.

2. Edit the Windows’ registry

There are many ways to disable Windows Defender and one of them is to change a value in the Windows Registry. This setting cannot be undone from the Windows Defender app. If you see the Windows Defender is deactivated by Group Policy message, you should check the registry and enable Windows Defender from it.

  1. Tap the Win+R keyboard shortcut to open the run box.
  2. In the run box, enter regedit and tap the Enter key.
  3. Go to this key;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
  1. Delete the DisableAntiSpyware value. 
  2. Restart the system and enable Windows Defender.

3. Edit the Windows’ group policy

The Windows Defender is deactivated by Group Policy essentially points towards the group policy. The group policy is available only for Windows Pro users. Windows Home users will have to make changes via the registry (see previous solution).

  1. Tap the Win+R keyboard shortcut to open the run box.
  2. In the run box, enter gpedit.msc and tap the Enter key.
  3. Go to: Local Computer Policy\Administrative Templates\Windows Components\Microsoft Defender Antivirus 
  4. In the pane on the right, look for the Turn off Windows Defender Antivirus. policy and double-click it.
  5. In the window that opens, select the Disable option.
  6. Click Ok and then restart the system.
  7. Enable Windows Defender.

4. Turn on Windows Defender from Command Prompt

If the Windows Registry and the Group Policy editor methods do not work, you can enable Windows Defender from Command Prompt. You will need admin rights for this.

  1. Open Command Prompt with admin rights.
  2. Run this command: REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware.
  3. Restart the system.

5. Turn on Windows Defender from PowerShell

If you prefer to use PowerShell over Command Prompt, follow the steps below to enable Windows Defender with a PowerShell command.

  1. Open PowerShell with admin rights.
  2. Run this command: Set-MpPreference -DisableRealtimeMonitoring 0.
  3. Restart the system.

6. Check Microsoft Defender service

In order to work, Windows Defender relies on certain system services to run. If they aren’t running, the anti-virus won’t work and you may see the Windows Defender is deactivated by Group Policy message. 

  1. Tap the Win+R keyboard shortcut to open the run box.
  2. In the run box, enter services.msc and tap the Enter key.
  3. Look for the Microsoft Defender Antivirus service and double-click it.
  4. From the Startup type dropdown, select Automatic.
  5. Click the Start button.
  6. Restart the system.

Conclusion

Windows Defender is definitely recommended by Microsoft and you will find that Windows 10 doesn’t make it difficult to enable the tool. That said, certain admin-level settings may make it more difficult to turn the app on. The above solutions should take care of the problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.