Disable Defender for Endpoint

Apply Now

Works with Windows 10 and 11Works with Windows Vista, XP, 7, 8, 10, 11, and Windows Server 2008 or newer.

• Windows onlyThis script improves your privacy on Windows
• Multiple actionsThis page belongs to a category, containing some changes with similar goal.
• Impact: Medium

  System Functionality / Data Loss Risk: Moderate

  This action improves privacy with minimal impact when you run the recommended script.

  This action improves privacy with some impact when you run the recommended script.
• Batch (batchfile)These changes use Windows system commands to update your settings.
• 5 scripts
• No subcategories
• Administrator rights requiredThis script requires privilege access to do the system changes
• Fully reversible

  You can fully restore this action (revert back to the original behavior) using this website.

  The restore/revert methods provided here can help you fix issues.

Overview

This category provides scripts to disable Defender for Endpoint, a security platform that impacts user privacy.

Defender for Endpoint is officially known as Microsoft Defender for Endpoint ^{1 2 3}. It was previously called Microsoft Defender Advanced Threat Protection (ATP) ^{1 4}. It is designed to protect enterprise networks from advanced threats ^{1 3}.

An advanced threat, also known as an Advanced Persistent Threat (APT), is a type of cyber attack that uses continuous, covert, and sophisticated methods to gain and maintain unauthorized access to a system for an extended period ⁵. These attacks usually target high-value entities such as nation states and large corporations ⁵.

Although designed for security, this service raises significant privacy concerns. Microsoft collects and stores device details, including information about files, processes, system configurations, and network connections ².

Some components of Defender for Endpoint are included by default in consumer versions of Windows ⁴, potentially exposing personal user data.

Disabling this service can enhance privacy by limiting data collection and sharing with Microsoft. It may also improve system performance by reducing background processes and resource usage. However, disabling this service may reduce your device's security against advanced threats.

Caution

Disabling this service may reduce your device's security. Consider alternative protection methods and practice enhanced security awareness.

1. Security Trade-off

   This action prioritizes privacy over certain security features. It's not recommended and should only be used by advanced users after understanding its implications.

   Increased Privacy

   Enhanced privacy through reduced data collection and tracking

   Decreased Security

   Some security features will be disabled or limited

   This script can be reversed, this action allows you to can restore the system security.

2. Use with Caution

   This script is only recommended if you understand its implications.

   Some non-critical or features may no longer function correctly after running this script.

   This script can be fully reversed to restore changes if something goes wrong.

Sources

PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

• Microsoft delivers unified SIEM and XDR to modernize security operations. Microsoft Security Blog. www.microsoft.com. (2024).
  Original: https://www.microsoft.com/en-us/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations
  Archived: https://web.archive.org/web/20240716092018/https://www.microsoft.com/en-us/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/
• Microsoft Defender for Endpoint data storage and privacy - Microsoft Defender for Endpoint. Microsoft Learn. learn.microsoft.com. (2024).
  Original: https://learn.microsoft.com/en-us/defender-endpoint/data-storage-privacy
  Archived: https://web.archive.org/web/20240821073232/https://learn.microsoft.com/en-us/defender-endpoint/data-storage-privacy
• Microsoft Defender for Endpoint - Microsoft Defender for Endpoint. Microsoft Learn. learn.microsoft.com. (2024).
  Original: https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint
  Archived: https://web.archive.org/web/20240821073223/https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint
• Windows Defender Advanced Threat Protection Service - Windows 11 Service - batcmd.com. batcmd.com. (2024).
  Original: https://batcmd.com/windows/11/services/sense
  Archived: https://web.archive.org/web/20240609160137/https://batcmd.com/windows/11/services/sense/
• What Is an Advanced Persistent Threat (APT)?. www.kaspersky.com. (2024).
  Original: https://www.kaspersky.com/resource-center/definitions/advanced-persistent-threats
  Archived: https://web.archive.org/web/20240821074532/https://www.kaspersky.com/resource-center/definitions/advanced-persistent-threats

Apply Now

Choose one of two ways to apply:

Download script

Download and run the script directly

• No app needed
• Offline usage
• Easy-to-apply
• Free
• Open-source

High

High — Advanced Privacy

• For advanced privacy-conscious users
• May affect some features

Read more about High and other protection levels

Apply protection

Undo protection

Maximum

Maximum — Strongest Possible Privacy (Military-Grade)

• Military-grade privacy protection
• Major system impact
• Consider having system restore point.

Read more about Maximum and other protection levels

Apply protection

Undo protection

Help

How to apply or restore "Disable Defender for Endpoint" using script

• ≈ 2 min to complete
• Tools: Web Browser
• Difficulty: Simple
• ≈ 6 instructions

1. 1

   Choose protection

   Choose one of the options with different impact levels:

   • High

     Some potentially impactful changes with moderate system impact.
   • Maximum

     Some impactful changes with high system impact.
2. 2

   Download

   Download the script file by clicking on the   Apply protection  button above.
   Use   Undo protection button above to restore changes.
3. 3

   Keep the file

   If warned by your browser, keep the file.
4. 4

   Open

   Open the downloaded file.
5. 5

   Exit

   Once it's done, press any key to exit the window.
6. 6

   Restart

   Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks

• Recommended for most users
• Includes safety checks
• Shows the code
• Free
• Open-source
• Popular
• Offline/Online usage

Open privacy.sexy

Help

How to apply or restore "Disable Defender for Endpoint" using privacy.sexy

• ≈ 3 min to complete
• Tools: privacy.sexy
• Difficulty: Simple
• ≈ 4 instructions

privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.

1. 1

   Open or download

   Open or download the desktop application
2. 2

   Choose script

   1. Search for the category name: Disable Defender for Endpoint
   2. Check the category by clicking on the checkbox of the category.

   Applying High to limit the impact.

3. 3

   Run

   Click on ▶️ Run button at the bottom of the page.

   This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Explore This Guide

• 5 Privacy settings

Choose what to protect based on your needs:

Click any option to learn more about what it does.

Each change can be applied and reversed individually.

Some settings and commands may require technical knowledge to apply correctly.

Disable "Windows Defender Advanced Threat Protection Service" service

https://web.archive.org/web/20240314091443/https://batcmd.com/windows/10/services/sense/ Overview of default service statuses - •OS Version: Windows 10 (≥ 22H2) → Status: 🔴 Stopped → Start type: Manual • OS Version: Windows 11 (≥ 23H2) → Status: 🔴 Stopped → Start type: Manual

Disable Microsoft Data Loss Prevention (DLP) service

This script disables the Microsoft Data Loss Prevention (DLP) service. The service is known by several names: Microsoft Data Loss Prevention Service • Microsoft Endpoint DLP service • Microsoft Purview Data Loss Prevention Service This service is a component of both Defender Antivirus and Defender for Endpoint. It is also included in the larger Microsoft Purview offering. This service provides DLP (Data Loss Prevention) functionality. It helps prevent unauthorized sharing of sensitiv...

Disable Defender for Endpoint remote configuration

This script disables remote configuration for Microsoft Defender for Endpoint, enhancing privacy and local control over your device's security settings. Microsoft Defender for Endpoint is a security suite designed to protect devices from cyber threats. Some components are included by default on Windows without requiring user opt-in. Remote configuration allows administrators to manage and update settings across multiple devices. This feature is typically used in work or school environments where...

Disable Defender Antivirus DLP command-line utility

This script disables the "MpDlpCmd.exe" process. The executable "MpDlpCmd.exe" is the Microsoft Endpoint DLP command-line utility. The process is part of Defender Antivirus and Defender for Endpoint. It offers Data Loss Prevention (DLP) features. DLP is designed to prevent unauthorized sharing or leakage of sensitive data. The utility: Monitors and controls data sharing within an organization • Blocks file operations and requires users to justify their actions based on security polic...

Disable Defender Antivirus Endpoint Data Loss Prevention (DLP) module

This script disables "EndpointDlp.dll", the endpoint data loss prevention (DLP) library. This library is part of Defender Antivirus, and belongs to its service component. Microsoft refers to this library as Microsoft Endpoint Data Leak Prevention Library. It aims to prevent sensitive data from leaving an organization's network. It provides functions for process on Windows to monitor and control the flow of data. It allows applications to notify the operating system before and after handl...

Similar Guides

Wider Goal

Guides below includes this guide to achieve a wider goal.

See other more general settings that includes this one as one of its actions.

These plans combine multiple privacy settings, including this one, for stronger protection.

Disable Defender

This category offers scripts to disable Windows security components related to Defender. Defender is also referred to as Microsoft Defender or Windows Defender. Al...

Visit category page

Privacy over security

Steps to privacy over security on your Windows machine to enhance data privacy protection. Together with that, this feature walks through the procedure to undo the...

Visit category page

Same Goal

Other guides in Disable Defender 

See settings that are in the same category as this guide.

Using other actions in the same category may help you achieve your goal better.

See all 8 guides

Disable Defender data collection

Disable system modification restrictions

Disable Defender Antivirus

Disable Defender Firewall

Disable SmartScreen

Disable Windows Security interface

Disable Defender Exploit Guard

Disable outdated Defender Application Guard

---

About the Creators

These people have authored this documentation and written its scripts:

• 

  undergroundwires

  • Certified security professional
  • 7+ years experience securing banks
  • Open-source developer since 2005
  • EU advisor, Public Speaker, Moderator
• Open-Source Contributors

  • Hundreds across the globe
  • Testers, reviewers, developers
  • Companies, military agencies
  • Community since 2017

About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

• Expert review by undergroundwires

  • Verified technical accuracy and editorial standards
  • Assessed system impact and user privacy risks

• Public review by large community

  • Privacy enthusiasts and professionals peer-reviewed
  • Millions of end-users tested across different environments

History

We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process