<# # It is recommended to test the script on a local machine for its purpose and effects. # ManageEngine Endpoint Central will not be responsible for any # damage/loss to the data/setup based on the behavior of the script. # Description: Script is designed to Disable real-time protection at Microsoft Defender # Configuration Type - COMPUTER # Disable real-time protection in Group Policy "https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus?view=o365-worldwide#disable-real-time-protection-in-group-policy" # Windows related article: https://www.elevenforum.com/t/enable-or-disable-real-time-protection-for-microsoft-defender-antivirus-in-windows-11.3989/ # Note: If the registry changed but not effective, advise the customer to reach out windows support #> # Define the registry path and value $regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" $regName = "DisableRealtimeMonitoring" $regValue = 1 # Check if the registry path exists, create it if it doesn't if (-not (Test-Path $regPath)) { New-Item -Path $regPath -Force } # Set the registry value Set-ItemProperty -Path $regPath -Name $regName -Value $regValue -Type DWord Write-Host "Real-time protection was disabled successfully"