(no title)

In my first attempt I've actually deleted the directories altogether but later wanted to scan a system manually and I couldn't repair the installation and get WD to run again.

My Windows kung-fu is rusty these days so the Linux method seemed neater.

With Linux you have to be able to access the Windows files for this, and for years now Linux has been able to read & write to the NTFS filesystem decently.

In the Linux example this "disables" the entire Windows Defender folder and everything in it.

In addition to that however, contained in the WinSxS folder you can find some stragglers.

I'll add the belt & suspenders non-Linux equivalent for an up-to-date W11 pro system:

Boot to the Windows startup USB device, you will not select "Install Now" because that is not what is wanted at all. Instead click "Repair" my computer and progress to troubleshooting and the command prompt. This way the terminal CMD window is from a version of "MININT" running straight from a ramdisk in memory, identified as volume X:.

If you need a scratch pad type in "notepad" and it will pop up. Now you have access to your filesystem in "DOS" with a mouse if you need it.

For this disablement, keyboard can be enough in the CMD window, without having to paste lines from a more complex script opened as a text file in notepad. For manual typing though you'd have to type in each of the Rename commands one character at at time with perfection. So you'd probably like the pasting from prefabricated text files more likely.

All your regular Windows folders & files will still be on your main drive, and it will almost always still be identified as C:. Those files are just sitting there dormant and you are like the Trusted Installer, looking down from your perch on X:\.

You may already be just as powerful as Linux now.

Now this just disables the antivirus executable, not the entire folder (the firewall can be controlled from the GUI, but it's not the processor-hog the antivirus is). This is not for PC's in contact with the internet ! :

Rename "c:\program files\windows defender\msmpeng.exe" "c:\program files\windows defender\msmpeng.OFF"

Rename "c:\windows\winsxs\amd64_userexperience-desktop_31bf3856ad364e35_10.0.22xxx.xxxx_none_xxxx....xx\msmpeng.exe" "c:\windows\winsxs\amd64_userexperience-desktop_31bf3856ad364e35_10.0.22xxx.xxxx_none_xxxx....xx\msmpeng.OFF"

This second disablement can be the variable one, you need to look in the WinSxS folder in advance while Windows was still running in order to check the "x" values above for your particular build before you would know your particular exact complete WinSxS sub-foldernames. The publickeytoken of 31bf3856ad364e35 may also be subject to change in the future.

Or you can even browse for the target folder in Notepad and rename the file right there using notepad without even typing any commands into the CLI. Even though it would do no good to "open" the executable in notepad, start going through the motions as if you were going to open the EXE file, and you can at least change the name through notepad's limited open/save GUI interface.

If using the correct foldernames, type or paste those two commands into the terminal (one at a time, this is not powershell) and the target executables will be instantly renamed.

When you reboot to your regular Windows, it will not be able to find the msmpeng.exe file when it wants to run it after that. So no Windows antivirus running.

But it hasn't gone away, you can always rename it back to an EXE when you do need it later on.

Based on those two Rename commands you could also reverse the "manual" renaming procedure and effectively toggle the activity of msmpeng.exe, each time using two specific "lines of code" based on the above examples. I guess you could call them very simple scripts.

From what I understand gamers do things like this when PC's are not going on the internet.